| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antivir Antispyware 2011Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.05.2011, 17:48
| #1 |
 |  Antivir Antispyware 2011 Hallo, bei mir hat sich "Antivir Antispyware 2011" eingeschlichen. Habe jetzt hier die ersten Schritte befolgt: http://www.trojaner-board.de/96244-a...entfernen.html Malwarebytes läuft gerade, hab aber mit Avira schon Dateien entfernen können. Was soll ich nun machen? Hier sind die Daten von Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6547 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.05.2011 19:14:04 mbam-log-2011-05-10 (19-14-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 292741 Laufzeit: 34 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 6 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 9 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87sdhfush87fsufhuie3fddf (Trojan.Downloader) -> Value: hsf87sdhfush87fsufhuie3fddf -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Value: hsf87efjhdsf87f3jfsdi7fhsujfd -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qvfdpdxs (Rogue.AntivirusSuite.Gen) -> Value: qvfdpdxs -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Value: AntiVirus AntiSpyware 2011 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiVirus AntiSpyware 2011 Security (Rogue.AntiVirusAntiSpyware2011) -> Value: AntiVirus AntiSpyware 2011 Security -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\***\AppData\Local\Temp\0.4771909221631714.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\0.953419255902395.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\2210565\2853000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully. c:\Users\***\AppData\Roaming\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\0.3030475837421973.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully. Und OTL - LogsOTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 10.05.2011 19:24:38 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,56 Gb Total Space | 384,38 Gb Free Space | 84,19% Space Free | Partition Type: NTFS Drive D: | 2,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ***-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fc-hansa.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56444 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "fc-hansa.de" FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.6.2 FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.25 FF - prefs.js..extensions.enabledItems: {99999999-73df-4e76-b66c-87d3db104b03}:1.3.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 56444 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 14:03:20 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.01 14:03:20 | 000,000,000 | ---D | M] [2009.11.11 17:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.09 21:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nazp4hsm.default\extensions [2010.12.07 12:27:42 | 000,000,000 | ---D | M] (PsicoTSI) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nazp4hsm.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} [2010.12.07 19:41:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nazp4hsm.default\extensions\{99999999-73df-4e76-b66c-87d3db104b03} [2011.04.02 21:41:00 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nazp4hsm.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2011.04.13 13:29:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nazp4hsm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.11 18:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll [2011.04.19 16:16:22 | 001,480,192 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll [2010.10.21 18:01:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.21 18:01:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.21 18:01:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.21 18:01:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.21 18:01:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKCU..\Run: [TCPSheme] File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://92.51.137.94/objects/NpFv530.dll (Flatcast Viewer 5.3) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.16 14:57:50 | 000,000,154 | R--- | M] () - D:\autorun.cfg -- [ UDF ] O32 - AutoRun File - [2010.10.05 16:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2006.09.11 15:26:42 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{d60e3741-ca22-11de-89a3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d60e3741-ca22-11de-89a3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2010.10.05 16:53:16 | 000,214,344 | R--- | M] (Sports Interactive) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.10 19:23:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.10 18:36:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.05.10 18:36:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.10 18:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.10 18:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.10 18:36:29 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.10 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.10 18:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Loaris [2011.05.10 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\2210565 [2011.05.05 23:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.04.27 10:30:34 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.04.27 10:30:33 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011.04.27 10:30:32 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.04.27 10:30:32 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.04.27 10:30:20 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.04.27 10:30:19 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.04.27 10:30:19 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.04.27 10:30:19 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.04.27 10:30:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.04.27 10:30:19 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.04.27 10:30:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.04.27 10:30:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011.04.27 10:30:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011.04.15 18:18:10 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.04.15 18:18:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.04.15 18:18:09 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.15 18:18:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.15 18:18:09 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.15 18:18:06 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.15 18:18:06 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.15 18:18:06 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.15 18:18:06 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.15 18:18:04 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.15 18:18:04 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.15 18:18:04 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.15 18:18:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.15 18:17:55 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.15 18:17:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.15 18:17:55 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.15 18:17:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.15 18:17:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.15 18:17:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.15 18:17:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.15 18:17:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.15 18:17:55 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.15 18:17:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.15 18:17:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.15 18:17:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.15 18:17:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.15 18:17:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.15 18:17:38 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.15 18:17:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.15 18:17:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.15 18:17:35 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.15 18:17:35 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.15 18:17:35 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.15 18:17:35 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.15 18:17:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.15 18:17:35 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.15 18:17:35 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.15 18:17:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.13 10:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2011.04.13 10:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2010.01.21 21:22:27 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.10 19:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.10 19:22:31 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 19:22:31 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.10 19:19:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.10 19:19:30 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.10 19:19:30 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.10 19:19:30 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.10 19:19:30 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.10 19:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.10 19:15:00 | 535,433,215 | -HS- | M] () -- C:\hiberfil.sys [2011.05.10 18:36:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 18:14:00 | 000,004,181 | ---- | M] () -- C:\Windows\unins001.dat [2011.04.27 18:13:35 | 000,715,038 | ---- | M] () -- C:\Windows\unins001.exe [2011.04.17 10:44:27 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.13 13:30:01 | 000,001,241 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.13 10:31:59 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.10 18:36:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 18:13:59 | 000,715,038 | ---- | C] () -- C:\Windows\unins001.exe [2011.04.13 10:31:59 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.06 18:32:38 | 000,004,181 | ---- | C] () -- C:\Windows\unins001.dat [2011.03.06 23:13:15 | 000,011,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\17FE.C79 [2011.01.20 22:02:20 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2011.01.20 22:02:20 | 000,000,875 | ---- | C] () -- C:\Windows\unins000.dat [2010.12.03 18:05:06 | 000,925,696 | ---- | C] () -- C:\Windows\SysWow64\AxEImage.dll [2010.12.03 18:05:06 | 000,663,552 | ---- | C] () -- C:\Windows\SysWow64\FreeImage.dll [2009.11.05 17:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.11.05 17:51:11 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.11.05 17:51:11 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.05.10 19:14:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2210565 [2010.01.29 13:01:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich [2011.04.13 13:29:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.04 09:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EC06E48DEC6922E5542431409FF1A6DD [2011.01.20 22:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flatcast [2010.12.03 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.12.04 17:46:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.02.01 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sports Interactive [2009.11.14 13:20:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.02.02 11:12:01 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > --- --- --- Und:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.05.2011 19:24:38 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,56 Gb Total Space | 384,38 Gb Free Space | 84,19% Space Free | Partition Type: NTFS
Drive D: | 2,52 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1A6842E0-3047-BD62-9A28-5A7743D88E2A}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish
"{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light
"{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish
"{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian
"{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation
"{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French
"{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista
"{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any PDF to DWG Converter_is1" = Any PDF to DWG Converter 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Citavi" = Citavi 2.5
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.735
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"Football Manager 2011" = Football Manager 2011
"Football Manager 2011 Demo" = Football Manager 2011 Demo
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"OpenAL" = OpenAL
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"ST6UNST #1" = Klimastation
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.01.2011 17:32:14 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fm.exe, Version: 11.0.0.21379, Zeitstempel:
0x4cb42a02 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x10c0 Startzeit der fehlerhaften Anwendung: 0x01cbbcc06d2de896 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Sports Interactive\Football Manager 2011 Demo\fm.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 92b1544d-28ca-11e0-8218-002564d7f6d4
Error - 01.02.2011 10:31:36 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b29c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00022262 ID des fehlerhaften
Prozesses: 0x8cc Startzeit der fehlerhaften Anwendung: 0x01cbc1f3b216c0d6 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f91dd0c8-2e0f-11e0-90f0-002564d7f6d4
Error - 01.02.2011 14:48:26 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fm.exe, Version: 11.0.0.20793, Zeitstempel:
0x4caf93c5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000d ID des fehlerhaften Prozesses:
0x1328 Startzeit der fehlerhaften Anwendung: 0x01cbc23d5ddb7081 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d9c09f4b-2e33-11e0-90f0-002564d7f6d4
Error - 13.02.2011 06:52:13 | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\***~1\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.03.2011 12:19:35 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fm.exe, Version: 11.0.0.20793, Zeitstempel:
0x4caf93c5 Name des fehlerhaften Moduls: fm.exe, Version: 11.0.0.20793, Zeitstempel:
0x4caf93c5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x012b0ac8 ID des fehlerhaften Prozesses:
0x17a4 Startzeit der fehlerhaften Anwendung: 0x01cbda76d7ee47a1 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Sports Interactive\Football Manager 2011\fm.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Sports Interactive\Football Manager
2011\fm.exe Berichtskennung: 315c9b62-467b-11e0-8f15-002564d7f6d4
Error - 07.03.2011 10:48:30 | Computer Name = ***-PC | Source = McLogEvent | ID = 5004
Description =
Error - 07.03.2011 10:48:30 | Computer Name = ***-PC | Source = McLogEvent | ID = 5022
Description =
Error - 07.03.2011 10:48:30 | Computer Name = ***-PC | Source = McLogEvent | ID = 5004
Description =
Error - 07.03.2011 10:48:30 | Computer Name = ***-PC | Source = McLogEvent | ID = 5022
Description =
Error - 08.03.2011 06:18:36 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 30.09.2010 05:20:07 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 30.09.2010 05:20:08 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 02.10.2010 06:55:06 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 02.10.2010 06:55:06 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 03.10.2010 05:07:56 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 03.10.2010 05:07:56 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 04.10.2010 05:27:52 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 06.10.2010 05:49:26 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 14.10.2010 16:37:51 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
Error - 20.10.2010 15:52:58 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
Ich wär froh über weitere Instruktionen, oder ist es jetzt wieder ok? |
|
10.05.2011, 20:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antivir Antispyware 2011 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
10.05.2011, 20:35
| #3 | |
| | Antivir Antispyware 2011Zitat:
|
|
10.05.2011, 20:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Antispyware 2011 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56444
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56444
FF - prefs.js..network.proxy.type: 0
O4 - HKCU..\Run: [msnmsgr] File not found
O4 - HKCU..\Run: [TCPSheme] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.16 14:57:50 | 000,000,154 | R--- | M] () - D:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2010.10.05 16:53:16 | 000,214,344 | R--- | M] (Sports Interactive) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006.09.11 15:26:42 | 000,000,027 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{d60e3741-ca22-11de-89a3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d60e3741-ca22-11de-89a3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2010.10.05 16:53:16 | 000,214,344 | R--- | M] (Sports Interactive)
[2011.05.10 17:51:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\2210565
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.05.2011, 20:47
| #5 |
| | Antivir Antispyware 2011 Das ist rausgekommen: All processes killed ========== OTL ========== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 56444 removed from network.proxy.http_port Prefs.js: 0 removed from network.proxy.type Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TCPSheme deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File move failed. D:\autorun.cfg scheduled to be moved on reboot. File move failed. D:\autorun.exe scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d60e3741-ca22-11de-89a3-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d60e3741-ca22-11de-89a3-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d60e3741-ca22-11de-89a3-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d60e3741-ca22-11de-89a3-806e6f6e6963}\ not found. File move failed. D:\autorun.exe scheduled to be moved on reboot. C:\Users\***\AppData\Roaming\2210565 folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 80506686 bytes ->Temporary Internet Files folder emptied: 56254569 bytes ->Java cache emptied: 99211514 bytes ->FireFox cache emptied: 88996155 bytes ->Flash cache emptied: 394549 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1619120 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 35722673 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 259661156 bytes Total Files Cleaned = 594,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05102011_214119 Files\Folders moved on Reboot... File move failed. D:\autorun.cfg scheduled to be moved on reboot. File move failed. D:\autorun.exe scheduled to be moved on reboot. File move failed. D:\autorun.inf scheduled to be moved on reboot. C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
10.05.2011, 21:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Antispyware 2011 Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Antivir Antispyware 2011 |
|
10.05.2011, 21:14
| #7 |
| | Antivir Antispyware 2011 Mit Eigenen Dateien/Dokumente gibt es keine Probleme. Das Tool sagt mir, dass nichts gefunden wurde. Hier das Log: 2011/05/10 22:11:17.0208 4704 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/10 22:11:17.0365 4704 ================================================================================ 2011/05/10 22:11:17.0365 4704 SystemInfo: 2011/05/10 22:11:17.0365 4704 2011/05/10 22:11:17.0365 4704 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/10 22:11:17.0365 4704 Product type: Workstation 2011/05/10 22:11:17.0365 4704 ComputerName: ***-PC 2011/05/10 22:11:17.0365 4704 UserName: *** 2011/05/10 22:11:17.0365 4704 Windows directory: C:\Windows 2011/05/10 22:11:17.0365 4704 System windows directory: C:\Windows 2011/05/10 22:11:17.0365 4704 Running under WOW64 2011/05/10 22:11:17.0365 4704 Processor architecture: Intel x64 2011/05/10 22:11:17.0365 4704 Number of processors: 4 2011/05/10 22:11:17.0365 4704 Page size: 0x1000 2011/05/10 22:11:17.0365 4704 Boot type: Normal boot 2011/05/10 22:11:17.0365 4704 ================================================================================ 2011/05/10 22:11:17.0592 4704 Initialize success 2011/05/10 22:11:28.0685 2880 ================================================================================ 2011/05/10 22:11:28.0685 2880 Scan started 2011/05/10 22:11:28.0685 2880 Mode: Manual; 2011/05/10 22:11:28.0685 2880 ================================================================================ 2011/05/10 22:11:29.0320 2880 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/10 22:11:29.0381 2880 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/10 22:11:29.0402 2880 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/10 22:11:29.0447 2880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/10 22:11:29.0498 2880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/10 22:11:29.0548 2880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/10 22:11:29.0614 2880 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/10 22:11:29.0636 2880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/10 22:11:29.0661 2880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/10 22:11:29.0679 2880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/10 22:11:29.0704 2880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/10 22:11:29.0726 2880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/10 22:11:29.0755 2880 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/05/10 22:11:29.0784 2880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/10 22:11:29.0813 2880 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/05/10 22:11:29.0889 2880 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/10 22:11:29.0932 2880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/10 22:11:29.0967 2880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/10 22:11:30.0001 2880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/10 22:11:30.0024 2880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/10 22:11:30.0159 2880 atikmdag (80793852021864a9ed344843eeba5fdb) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/10 22:11:30.0369 2880 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/10 22:11:30.0427 2880 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/10 22:11:30.0506 2880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/10 22:11:30.0568 2880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/10 22:11:30.0620 2880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/10 22:11:30.0668 2880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/10 22:11:30.0700 2880 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/10 22:11:30.0724 2880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/10 22:11:30.0740 2880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/10 22:11:30.0771 2880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/10 22:11:30.0801 2880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/10 22:11:30.0831 2880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/10 22:11:30.0848 2880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/10 22:11:30.0894 2880 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/05/10 22:11:30.0916 2880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/10 22:11:30.0963 2880 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 2011/05/10 22:11:30.0999 2880 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys 2011/05/10 22:11:31.0067 2880 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys 2011/05/10 22:11:31.0103 2880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/10 22:11:31.0141 2880 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/10 22:11:31.0179 2880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/10 22:11:31.0217 2880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/10 22:11:31.0280 2880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/10 22:11:31.0294 2880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/10 22:11:31.0329 2880 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/10 22:11:31.0365 2880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/10 22:11:31.0399 2880 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/10 22:11:31.0429 2880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/10 22:11:31.0481 2880 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2011/05/10 22:11:31.0539 2880 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/10 22:11:31.0562 2880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/10 22:11:31.0594 2880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/10 22:11:31.0655 2880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/10 22:11:31.0717 2880 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/10 22:11:31.0825 2880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/10 22:11:31.0967 2880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/10 22:11:32.0013 2880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/10 22:11:32.0054 2880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/10 22:11:32.0086 2880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/10 22:11:32.0122 2880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/10 22:11:32.0151 2880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/10 22:11:32.0173 2880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/10 22:11:32.0196 2880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/10 22:11:32.0222 2880 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/10 22:11:32.0268 2880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/10 22:11:32.0289 2880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/10 22:11:32.0328 2880 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/10 22:11:32.0357 2880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/10 22:11:32.0384 2880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/10 22:11:32.0432 2880 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/10 22:11:32.0473 2880 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/10 22:11:32.0486 2880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/10 22:11:32.0512 2880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/10 22:11:32.0528 2880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/10 22:11:32.0573 2880 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/10 22:11:32.0622 2880 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/10 22:11:32.0668 2880 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/10 22:11:32.0702 2880 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/10 22:11:32.0807 2880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/10 22:11:32.0877 2880 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/05/10 22:11:32.0937 2880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/10 22:11:33.0010 2880 IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/10 22:11:33.0047 2880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/10 22:11:33.0078 2880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/10 22:11:33.0100 2880 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/10 22:11:33.0130 2880 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/10 22:11:33.0147 2880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/10 22:11:33.0179 2880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/10 22:11:33.0204 2880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/10 22:11:33.0236 2880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/10 22:11:33.0268 2880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/10 22:11:33.0304 2880 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/10 22:11:33.0333 2880 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/10 22:11:33.0372 2880 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/10 22:11:33.0395 2880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/10 22:11:33.0454 2880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/10 22:11:33.0509 2880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/10 22:11:33.0527 2880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/10 22:11:33.0557 2880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/10 22:11:33.0590 2880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/10 22:11:33.0625 2880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/10 22:11:33.0659 2880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/10 22:11:33.0683 2880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/10 22:11:33.0722 2880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/10 22:11:33.0759 2880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/10 22:11:33.0774 2880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/10 22:11:33.0803 2880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/10 22:11:33.0826 2880 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/10 22:11:33.0868 2880 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/10 22:11:33.0895 2880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/10 22:11:33.0928 2880 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/10 22:11:33.0976 2880 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/10 22:11:34.0006 2880 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/10 22:11:34.0049 2880 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/10 22:11:34.0075 2880 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/10 22:11:34.0112 2880 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/10 22:11:34.0152 2880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/10 22:11:34.0174 2880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/10 22:11:34.0196 2880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/10 22:11:34.0238 2880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/10 22:11:34.0251 2880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/10 22:11:34.0267 2880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/10 22:11:34.0316 2880 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/10 22:11:34.0358 2880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/10 22:11:34.0383 2880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/10 22:11:34.0396 2880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/10 22:11:34.0434 2880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/10 22:11:34.0468 2880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/10 22:11:34.0521 2880 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/10 22:11:34.0567 2880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/10 22:11:34.0605 2880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/10 22:11:34.0636 2880 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/10 22:11:34.0669 2880 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/10 22:11:34.0693 2880 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/10 22:11:34.0713 2880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/10 22:11:34.0742 2880 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/10 22:11:34.0797 2880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/10 22:11:34.0829 2880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/10 22:11:34.0851 2880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/10 22:11:34.0914 2880 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/05/10 22:11:34.0983 2880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/10 22:11:35.0015 2880 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/05/10 22:11:35.0049 2880 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/05/10 22:11:35.0082 2880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/10 22:11:35.0123 2880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/10 22:11:35.0171 2880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/10 22:11:35.0195 2880 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/10 22:11:35.0223 2880 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/10 22:11:35.0240 2880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/10 22:11:35.0265 2880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/10 22:11:35.0297 2880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/10 22:11:35.0326 2880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/10 22:11:35.0442 2880 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/10 22:11:35.0473 2880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/10 22:11:35.0521 2880 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/10 22:11:35.0554 2880 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 2011/05/10 22:11:35.0603 2880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/10 22:11:35.0670 2880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/10 22:11:35.0700 2880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/10 22:11:35.0728 2880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/10 22:11:35.0758 2880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/10 22:11:35.0789 2880 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/10 22:11:35.0820 2880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/10 22:11:35.0844 2880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/10 22:11:35.0884 2880 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/10 22:11:35.0919 2880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/10 22:11:35.0939 2880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/10 22:11:35.0978 2880 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2011/05/10 22:11:36.0003 2880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/10 22:11:36.0035 2880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/10 22:11:36.0062 2880 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/10 22:11:36.0098 2880 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/10 22:11:36.0165 2880 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/05/10 22:11:36.0210 2880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/10 22:11:36.0247 2880 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/10 22:11:36.0269 2880 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/05/10 22:11:36.0296 2880 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/10 22:11:36.0331 2880 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/10 22:11:36.0388 2880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/10 22:11:36.0421 2880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/10 22:11:36.0442 2880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/10 22:11:36.0458 2880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/10 22:11:36.0502 2880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/10 22:11:36.0526 2880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/10 22:11:36.0543 2880 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/10 22:11:36.0568 2880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/10 22:11:36.0621 2880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/10 22:11:36.0650 2880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/10 22:11:36.0686 2880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/10 22:11:36.0728 2880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/10 22:11:36.0804 2880 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/10 22:11:36.0858 2880 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/10 22:11:36.0913 2880 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/10 22:11:36.0958 2880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/10 22:11:36.0994 2880 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/05/10 22:11:37.0026 2880 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2011/05/10 22:11:37.0050 2880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/10 22:11:37.0130 2880 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/10 22:11:37.0214 2880 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/10 22:11:37.0248 2880 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/10 22:11:37.0279 2880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/10 22:11:37.0302 2880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/10 22:11:37.0334 2880 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/10 22:11:37.0352 2880 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/10 22:11:37.0404 2880 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/10 22:11:37.0444 2880 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/10 22:11:37.0472 2880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/10 22:11:37.0502 2880 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/10 22:11:37.0550 2880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/10 22:11:37.0583 2880 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/10 22:11:37.0610 2880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/10 22:11:37.0647 2880 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/10 22:11:37.0681 2880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/10 22:11:37.0705 2880 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/10 22:11:37.0739 2880 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/10 22:11:37.0777 2880 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/10 22:11:37.0801 2880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/10 22:11:37.0836 2880 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/10 22:11:37.0899 2880 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/10 22:11:37.0915 2880 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/10 22:11:37.0943 2880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/10 22:11:37.0976 2880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/10 22:11:38.0002 2880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/10 22:11:38.0028 2880 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/10 22:11:38.0061 2880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/10 22:11:38.0101 2880 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2011/05/10 22:11:38.0129 2880 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/05/10 22:11:38.0160 2880 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/10 22:11:38.0192 2880 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/10 22:11:38.0217 2880 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/10 22:11:38.0262 2880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/10 22:11:38.0288 2880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/05/10 22:11:38.0323 2880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/10 22:11:38.0353 2880 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/10 22:11:38.0367 2880 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/10 22:11:38.0412 2880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/10 22:11:38.0444 2880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/10 22:11:38.0516 2880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/10 22:11:38.0552 2880 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/05/10 22:11:38.0578 2880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/10 22:11:38.0663 2880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/10 22:11:38.0706 2880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/10 22:11:38.0750 2880 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/10 22:11:38.0786 2880 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/10 22:11:38.0840 2880 ================================================================================ 2011/05/10 22:11:38.0840 2880 Scan finished 2011/05/10 22:11:38.0840 2880 ================================================================================ |
|
10.05.2011, 21:29
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Antispyware 2011 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2011, 21:51
| #9 |
| | Antivir Antispyware 2011 So, das kam raus: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-09.03 - *** 10.05.2011 22:44:10.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.6142.4629 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-10 bis 2011-05-10 ))))))))))))))))))))))))))))))
.
.
2011-05-10 20:47 . 2011-05-10 20:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-10 20:38 . 2011-05-10 20:38 -------- d-----w- c:\program files\CCleaner
2011-05-10 19:41 . 2011-05-10 19:41 -------- d-----w- C:\_OTL
2011-05-10 16:36 . 2011-05-10 16:36 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-05-10 16:36 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-10 16:36 . 2011-05-10 16:36 -------- d-----w- c:\programdata\Malwarebytes
2011-05-10 16:36 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 16:36 . 2011-05-10 16:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-10 16:03 . 2011-05-10 16:03 -------- d-----w- c:\program files (x86)\Loaris
2011-05-10 15:19 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F8EA36D-2CAC-4DD4-B43F-F0D60FA1B0E6}\mpengine.dll
2011-04-27 16:13 . 2011-04-27 16:13 715038 ----a-w- c:\windows\unins001.exe
2011-04-15 16:18 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-03-04 06:17 . 2011-04-27 08:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 08:30 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-01 17:20 . 2011-02-13 10:52 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-19 06:37 . 2011-03-09 09:04 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:04 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:04 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:04 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-11-05 148888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-14 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-18 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-01 281768]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://fc-hansa.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\Jonas Giesen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} - hxxp://92.51.137.94/objects/NpFv530.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nazp4hsm.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - fc-hansa.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: FoxTrick: {9d1f059c-cada-4111-9696-41a62d64e3ba} - %profile%\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - Ext: PsicoTSI: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B} - %profile%\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WinLiveSuite_Wave3 - c:\program files (x86)\Windows Live\Installer\wlarp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-10 22:48:46
ComboFix-quarantined-files.txt 2011-05-10 20:48
.
Vor Suchlauf: 14 Verzeichnis(se), 412.822.814.720 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 412.702.142.464 Bytes frei
.
- - End Of File - - 849B6F58132B8EB5B93C2634B3915ACD
|
|
10.05.2011, 21:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Antispyware 2011 Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.05.2011, 22:12
| #11 |
| | Antivir Antispyware 2011 GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-10 23:09:28
Windows 6.1.7600
Running: u17x5zd4.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507316
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd507316@0026680ed58d 0x71 0x8A 0x6E 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507316 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd507316@0026680ed58d 0x71 0x8A 0x6E 0x7E ...
---- EOF - GMER 1.0.15 ----
MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Inspiron 545 Logical Drives Mask: 0x000000fc Kernel Drivers (total 148): 0x0301D000 \SystemRoot\system32\ntoskrnl.exe 0x035FA000 \SystemRoot\system32\hal.dll 0x00B98000 \SystemRoot\system32\kdcom.dll 0x00CF2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D36000 \SystemRoot\system32\PSHED.dll 0x00D4A000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00EB2000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F56000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00F65000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00FBC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00FC5000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys 0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00E40000 \SystemRoot\System32\drivers\partmgr.sys 0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x010AD000 \SystemRoot\System32\drivers\volmgrx.sys 0x01109000 \SystemRoot\system32\DRIVERS\pciide.sys 0x01110000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x01120000 \SystemRoot\System32\drivers\mountmgr.sys 0x0113A000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01143000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x0116D000 \SystemRoot\system32\drivers\amdxata.sys 0x01178000 \SystemRoot\system32\drivers\fltmgr.sys 0x011C4000 \SystemRoot\system32\drivers\fileinfo.sys 0x011D8000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x01208000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01000000 \SystemRoot\System32\Drivers\msrpc.sys 0x013AA000 \SystemRoot\System32\Drivers\ksecdd.sys 0x014FD000 \SystemRoot\System32\Drivers\cng.sys 0x01570000 \SystemRoot\System32\drivers\pcw.sys 0x01581000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x01400000 \SystemRoot\system32\drivers\ndis.sys 0x0158B000 \SystemRoot\system32\drivers\NETIO.SYS 0x013C4000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x015EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x0105E000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x014F2000 \SystemRoot\System32\Drivers\spldr.sys 0x00E6A000 \SystemRoot\System32\drivers\rdyboost.sys 0x011E4000 \SystemRoot\System32\Drivers\mup.sys 0x013EF000 \SystemRoot\System32\drivers\hwpolicy.sys 0x00DA8000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x00FCF000 \SystemRoot\system32\DRIVERS\disk.sys 0x00CC0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x0287E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x028A8000 \SystemRoot\System32\Drivers\Null.SYS 0x028B1000 \SystemRoot\System32\Drivers\Beep.SYS 0x028B8000 \SystemRoot\System32\drivers\vga.sys 0x028C6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x028EB000 \SystemRoot\System32\drivers\watchdog.sys 0x028FB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x02904000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0290D000 \SystemRoot\system32\drivers\rdprefmp.sys 0x02916000 \SystemRoot\System32\Drivers\Msfs.SYS 0x02921000 \SystemRoot\System32\Drivers\Npfs.SYS 0x03A01000 \SystemRoot\System32\drivers\tcpip.sys 0x02932000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x0297C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0299A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x029A7000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03C4E000 \SystemRoot\system32\drivers\afd.sys 0x03CD8000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x03CE1000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03D07000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03D16000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03D31000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03D45000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03D96000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03DA2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03DAD000 \SystemRoot\System32\drivers\discache.sys 0x03EC6000 \SystemRoot\system32\drivers\csc.sys 0x03F49000 \SystemRoot\System32\Drivers\dfsc.sys 0x03F67000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03F78000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x03F9A000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03FC0000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x04461000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x04A77000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04B6B000 \SystemRoot\System32\drivers\dxgmms1.sys 0x04BB1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04BD5000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x04400000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04BE2000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x03E00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x03E39000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x03E49000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03E5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x04BF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03E83000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03FD6000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x03DBC000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x03DDD000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04456000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x03FF1000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03EB2000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03EC1000 \SystemRoot\system32\DRIVERS\swenum.sys 0x03C00000 \SystemRoot\system32\DRIVERS\ks.sys 0x029EC000 \SystemRoot\system32\DRIVERS\umbus.sys 0x02800000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0285A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x056D9000 \SystemRoot\system32\drivers\HdAudio.sys 0x05735000 \SystemRoot\system32\drivers\portcls.sys 0x05772000 \SystemRoot\system32\drivers\drmk.sys 0x05794000 \SystemRoot\system32\drivers\ksthunk.sys 0x05837000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x059E5000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x05800000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x05819000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x05822000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x000E0000 \SystemRoot\System32\win32k.sys 0x05824000 \SystemRoot\System32\drivers\Dxapi.sys 0x0579A000 \SystemRoot\system32\DRIVERS\udfs.sys 0x057EE000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x05600000 \SystemRoot\system32\drivers\USBSTOR.SYS 0x059F3000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0561B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x05629000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x05635000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x0563E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x05651000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00440000 \SystemRoot\System32\TSDDD.dll 0x00680000 \SystemRoot\System32\cdd.dll 0x0565F000 \SystemRoot\system32\drivers\luafv.sys 0x05682000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x0569F000 \SystemRoot\system32\drivers\WudfPf.sys 0x056C0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x00FE5000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0368E000 \SystemRoot\system32\drivers\HTTP.sys 0x03756000 \SystemRoot\system32\DRIVERS\bowser.sys 0x03774000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0378C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x03600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0364E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x05E0B000 \SystemRoot\system32\drivers\peauth.sys 0x05EB1000 \SystemRoot\System32\Drivers\secdrv.SYS 0x05EBC000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x05EE9000 \SystemRoot\System32\drivers\tcpipreg.sys 0x05EFB000 \SystemRoot\System32\DRIVERS\srv2.sys 0x05F62000 \SystemRoot\System32\DRIVERS\srv.sys 0x037B9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x07E0B000 \SystemRoot\System32\Drivers\fastfat.SYS 0x07EB2000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x07EDB000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x771F0000 \Windows\System32\ntdll.dll 0x47950000 \Windows\System32\smss.exe 0xFF510000 \Windows\System32\apisetschema.dll 0xFFE10000 \Windows\System32\autochk.exe 0xFF490000 \Windows\System32\gdi32.dll Processes (total 63): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 408 csrss.exe 460 C:\Windows\System32\wininit.exe 480 csrss.exe 516 C:\Windows\System32\services.exe 556 C:\Windows\System32\winlogon.exe 568 C:\Windows\System32\lsass.exe 576 C:\Windows\System32\lsm.exe 692 C:\Windows\System32\svchost.exe 808 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\atiesrxx.exe 936 C:\Windows\System32\svchost.exe 980 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1096 C:\Program Files\Dell\DellDock\DockLogin.exe 1116 C:\Windows\System32\atieclxx.exe 1232 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\spoolsv.exe 1380 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1400 C:\Windows\System32\svchost.exe 1580 C:\Windows\System32\taskhost.exe 1636 C:\Windows\System32\dwm.exe 1656 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 1700 C:\Windows\explorer.exe 1716 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1896 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2008 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe 2032 C:\Windows\System32\svchost.exe 1544 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1932 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1960 C:\Windows\System32\conhost.exe 2300 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2448 C:\Windows\System32\SearchIndexer.exe 2656 WUDFHost.exe 2504 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2520 C:\Program Files (x86)\Java\jre6\bin\jusched.exe 2260 C:\Program Files\Dell\DellDock\DellDock.exe 1104 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2792 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe 2856 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe 2844 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe 2812 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3092 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3248 C:\Windows\System32\svchost.exe 3512 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3752 C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe 2508 C:\Program Files\Windows Media Player\wmpnetwk.exe 3360 C:\Windows\System32\svchost.exe 5004 dllhost.exe 4936 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 252 C:\Windows\System32\svchost.exe 3044 C:\Program Files (x86)\Java\jre6\bin\jucheck.exe 3664 C:\Windows\System32\audiodg.exe 2840 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4764 taskhost.exe 4676 C:\Windows\System32\SearchProtocolHost.exe 2340 C:\Windows\System32\SearchFilterHost.exe 4132 C:\Users\Jonas Giesen\Downloads\MBRCheck.exe 724 C:\Windows\System32\conhost.exe 1836 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`4cd00000 (NTFS) PhysicalDrive0 Model Number: WDCWD5000AAKS-75A7B2, Rev: 01.03B01 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
10.05.2011, 22:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Antispyware 2011 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2011, 00:09
| #13 |
| | Antivir Antispyware 2011 Vielen Dank für deine Hilfe. Hier sind die Logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6548 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.05.2011 23:49:27 mbam-log-2011-05-10 (23-49-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 290884 Laufzeit: 31 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/11/2011 at 01:07 AM Application Version : 4.52.1000 Core Rules Database Version : 7028 Trace Rules Database Version: 4840 Scan type : Complete Scan Total Scan Time : 01:13:15 Memory items scanned : 711 Memory threats detected : 0 Registry items scanned : 13939 Registry threats detected : 0 File items scanned : 148766 File threats detected : 0 |
|
11.05.2011, 09:19
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir Antispyware 2011 Keine Funde  Rechner wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.05.2011, 16:19
| #15 | |
| | Antivir Antispyware 2011Zitat:
Danke nochmal, hab bisher nichts auffälliges am Rechner bemerkt. |
|
| Themen zu Antivir Antispyware 2011 |
| .html, 64-bit, antispyware, antispyware 2011, antivir, avgntflt.sys, avira, befolgt, c:\windows\system32\rundll32.exe, dateien, heuristics.shuriken, install.exe, launch, location, microsoft office word, nicht gefunden, ntdll.dll, office 2007, oldtimer, plug-in, rarsfx0, sched.exe, schritte, searchplugins, security update, shell32.dll, shortcut, start menu, syswow64, webcheck |
Linear-Darstellung
