| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy/WTR /CCC /verschwundene DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.05.2011, 12:12
| #1 |
 |  TR/Kazy/WTR /CCC /verschwundene Dateien Bin wohl gestern von allen symptomen (WTR Loader-CCC funktioniert nicht- bis zu verschwundenen Dateien und Desktopordnern) befallen worden. nachdem ich ein paar Stunden recht idiotisch mit dem Microsoft security zeugs und mit AVira rumgesandelt habe ,bin ich gottseidank auf eure excellente seite gestossen. OTL-systemscan gemacht , mit malwarebyte gescannt (2 böse sachen ) brachten mir den desktop wieder , "unhide" auch die verschwundenen dateien. combofix installiert .Mit Antivir gescannt. Alle scheint wieder in Ordnung . ich würde jetzt gerne ein komplettes backup von C machen und hätte hierbei die passende frage : "Ist alles o.k wenn ein komplettscan mit Antivir nichts mehr entdeckt und ein durchlauf von combofix so aussieht" : Danke Armin Combofix Logfile: Code:
ATTFilter ComboFix 11-05-02.04 - armin schmid 03.05.2011 11:14:51.3.8 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3582.2697 [GMT 2:00]
ausgeführt von:: c:\users\armin schmid\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-03 bis 2011-05-03 ))))))))))))))))))))))))))))))
.
.
2011-05-03 09:17 . 2011-05-03 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-03 05:26 . 2011-05-03 05:26 -------- d-----w- c:\users\armin schmid\AppData\Roaming\Malwarebytes
2011-05-03 05:26 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 05:26 . 2011-05-03 05:26 -------- d-----w- c:\programdata\Malwarebytes
2011-05-03 05:26 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 04:53 . 2011-05-03 04:53 -------- d-----w- c:\programdata\ATI
2011-05-03 04:53 . 2011-05-03 04:53 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-05-03 04:51 . 2011-05-03 04:51 -------- d-----w- c:\program files\ATI
2011-05-02 19:44 . 2011-04-10 22:04 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91466CAA-D81F-4EB0-BC13-2C100CC45872}\mpengine.dll
2011-05-02 19:35 . 2011-03-04 14:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-02 19:35 . 2011-03-04 12:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-02 18:11 . 2011-05-02 18:11 -------- d-----w- c:\users\armin schmid\AppData\Roaming\Avira
2011-05-02 18:06 . 2011-05-02 18:06 -------- d-----w- c:\programdata\Avira
2011-05-02 18:06 . 2011-05-02 18:06 -------- d-----w- c:\program files\Avira
2011-04-30 12:46 . 2011-05-02 18:09 -------- d-----w- c:\users\armin schmid\AppData\Roaming\Ylomo
2011-04-30 12:46 . 2011-05-02 18:02 -------- d-----w- c:\users\armin schmid\AppData\Roaming\Ecykc
2011-04-28 18:44 . 2011-04-28 18:45 -------- d-----w- c:\program files\Google
2011-04-28 18:44 . 2011-04-28 18:44 -------- d-----w- c:\users\armin schmid\AppData\Local\Google
2011-04-24 08:19 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-24 08:19 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-24 08:19 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-24 08:19 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-05 22:33 . 2011-01-27 08:57 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7B59513-F2DE-45A6-8BCE-FBB10EA8BCF3}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-25 15:51 . 2011-02-25 15:51 3584 ----a-r- c:\users\armin schmid\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-02-25 07:58 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-03 05:54 . 2011-02-13 02:18 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YAAC"="c:\program files\Tools&More\YAAC\YAAC.exe" [2004-10-25 327680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"avgnt"="d:\dienstprogramme\AVIRA\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Malwarebytes' Anti-Malware (reboot)"="d:\dienstprogramme\Malware\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_1d882551ede2c65b"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cl106232.inf_x86_neutral_885970445255996f"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cw106232.inf_x86_neutral_6cf75ba43cfe598c"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cw112250.inf_x86_neutral_fd10f2c7f2f1a821"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cw_98768.inf_x86_neutral_a142c167d8a0e4ff"="del" [X]
"c:\windows\winsxs\x86_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a33bc4f3705f38f0"="del" [X]
"c:\windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d"="del" [X]
"c:\windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_a7a5cf9ca38aacc7"="del" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^armin schmid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPU-Tweaker.exe.lnk]
path=c:\users\armin schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPU-Tweaker.exe.lnk
backup=c:\windows\pss\CPU-Tweaker.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-03 18:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-04-27 02:09 113288 ----a-w- c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\video_hd\PowerDVD_10\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
"Adobe Reader Speed Launcher"="d:\dienstprogramme\Adobe_Reader\Reader\Reader_sl.exe"
"iTunesHelper"="d:\video_hd\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 MpKsl1db77c7b;MpKsl1db77c7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFA813D4-59DC-4936-A235-D8F3E0BB999C}\MpKsl1db77c7b.sys [x]
R1 MpKsl4f13dc28;MpKsl4f13dc28;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D7EB594-C3D3-41E9-831F-2BAEC59C9391}\MpKsl4f13dc28.sys [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\ARMINS~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 cpuz130;cpuz130;c:\users\ARMINS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-04 691696]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 57800]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/21 19:06];d:\video_hd\PowerDVD_10\PowerDVD10\NavFilter\000.fcl [2010-06-28 20:50 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\dienstprogramme\AVIRA\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 192512]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 60800]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 140672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 ttBudget2;TechnoTrend BDA/DVB (BDA);c:\windows\system32\drivers\ttBudget2.sys [2010-08-22 457472]
S3 vadspdif;vadspdif;c:\windows\system32\DRIVERS\vadspdif.sys [2010-01-28 35512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\armin schmid\AppData\Roaming\Mozilla\Firefox\Profiles\sj6h9k6k.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\video_hd\PowerDVD_10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03 11:18:35
ComboFix-quarantined-files.txt 2011-05-03 09:18
.
Vor Suchlauf: 10 Verzeichnis(se), 41.843.265.536 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 41.790.877.696 Bytes frei
.
- - End Of File - - F953237D41D6581D549C2495F0ACC53D
|
|
03.05.2011, 13:25
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy/WTR /CCC /verschwundene DateienZitat:
 Hinweise überlesen? => http://www.trojaner-board.de/95175-combofix.html Zitat:
__________________ |
|
03.05.2011, 13:45
| #3 | |
| | TR/Kazy/WTR /CCC /verschwundene DateienZitat:
Hi Arne danke für die Hinweise . beide programme waren halt schon installiert , vor dem Combofixscan hab ich a.MSE deaktiviert und mit bestem Gewissen b. im ANTIVIR CC den scanner deaktiviert , danach alle programme beendet ... Soll ich die beiden deinstallieren ? |
|
03.05.2011, 13:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy/WTR /CCC /verschwundene Dateien Ja, zumindest einer muss runter! Danach bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.05.2011, 14:57
| #5 |
| | TR/Kazy/WTR /CCC /verschwundene Dateien Danke Arne Malwarebytescan_1: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6496 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 03.05.2011 11:02:56 mbam-log-2011-05-03 (11-02-56).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 143023 Laufzeit: 1 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) malwarescan_2 : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6499 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 03.05.2011 15:41:25 mbam-log-2011-05-03 (15-41-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 238333 Laufzeit: 18 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) otlscan :OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.05.2011 15:45:30 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Dienstprogramme\Malware Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): d:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 60,00 Gb Total Space | 42,00 Gb Free Space | 70,00% Space Free | Partition Type: NTFS Drive D: | 250,00 Gb Total Space | 180,70 Gb Free Space | 72,28% Space Free | Partition Type: NTFS Drive E: | 139,70 Gb Total Space | 117,10 Gb Free Space | 83,82% Space Free | Partition Type: HFSJ Drive F: | 558,49 Gb Total Space | 547,50 Gb Free Space | 98,03% Space Free | Partition Type: HFSJ Drive H: | 621,51 Gb Total Space | 610,19 Gb Free Space | 98,18% Space Free | Partition Type: NTFS Computer Name: MACINTOSH | User Name: armin schmid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Dienstprogramme\Malware\OTL.exe (OldTimer Tools) PRC - D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) PRC - D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) PRC - C:\Programme\Tools&More\YAAC\YAAC.exe (Wirth New Media) ========== Modules (SafeList) ========== MOD - D:\Dienstprogramme\Malware\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AMD Reservation Manager) -- File not found SRV - (AntiVirSchedulerService) -- D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ttBudget2) TechnoTrend BDA/DVB (BDA) -- C:\Windows\System32\drivers\ttBudget2.sys (TechnoTrend GmbH) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- D:\Video_HD\PowerDVD_10\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (MDFSYSNT) -- C:\Windows\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation) DRV - (vadspdif) -- C:\Windows\System32\drivers\vadspdif.sys (M2Tech) DRV - (MDPMGRNT) -- C:\Windows\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation) DRV - (CBDisk) -- C:\Windows\System32\drivers\CBDisk.sys (EldoS Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (RivaTuner32) -- D:\Dienstprogramme\RivaTuner\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys () DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 CC 87 DF A3 59 CB 01 [binary data] IE - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Dienstprogramme\Firefox\components [2011.04.29 12:08:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Dienstprogramme\Firefox\plugins [2011.03.23 08:02:53 | 000,000,000 | ---D | M] [2010.09.21 18:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armin schmid\AppData\Roaming\mozilla\Extensions [2011.05.02 21:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\armin schmid\AppData\Roaming\mozilla\Firefox\Profiles\sj6h9k6k.default\extensions [2011.05.02 21:26:59 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\armin schmid\AppData\Roaming\mozilla\Firefox\Profiles\sj6h9k6k.default\extensions\foxmarks@kei.com File not found (No name found) -- () (No name found) -- C:\USERS\ARMIN SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJ6H9K6K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.09.21 17:54:49 | 000,000,000 | ---D | M] (Java Console) -- D:\DIENSTPROGRAMME\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} O1 HOSTS File: ([2011.05.03 07:42:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] D:\Dienstprogramme\AVIRA\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Dienstprogramme\Malware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000..\Run: [YAAC] C:\Program Files\Tools&More\YAAC\YAAC.exe (Wirth New Media) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_1d882551ede2c65b] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cl106232.inf_x86_neutral_885970445255996f] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw_98768.inf_x86_neutral_a142c167d8a0e4ff] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw106232.inf_x86_neutral_6cf75ba43cfe598c] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\System32\DriverStore\FileRepository\cw112250.inf_x86_neutral_fd10f2c7f2f1a821] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a33bc4f3705f38f0] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [C:\Windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_a7a5cf9ca38aacc7] C:\Windows\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4250765415-1996380565-1041786456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpFolder: C:^Users^armin schmid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPU-Tweaker.exe.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink) MsConfig - StartUpReg: IAStorIcon - hkey= - key= - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - D:\Video_HD\PowerDVD_10\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) ========== Files/Folders - Created Within 30 Days ========== [2011.05.03 11:18:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.03 11:17:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.03 11:14:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.03 11:14:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.03 11:14:17 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.03 11:13:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.03 11:13:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.03 07:39:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.03 07:26:25 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\AppData\Roaming\Malwarebytes [2011.05.03 07:26:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.03 07:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.03 07:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.03 07:26:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.03 06:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.05.03 06:53:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.05.03 06:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.05.03 06:51:48 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2011.05.02 21:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.02 21:35:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.05.02 21:35:43 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.05.02 21:35:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.05.02 20:11:26 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\AppData\Roaming\Avira [2011.05.02 20:06:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.05.02 20:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.01 11:29:05 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\Desktop\Neue fotos [2011.04.30 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\AppData\Roaming\Ylomo [2011.04.30 14:46:26 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\AppData\Roaming\Ecykc [2011.04.30 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\Desktop\Neue CAM [2011.04.28 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.04.28 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\AppData\Local\Google [2011.04.28 20:44:28 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.04.24 10:19:23 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.04.24 10:19:23 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.04.24 10:19:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.04.18 18:12:49 | 000,000,000 | ---D | C] -- C:\Users\armin schmid\Desktop\puppen [2011.04.14 22:30:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 22:30:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 22:30:50 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 22:30:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 22:30:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 22:30:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.14 22:30:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 22:30:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 22:30:40 | 002,333,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 22:30:39 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 22:30:39 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe [2011.04.14 22:30:38 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll ========== Files - Modified Within 30 Days ========== [2011.05.03 15:13:56 | 000,015,632 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.03 15:13:56 | 000,015,632 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.03 15:10:52 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.03 15:10:52 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.03 15:10:52 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.03 15:10:52 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.03 15:06:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.03 15:06:38 | 2817,331,200 | -HS- | M] () -- C:\hiberfil.sys [2011.05.03 15:05:25 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.05.03 14:32:05 | 000,000,630 | ---- | M] () -- C:\Users\armin schmid\Desktop\vignette.rtf [2011.05.03 13:49:29 | 000,000,082 | ---- | M] () -- C:\Users\armin schmid\Desktop\Log-Analyse und Auswertung - Trojaner-Board.URL [2011.05.03 11:08:41 | 004,335,631 | R--- | M] () -- C:\Users\armin schmid\Desktop\ComboFix.exe [2011.05.03 07:42:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.03 06:28:38 | 000,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin [2011.05.02 21:35:53 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.02 18:29:05 | 000,000,160 | ---- | M] () -- C:\ProgramData\~35118856r [2011.05.02 18:29:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~35118856 [2011.05.02 18:29:02 | 000,000,344 | ---- | M] () -- C:\ProgramData\35118856 [2011.04.24 18:55:05 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\DVBViewer.lnk [2011.04.17 05:12:40 | 000,257,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.05 12:57:50 | 000,000,081 | ---- | M] () -- C:\Users\armin schmid\Desktop\Wetter Mengen - Wettervorhersage aktuell bei wetter.com.URL ========== Files Created - No Company Name ========== [2011.05.03 14:32:05 | 000,000,630 | ---- | C] () -- C:\Users\armin schmid\Desktop\vignette.rtf [2011.05.03 13:49:29 | 000,000,082 | ---- | C] () -- C:\Users\armin schmid\Desktop\Log-Analyse und Auswertung - Trojaner-Board.URL [2011.05.03 11:14:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.03 11:14:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.03 11:14:17 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.03 11:14:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.03 11:14:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.03 11:08:17 | 004,335,631 | R--- | C] () -- C:\Users\armin schmid\Desktop\ComboFix.exe [2011.05.02 21:35:53 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.02 18:29:05 | 000,000,160 | ---- | C] () -- C:\ProgramData\~35118856r [2011.05.02 18:29:05 | 000,000,136 | ---- | C] () -- C:\ProgramData\~35118856 [2011.05.02 18:29:02 | 000,000,344 | ---- | C] () -- C:\ProgramData\35118856 [2011.04.24 18:55:05 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\DVBViewer.lnk [2011.04.05 12:57:50 | 000,000,081 | ---- | C] () -- C:\Users\armin schmid\Desktop\Wetter Mengen - Wettervorhersage aktuell bei wetter.com.URL [2011.03.07 01:49:30 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin [2011.02.27 15:54:38 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.02.25 13:23:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.12.25 12:49:09 | 000,088,280 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2010.10.06 19:48:42 | 000,005,179 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.06 18:49:58 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE [2010.10.04 17:54:29 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat [2010.09.27 01:10:13 | 000,000,136 | ---- | C] () -- C:\Windows\System32\cpuz.ini [2010.09.22 07:02:58 | 000,007,602 | ---- | C] () -- C:\Users\armin schmid\AppData\Local\Resmon.ResmonCfg [2010.09.21 17:05:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.04.02 18:09:08 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.03.17 17:06:30 | 000,202,234 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.14 10:47:43 | 000,696,132 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,147,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,257,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,651,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,120,382 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2003.12.02 17:08:09 | 000,026,420 | ---- | C] () -- C:\Windows\System32\drivers\I-magic.sys ========== LOP Check ========== [2011.05.02 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\BitDefender [2010.10.04 17:59:32 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\DAEMON Tools Lite [2011.05.02 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Ecykc [2011.05.02 21:26:55 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\foobar2000 [2010.09.24 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\ImgBurn [2010.09.21 23:00:03 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\MAXON [2010.10.05 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Olarila! [2011.05.02 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\TuneUp Software [2011.05.02 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\uTorrent [2010.11.15 12:27:02 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\WindSolutions [2011.05.02 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Ylomo [2011.03.16 17:05:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.19 18:41:34 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\AccurateRip [2011.05.02 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Adobe [2010.11.15 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Apple Computer [2011.02.25 13:24:16 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\ATI [2011.05.02 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Avira [2011.05.02 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\BitDefender [2010.09.21 20:17:50 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\CyberLink [2010.10.04 17:59:32 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\DAEMON Tools Lite [2011.05.02 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Ecykc [2011.05.02 21:26:55 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\foobar2000 [2010.09.21 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Identities [2010.09.24 07:27:07 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\ImgBurn [2010.09.22 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\InstallShield [2010.09.22 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Intel Corporation [2010.09.21 17:46:08 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Macromedia [2011.05.03 07:26:25 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Malwarebytes [2010.09.21 23:00:03 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\MAXON [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Media Center Programs [2011.03.26 07:45:11 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Media Player Classic [2011.05.02 21:26:56 | 000,000,000 | --SD | M] -- C:\Users\armin schmid\AppData\Roaming\Microsoft [2011.05.02 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Mozilla [2010.10.05 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Olarila! [2011.05.02 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\TuneUp Software [2011.05.02 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\uTorrent [2011.05.02 21:26:59 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\vlc [2010.11.15 12:27:02 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\WindSolutions [2010.09.21 19:11:05 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\WinRAR [2011.05.02 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Ylomo < %APPDATA%\*.exe /s > [2011.02.25 17:51:42 | 000,003,584 | R--- | M] () -- C:\Users\armin schmid\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.03.03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010.03.03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.10.04 17:54:10 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.04.07 04:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll < End of report > |
|
03.05.2011, 15:04
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy/WTR /CCC /verschwundene Dateien Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> TR/Kazy/WTR /CCC /verschwundene Dateien |
|
03.05.2011, 15:07
| #7 |
| | TR/Kazy/WTR /CCC /verschwundene Dateien Hallo arne nein , waren nur 2 , da erst installiert nette grüsse armin |
|
03.05.2011, 15:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy/WTR /CCC /verschwundene Dateien Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.05.02 18:29:05 | 000,000,160 | ---- | M] () -- C:\ProgramData\~35118856r
[2011.05.02 18:29:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~35118856
[2011.05.02 18:29:02 | 000,000,344 | ---- | M] () -- C:\ProgramData\35118856
[2011.05.02 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Ecykc
[2011.05.02 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\armin schmid\AppData\Roaming\Ylomo
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 15:36
| #9 |
| | TR/Kazy/WTR /CCC /verschwundene Dateien OTL: ll processes killed ========== OTL ========== C:\ProgramData\~35118856r moved successfully. C:\ProgramData\~35118856 moved successfully. C:\ProgramData\35118856 moved successfully. C:\Users\armin schmid\AppData\Roaming\Ecykc folder moved successfully. C:\Users\armin schmid\AppData\Roaming\Ylomo folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: armin schmid ->Temp folder emptied: 526556 bytes ->Temporary Internet Files folder emptied: 98729 bytes ->Java cache emptied: 4619593 bytes ->FireFox cache emptied: 55574098 bytes ->Flash cache emptied: 3423 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3202 bytes RecycleBin emptied: 80384 bytes Total Files Cleaned = 58,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05032011_163213 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
03.05.2011, 15:40
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy/WTR /CCC /verschwundene Dateien Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 15:55
| #11 |
| | TR/Kazy/WTR /CCC /verschwundene Dateien done.... war interessant 1 threat found - continue- skip 2011/05/03 16:51:24.0311 2660 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/03 16:51:24.0577 2660 ================================================================================ 2011/05/03 16:51:24.0577 2660 SystemInfo: 2011/05/03 16:51:24.0577 2660 2011/05/03 16:51:24.0577 2660 OS Version: 6.1.7601 ServicePack: 1.0 2011/05/03 16:51:24.0577 2660 Product type: Workstation 2011/05/03 16:51:24.0577 2660 ComputerName: MACINTOSH 2011/05/03 16:51:24.0577 2660 UserName: armin schmid 2011/05/03 16:51:24.0577 2660 Windows directory: C:\Windows 2011/05/03 16:51:24.0577 2660 System windows directory: C:\Windows 2011/05/03 16:51:24.0577 2660 Processor architecture: Intel x86 2011/05/03 16:51:24.0577 2660 Number of processors: 8 2011/05/03 16:51:24.0577 2660 Page size: 0x1000 2011/05/03 16:51:24.0577 2660 Boot type: Normal boot 2011/05/03 16:51:24.0577 2660 ================================================================================ 2011/05/03 16:51:36.0167 2660 Initialize success 2011/05/03 16:52:08.0631 0848 ================================================================================ 2011/05/03 16:52:08.0631 0848 Scan started 2011/05/03 16:52:08.0631 0848 Mode: Manual; 2011/05/03 16:52:08.0631 0848 ================================================================================ 2011/05/03 16:52:08.0881 0848 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/05/03 16:52:08.0912 0848 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/05/03 16:52:08.0943 0848 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/05/03 16:52:08.0990 0848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/03 16:52:09.0021 0848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/03 16:52:09.0037 0848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/03 16:52:09.0099 0848 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys 2011/05/03 16:52:09.0130 0848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/05/03 16:52:09.0161 0848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/05/03 16:52:09.0193 0848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/05/03 16:52:09.0349 0848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/05/03 16:52:09.0364 0848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/05/03 16:52:09.0395 0848 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys 2011/05/03 16:52:09.0411 0848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/03 16:52:09.0551 0848 amdkmdag (c22bdfcbed2596692096f85a9bf54358) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/03 16:52:09.0848 0848 amdkmdap (cc6a16ce23dbc94a59f8e821558d5754) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/05/03 16:52:09.0895 0848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/03 16:52:09.0910 0848 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 2011/05/03 16:52:09.0926 0848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/03 16:52:09.0957 0848 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 2011/05/03 16:52:10.0004 0848 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/05/03 16:52:10.0051 0848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/05/03 16:52:10.0066 0848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/03 16:52:10.0097 0848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/03 16:52:10.0144 0848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/05/03 16:52:10.0175 0848 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) C:\Windows\system32\drivers\AtihdW73.sys 2011/05/03 16:52:10.0207 0848 AtiHdmiService (c822c615b2f693ef4e5b355432976a81) C:\Windows\system32\drivers\AtiHdmi.sys 2011/05/03 16:52:10.0238 0848 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/03 16:52:10.0269 0848 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/03 16:52:10.0316 0848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/05/03 16:52:10.0347 0848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/05/03 16:52:10.0378 0848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/05/03 16:52:10.0409 0848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/03 16:52:10.0456 0848 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/03 16:52:10.0472 0848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/03 16:52:10.0487 0848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/03 16:52:10.0519 0848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/05/03 16:52:10.0534 0848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/03 16:52:10.0565 0848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/03 16:52:10.0565 0848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/03 16:52:10.0581 0848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/03 16:52:10.0675 0848 CBDisk (93c568904e116607df2389907a9d8899) C:\Windows\system32\drivers\CBDisk.sys 2011/05/03 16:52:10.0706 0848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/03 16:52:10.0737 0848 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 2011/05/03 16:52:10.0784 0848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/03 16:52:10.0831 0848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/05/03 16:52:10.0862 0848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/03 16:52:10.0877 0848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/05/03 16:52:10.0893 0848 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/05/03 16:52:10.0909 0848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/03 16:52:10.0955 0848 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/05/03 16:52:11.0002 0848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/03 16:52:11.0049 0848 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/05/03 16:52:11.0096 0848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/05/03 16:52:11.0111 0848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/05/03 16:52:11.0174 0848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/05/03 16:52:11.0205 0848 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/03 16:52:11.0314 0848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/05/03 16:52:11.0423 0848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/03 16:52:11.0455 0848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/05/03 16:52:11.0486 0848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/05/03 16:52:11.0501 0848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/05/03 16:52:11.0533 0848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/03 16:52:11.0548 0848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/05/03 16:52:11.0564 0848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/05/03 16:52:11.0595 0848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/03 16:52:11.0611 0848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/05/03 16:52:11.0642 0848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/05/03 16:52:11.0673 0848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/03 16:52:11.0704 0848 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/03 16:52:11.0720 0848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/03 16:52:11.0735 0848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/03 16:52:11.0751 0848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/03 16:52:11.0798 0848 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/05/03 16:52:11.0845 0848 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/05/03 16:52:11.0860 0848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/03 16:52:11.0891 0848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/03 16:52:11.0907 0848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/03 16:52:11.0985 0848 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/05/03 16:52:12.0063 0848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/05/03 16:52:12.0094 0848 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/05/03 16:52:12.0141 0848 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/03 16:52:12.0172 0848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/05/03 16:52:12.0203 0848 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/03 16:52:12.0235 0848 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 2011/05/03 16:52:12.0250 0848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/03 16:52:12.0281 0848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/05/03 16:52:12.0328 0848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/03 16:52:12.0359 0848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/03 16:52:12.0391 0848 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/05/03 16:52:12.0406 0848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/05/03 16:52:12.0437 0848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/05/03 16:52:12.0484 0848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/05/03 16:52:12.0515 0848 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/05/03 16:52:12.0547 0848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/05/03 16:52:12.0578 0848 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/05/03 16:52:12.0609 0848 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/03 16:52:12.0625 0848 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/03 16:52:12.0671 0848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/03 16:52:12.0703 0848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/03 16:52:12.0734 0848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/03 16:52:12.0734 0848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/03 16:52:12.0749 0848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/03 16:52:12.0781 0848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/05/03 16:52:12.0812 0848 MDFSYSNT (2c70290d63eb639da23ed667b9ebdf84) C:\Windows\system32\drivers\MDFSYSNT.sys 2011/05/03 16:52:12.0827 0848 MDPMGRNT (d94d2e968239ce7f01f2cfa503db57e1) C:\Windows\system32\drivers\MDPMGRNT.sys 2011/05/03 16:52:12.0843 0848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/03 16:52:12.0874 0848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/03 16:52:12.0890 0848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/05/03 16:52:12.0905 0848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/03 16:52:12.0937 0848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/05/03 16:52:12.0968 0848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/03 16:52:12.0983 0848 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/05/03 16:52:13.0015 0848 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/05/03 16:52:13.0124 0848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/03 16:52:13.0171 0848 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/05/03 16:52:13.0202 0848 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/03 16:52:13.0249 0848 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/03 16:52:13.0295 0848 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/03 16:52:13.0311 0848 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/05/03 16:52:13.0342 0848 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/05/03 16:52:13.0358 0848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/05/03 16:52:13.0373 0848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/03 16:52:13.0405 0848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/05/03 16:52:13.0420 0848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/03 16:52:13.0436 0848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/03 16:52:13.0451 0848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/05/03 16:52:13.0483 0848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/05/03 16:52:13.0498 0848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/05/03 16:52:13.0529 0848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/05/03 16:52:13.0545 0848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/03 16:52:13.0576 0848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/05/03 16:52:13.0592 0848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/03 16:52:13.0623 0848 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/05/03 16:52:13.0654 0848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/03 16:52:13.0685 0848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/03 16:52:13.0701 0848 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/03 16:52:13.0748 0848 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/03 16:52:13.0763 0848 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/05/03 16:52:13.0795 0848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/03 16:52:13.0841 0848 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/03 16:52:13.0888 0848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/03 16:52:13.0935 0848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/05/03 16:52:13.0951 0848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/03 16:52:13.0997 0848 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 2011/05/03 16:52:14.0044 0848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/05/03 16:52:14.0060 0848 nusb3hub (97e06e89e46f51dc34032d1969a1e38c) C:\Windows\system32\DRIVERS\nusb3hub.sys 2011/05/03 16:52:14.0091 0848 nusb3xhc (73ef93526b6b9fa624e6ae5b6f18b937) C:\Windows\system32\DRIVERS\nusb3xhc.sys 2011/05/03 16:52:14.0122 0848 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 2011/05/03 16:52:14.0138 0848 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 2011/05/03 16:52:14.0138 0848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/05/03 16:52:14.0169 0848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/05/03 16:52:14.0200 0848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/05/03 16:52:14.0247 0848 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/05/03 16:52:14.0263 0848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/05/03 16:52:14.0325 0848 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/05/03 16:52:14.0356 0848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/05/03 16:52:14.0387 0848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/03 16:52:14.0403 0848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/05/03 16:52:14.0434 0848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/05/03 16:52:14.0528 0848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/03 16:52:14.0543 0848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/05/03 16:52:14.0621 0848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/03 16:52:14.0684 0848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/03 16:52:14.0731 0848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/03 16:52:14.0746 0848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/03 16:52:14.0762 0848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/03 16:52:14.0793 0848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/03 16:52:14.0809 0848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/03 16:52:14.0840 0848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/03 16:52:14.0855 0848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/03 16:52:14.0887 0848 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/03 16:52:14.0918 0848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/03 16:52:14.0949 0848 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/03 16:52:14.0965 0848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/03 16:52:14.0980 0848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/03 16:52:14.0996 0848 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/05/03 16:52:15.0043 0848 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/05/03 16:52:15.0089 0848 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) D:\Dienstprogramme\RivaTuner\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys 2011/05/03 16:52:15.0121 0848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/03 16:52:15.0183 0848 RTL8167 (1a42b4cba44778d312e668cd166cbcbb) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/05/03 16:52:15.0245 0848 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/05/03 16:52:15.0261 0848 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/03 16:52:15.0308 0848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/05/03 16:52:15.0355 0848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/03 16:52:15.0386 0848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/05/03 16:52:15.0417 0848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/03 16:52:15.0448 0848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/05/03 16:52:15.0464 0848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/03 16:52:15.0479 0848 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/03 16:52:15.0495 0848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/03 16:52:15.0542 0848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/05/03 16:52:15.0557 0848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/03 16:52:15.0589 0848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/03 16:52:15.0620 0848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/05/03 16:52:15.0635 0848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/05/03 16:52:15.0698 0848 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/05/03 16:52:15.0698 0848 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/05/03 16:52:15.0698 0848 sptd - detected LockedFile.Multi.Generic (1) 2011/05/03 16:52:15.0729 0848 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys 2011/05/03 16:52:15.0760 0848 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/03 16:52:15.0807 0848 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/03 16:52:15.0838 0848 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/05/03 16:52:15.0854 0848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/03 16:52:15.0885 0848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/05/03 16:52:15.0963 0848 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys 2011/05/03 16:52:16.0025 0848 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/03 16:52:16.0072 0848 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/03 16:52:16.0119 0848 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/05/03 16:52:16.0135 0848 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/05/03 16:52:16.0166 0848 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/03 16:52:16.0181 0848 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/05/03 16:52:16.0244 0848 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/03 16:52:16.0275 0848 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/05/03 16:52:16.0306 0848 ttBudget2 (00a93a97675c8e5eebd2f5155d33be89) C:\Windows\system32\drivers\ttBudget2.sys 2011/05/03 16:52:16.0400 0848 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 2011/05/03 16:52:16.0431 0848 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/03 16:52:16.0462 0848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/03 16:52:16.0493 0848 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/03 16:52:16.0525 0848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/03 16:52:16.0556 0848 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/05/03 16:52:16.0571 0848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/03 16:52:16.0618 0848 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 2011/05/03 16:52:16.0618 0848 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys 2011/05/03 16:52:16.0649 0848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/05/03 16:52:16.0696 0848 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/03 16:52:16.0727 0848 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys 2011/05/03 16:52:16.0759 0848 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/03 16:52:16.0774 0848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/03 16:52:16.0790 0848 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/03 16:52:16.0805 0848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/03 16:52:16.0837 0848 vadspdif (1af6cef0c913bc2b35519e7c72e832d9) C:\Windows\system32\DRIVERS\vadspdif.sys 2011/05/03 16:52:16.0868 0848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/05/03 16:52:16.0899 0848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/03 16:52:16.0915 0848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/05/03 16:52:16.0930 0848 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/05/03 16:52:16.0946 0848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/05/03 16:52:16.0977 0848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/05/03 16:52:16.0977 0848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/05/03 16:52:17.0008 0848 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/05/03 16:52:17.0039 0848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/05/03 16:52:17.0055 0848 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/05/03 16:52:17.0071 0848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/03 16:52:17.0086 0848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/05/03 16:52:17.0149 0848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/03 16:52:17.0164 0848 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/03 16:52:17.0180 0848 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/03 16:52:17.0195 0848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/05/03 16:52:17.0227 0848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/03 16:52:17.0258 0848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/03 16:52:17.0273 0848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/05/03 16:52:17.0336 0848 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/03 16:52:17.0367 0848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/03 16:52:17.0398 0848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/03 16:52:17.0429 0848 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/05/03 16:52:17.0476 0848 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/03 16:52:17.0570 0848 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) D:\Video_HD\PowerDVD_10\PowerDVD10\NavFilter\000.fcl 2011/05/03 16:52:17.0663 0848 ================================================================================ 2011/05/03 16:52:17.0663 0848 Scan finished 2011/05/03 16:52:17.0663 0848 ================================================================================ 2011/05/03 16:52:17.0679 2504 Detected object count: 1 2011/05/03 16:52:58.0067 2504 LockedFile.Multi.Generic(sptd) - User select action: Skip |
|
04.05.2011, 08:52
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy/WTR /CCC /verschwundene Dateien Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2011, 09:42
| #13 |
| | TR/Kazy/WTR /CCC /verschwundene Dateien Guten Morgen und danke Combofix Logfile: Code:
ATTFilter ComboFix 11-05-03.03 - armin schmid 04.05.2011 10:34:31.4.8 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3582.2764 [GMT 2:00]
ausgeführt von:: c:\users\armin schmid\Desktop\CoFi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-04 bis 2011-05-04 ))))))))))))))))))))))))))))))
.
.
2011-05-04 08:37 . 2011-05-04 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 01:46 . 2011-05-04 05:58 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-03 19:05 . 2011-05-03 19:05 -------- d-----w- c:\program files\Common Files\Java
2011-05-03 05:26 . 2011-05-03 05:26 -------- d-----w- c:\users\armin schmid\AppData\Roaming\Malwarebytes
2011-05-03 05:26 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 05:26 . 2011-05-03 05:26 -------- d-----w- c:\programdata\Malwarebytes
2011-05-03 05:26 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 04:53 . 2011-05-03 04:53 -------- d-----w- c:\programdata\ATI
2011-05-03 04:53 . 2011-05-03 04:53 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-05-03 04:51 . 2011-05-03 04:51 -------- d-----w- c:\program files\ATI
2011-05-02 19:35 . 2011-03-04 14:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-02 19:35 . 2011-03-04 12:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-02 18:11 . 2011-05-02 18:11 -------- d-----w- c:\users\armin schmid\AppData\Roaming\Avira
2011-05-02 18:06 . 2011-05-02 18:06 -------- d-----w- c:\programdata\Avira
2011-05-02 18:06 . 2011-05-02 18:06 -------- d-----w- c:\program files\Avira
2011-04-28 18:44 . 2011-04-28 18:45 -------- d-----w- c:\program files\Google
2011-04-28 18:44 . 2011-04-28 18:44 -------- d-----w- c:\users\armin schmid\AppData\Local\Google
2011-04-24 08:19 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-24 08:19 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-24 08:19 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-24 08:19 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-03 19:04 . 2010-10-04 18:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 15:09 . 2010-10-04 15:54 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-25 15:51 . 2011-02-25 15:51 3584 ----a-r- c:\users\armin schmid\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-02-25 07:58 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YAAC"="c:\program files\Tools&More\YAAC\YAAC.exe" [2004-10-25 327680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"avgnt"="d:\dienstprogramme\AVIRA\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\windows\System32\DriverStore\FileRepository\atiilhag.inf_x86_neutral_1d882551ede2c65b"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cl106232.inf_x86_neutral_885970445255996f"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cw106232.inf_x86_neutral_6cf75ba43cfe598c"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cw112250.inf_x86_neutral_fd10f2c7f2f1a821"="del" [X]
"c:\windows\System32\DriverStore\FileRepository\cw_98768.inf_x86_neutral_a142c167d8a0e4ff"="del" [X]
"c:\windows\winsxs\x86_atiilhag.inf.resources_31bf3856ad364e35_6.1.7600.16385_de-de_a33bc4f3705f38f0"="del" [X]
"c:\windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7600.16385_none_a574bbd4a69c292d"="del" [X]
"c:\windows\winsxs\x86_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_a7a5cf9ca38aacc7"="del" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^armin schmid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CPU-Tweaker.exe.lnk]
path=c:\users\armin schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPU-Tweaker.exe.lnk
backup=c:\windows\pss\CPU-Tweaker.exe.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-03-03 18:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 16:08 963976 ----a-w- d:\dienstprogramme\Malware\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-04-27 02:09 113288 ----a-w- c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\video_hd\PowerDVD_10\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" /auto
"Adobe Reader Speed Launcher"="d:\dienstprogramme\Adobe_Reader\Reader\Reader_sl.exe"
"iTunesHelper"="d:\video_hd\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 MpKsl1db77c7b;MpKsl1db77c7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFA813D4-59DC-4936-A235-D8F3E0BB999C}\MpKsl1db77c7b.sys [x]
R1 MpKsl4f13dc28;MpKsl4f13dc28;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D7EB594-C3D3-41E9-831F-2BAEC59C9391}\MpKsl4f13dc28.sys [x]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\ARMINS~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 B9841371;B9841371;c:\windows\system32\B9841371.exe [x]
R3 cpuz130;cpuz130;c:\users\ARMINS~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 ute1nte4;AVZ Kernel Driver;c:\windows\system32\Drivers\ute1nte4.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive partition driver; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 57800]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/21 19:06];d:\video_hd\PowerDVD_10\PowerDVD10\NavFilter\000.fcl [2010-06-28 20:50 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\dienstprogramme\AVIRA\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-01-07 192512]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-07-27 60800]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-07-27 140672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 ttBudget2;TechnoTrend BDA/DVB (BDA);c:\windows\system32\drivers\ttBudget2.sys [2010-08-22 457472]
S3 vadspdif;vadspdif;c:\windows\system32\DRIVERS\vadspdif.sys [2010-01-28 35512]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\armin schmid\AppData\Roaming\Mozilla\Firefox\Profiles\sj6h9k6k.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\video_hd\PowerDVD_10\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-04 10:38:06
ComboFix-quarantined-files.txt 2011-05-04 08:38
ComboFix2.txt 2011-05-03 09:18
.
Vor Suchlauf: 10 Verzeichnis(se), 43.050.639.360 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 43.000.606.720 Bytes frei
.
- - End Of File - - CDC536921AB41867B8D5B68DF406DC9C
|
|
06.05.2011, 17:14
| #14 |
| | TR/Kazy/WTR /CCC /verschwundene Dateien hi arne Nichts mehr gehört --heisst das alles o.k. |
|
06.05.2011, 18:25
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy/WTR /CCC /verschwundene Dateien Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Kazy/WTR /CCC /verschwundene Dateien |
| adobe, antivir, avg, avira, dateien, defender, firefox, fontcache, frage, home, ics, malware protection, mcafee, microsoft, microsoft security, microsoft security essentials, mozilla, neu, programme, realtek, security, security scan, seite, service.exe, software, sptd.sys, start menu, svchost, system32, tr/kazy, updates, usb, usb 3.0, windows, windows 7 home, windows 7 home premium |
Textbox.
.
Linear-Darstellung
