|
Plagegeister aller Art und deren Bekämpfung: Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.05.2011, 13:42 | #1 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Hallo! Ich habe vorgestern via AntiVir 3 Trojaner mit den folgenden Namen: 'TR/Spy.SpyEyes.hbk' 'EXP/2010-4452.D' 'TR/Spy.SpyEyes.hby' auf meinem Netbook gefunden. Ich wurde beim Online-Banking aufgefordert 50 TANs einzugeben, habe das Online-Konto sofort sperren lassen. Ich habe Load.exe ausgeführt und den Text von OTL und Extras unten beigefügt. Der Scan von Gamer hat leider nicht vollständig funktioniert, daher konnte ich auch die nötige Textdatei nicht beifügen. Problem: während dem Scan verschwand die Maus und das Netbook ist abgestürzt. Musste dann neustarten und habe es insgesamt 4 mal versucht, immer mit dem selben Resultat. Dieses Netbook besitzt kein CD-Rom Laufwerk. Wie kann ich ein Samsung NC10 Plus formatieren? System-Wiederherstellung ist nicht ausreichend, ich möchte komplett formatieren. Ich hoffe, ihr könnt mir weiterhelfen! Vielen Dank im Voraus, Alexa85 OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/10/2011 7:44:10 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alexa\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,013.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 15.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 56.12 Gb Free Space | 66.02% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 4.71 Gb Free Space | 3.69% Space Free | Partition Type: NTFS Computer Name: ALEXA-PC | User Name: Alexa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/10 19:27:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe PRC - [2011/05/02 09:03:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/04/27 19:03:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/17 09:23:57 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/07 00:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010/10/22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2010/08/02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/06/03 04:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe PRC - [2010/05/11 17:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid\Vid.exe PRC - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/04/07 20:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010/03/25 21:44:26 | 001,891,720 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe PRC - [2010/03/24 06:12:58 | 001,599,880 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2010/01/14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/09/30 08:59:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009/06/09 10:56:00 | 000,099,632 | ---- | M] () -- C:\Program Files\Stardock\MyColors\WBVista.exe PRC - [2009/06/09 10:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe ========== Modules (SafeList) ========== MOD - [2011/05/10 19:27:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe MOD - [2010/11/14 20:30:26 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010/02/12 01:14:38 | 000,271,752 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDApix.dll MOD - [2009/06/10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll ========== Win32 Services (SafeList) ========== SRV - [2011/04/27 19:03:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/17 09:23:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/09 10:55:58 | 000,230,704 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds) ========== Driver Services (SafeList) ========== DRV - [2011/03/17 09:23:57 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/11/22 23:39:20 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/11/12 19:22:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/08/11 16:16:10 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport) DRV - [2010/07/27 09:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC) DRV - [2010/07/27 09:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010/06/17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 09:03:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/02 09:03:14 | 000,000,000 | ---D | M] [2010/11/12 16:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\mozilla\Extensions [2011/05/09 21:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions [2010/12/27 10:06:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/02/15 23:47:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/02/15 23:47:09 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Alexa\AppData\Roaming\mozilla\Firefox\Profiles\oybokiiu.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2011/01/28 02:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/11/12 17:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/01/28 02:48:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/12/07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/03/08 15:13:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/03/08 15:13:17 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/03/08 15:13:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/03/08 15:13:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/03/08 15:13:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe (Logitech Inc.) O4 - HKCU..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alexa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.206.100.126 129.206.210.127 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found ========== Files/Folders - Created Within 30 Days ========== [2011/05/10 19:39:31 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2011/05/10 19:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011/05/10 19:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011/05/10 19:27:34 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Alexa\Desktop\Erunt-setup.exe [2011/05/10 19:27:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe [2011/05/10 19:27:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Alexa\Desktop\TFC.exe [2011/05/09 20:35:06 | 000,000,000 | ---D | C] -- C:\Users\Alexa\Desktop\Vwl [1 C:\Users\Alexa\Desktop\*.tmp files -> C:\Users\Alexa\Desktop\*.tmp -> ] [1 C:\Users\Alexa\*.tmp files -> C:\Users\Alexa\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/05/10 19:42:01 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/10 19:42:01 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/10 19:38:09 | 000,000,894 | ---- | M] () -- C:\Users\Alexa\Desktop\NTREGOPT.lnk [2011/05/10 19:38:09 | 000,000,875 | ---- | M] () -- C:\Users\Alexa\Desktop\ERUNT.lnk [2011/05/10 19:34:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/05/10 19:33:53 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys [2011/05/10 19:28:05 | 000,302,080 | ---- | M] () -- C:\Users\Alexa\Desktop\g2m3e4r.exe [2011/05/10 19:28:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Alexa\Desktop\Erunt-setup.exe [2011/05/10 19:27:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\TFC.exe [2011/05/10 19:27:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Alexa\Desktop\OTL.exe [2011/05/10 18:15:44 | 000,010,472 | ---- | M] () -- C:\Users\Alexa\Desktop\stundenplan neu.pdf [2011/05/09 20:37:19 | 000,071,159 | ---- | M] () -- C:\Users\Alexa\Desktop\ueb3final_neu_.pdf [2011/04/29 23:24:57 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/04/29 23:24:57 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/04/29 23:24:57 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/04/29 23:24:57 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/04/15 08:48:22 | 000,403,712 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [1 C:\Users\Alexa\Desktop\*.tmp files -> C:\Users\Alexa\Desktop\*.tmp -> ] [1 C:\Users\Alexa\*.tmp files -> C:\Users\Alexa\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/05/10 19:38:09 | 000,000,894 | ---- | C] () -- C:\Users\Alexa\Desktop\NTREGOPT.lnk [2011/05/10 19:38:09 | 000,000,875 | ---- | C] () -- C:\Users\Alexa\Desktop\ERUNT.lnk [2011/05/10 19:27:35 | 000,302,080 | ---- | C] () -- C:\Users\Alexa\Desktop\g2m3e4r.exe [2011/05/10 18:15:44 | 000,010,472 | ---- | C] () -- C:\Users\Alexa\Desktop\stundenplan neu.pdf [2011/05/09 20:37:19 | 000,071,159 | ---- | C] () -- C:\Users\Alexa\Desktop\ueb3final_neu_.pdf [2010/11/14 15:58:38 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2010/11/12 16:51:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/11/12 16:22:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/07/27 09:03:20 | 010,829,656 | ---- | C] () -- C:\windows\System32\LogiDPP.dll [2010/07/27 09:03:20 | 000,102,744 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe [2010/07/27 09:03:18 | 000,290,648 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll [2010/07/27 08:56:04 | 000,090,411 | ---- | C] () -- C:\windows\System32\lvcoinst.ini [2010/06/17 23:03:52 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat [2010/06/17 23:03:52 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2010/06/17 23:03:52 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2010/06/17 23:03:52 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2010/06/17 06:43:56 | 000,001,670 | ---- | C] () -- C:\windows\HotFixList.ini [2010/06/17 06:36:01 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll [2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll [2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys [2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,403,712 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2009/06/09 10:55:58 | 000,057,904 | ---- | C] () -- C:\windows\System32\wbload.dll ========== LOP Check ========== [2010/11/12 19:49:55 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\DAEMON Tools Lite [2010/12/27 10:06:58 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\DVDVideoSoftIEHelpers [2010/11/18 17:25:48 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Leadertech [2011/04/17 10:55:00 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\Spotify [2011/02/03 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\Alexa\AppData\Roaming\TeamViewer [2011/04/20 16:34:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/11/12 16:39:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/06/17 06:31:16 | 000,000,000 | ---D | M] -- C:\Intel [2010/11/12 20:12:04 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/05/10 19:38:08 | 000,000,000 | R--D | M] -- C:\Program Files [2011/02/02 16:37:32 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/02/12 17:45:33 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/05/09 21:33:56 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011/05/10 09:55:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/11/12 16:15:23 | 000,000,000 | R--D | M] -- C:\Users [2011/05/10 19:39:31 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-10 07:56:11 < > < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/10/2011 7:44:10 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Alexa\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,013.00 Mb Total Physical Memory | 150.00 Mb Available Physical Memory | 15.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 85.00 Gb Total Space | 56.12 Gb Free Space | 66.02% Space Free | Partition Type: NTFS Drive D: | 127.79 Gb Total Space | 4.71 Gb Free Space | 3.69% Space Free | Partition Type: NTFS Computer Name: ALEXA-PC | User Name: Alexa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch "{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290 "{B1BFDF6B-3C03-46fe-B5D7-BABB0063D8E0}" = pdfforge Toolbar v4.1 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL "ENTERPRISE" = Microsoft Office Enterprise 2007 "ERUNT_is1" = ERUNT 1.1j "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "JDownloader" = JDownloader "Marvell Miniport Driver" = Marvell Miniport Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) "phase-6" = phase-6 2.1.1.3a "Spotify" = Spotify "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/7/2011 4:06:23 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13619 Error - 5/7/2011 4:06:23 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13619 Error - 5/7/2011 6:02:49 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/7/2011 6:02:49 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1779 Error - 5/7/2011 6:02:49 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1779 Error - 5/7/2011 6:02:50 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/7/2011 6:02:50 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3151 Error - 5/7/2011 6:02:50 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3151 Error - 5/7/2011 6:02:52 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 5/7/2011 6:02:52 AM | Computer Name = Alexa-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4977 [ OSession Events ] Error - 11/13/2010 4:49:22 PM | Computer Name = Alexa-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1811 seconds with 420 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/25/2011 7:47:21 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.49.87 registriert werden. Der Computer mit IP-Adresse 129.206.15.208 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 7:47:21 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.49.87 registriert werden. Der Computer mit IP-Adresse 129.206.15.208 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 7:48:16 AM | Computer Name = Alexa-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{FFEF1639-F18D-4A45-8CFA-1A45C90CFC61} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 3/25/2011 7:48:16 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.13.122 registriert werden. Der Computer mit IP-Adresse 129.206.15.208 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 7:48:16 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.13.122 registriert werden. Der Computer mit IP-Adresse 129.206.15.208 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 7:49:41 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.13.122 registriert werden. Der Computer mit IP-Adresse 129.206.15.208 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 10:47:28 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.13.82 registriert werden. Der Computer mit IP-Adresse 129.206.15.144 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 10:47:33 AM | Computer Name = Alexa-PC | Source = NetBT | ID = 4321 Description = Der Name "ALEXA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 147.142.13.82 registriert werden. Der Computer mit IP-Adresse 129.206.15.144 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 3/25/2011 5:37:50 PM | Computer Name = Alexa-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 3/26/2011 7:13:21 AM | Computer Name = Alexa-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. < End of report > |
11.05.2011, 14:16 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
11.05.2011, 14:42 | #3 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Hallo Arne,
__________________vielen Dank für deine Antwort! Habe nun mein netbook mit der von dir angegebenen Malware scannen lassen. Viele Grüße, Alexa Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6554 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11.05.2011 15:33:13 mbam-log-2011-05-11 (15-33-13).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 146467 Laufzeit: 7 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. |
11.05.2011, 14:50 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden.Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2011, 16:25 | #5 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Hallo Arne, habe die Aktualisierung und danach einen Vollscan durchgeführt. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6555 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11.05.2011 17:18:03 mbam-log-2011-05-11 (17-18-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 233476 Laufzeit: 44 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. |
11.05.2011, 20:35 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL PRC - [2010/10/22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe SRV - [2010/10/22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] :Files C:\Program Files\pdfforge Toolbar C:\Program Files\Common Files\Spigot C:\Program Files\Application Updater :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. |
11.05.2011, 20:46 | #7 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Habs gemacht: Und was nun? All processes killed ========== OTL ========== No active process named SearchSettings.exe was found! Process ApplicationUpdater.exe killed successfully! Service Application Updater stopped successfully! Service Application Updater deleted successfully! C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. ========== FILES ========== C:\Program Files\pdfforge Toolbar\Res folder moved successfully. C:\Program Files\pdfforge Toolbar\IE\4.1 folder moved successfully. C:\Program Files\pdfforge Toolbar\IE folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\skin folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\locale folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome\content folder moved successfully. C:\Program Files\pdfforge Toolbar\FF\chrome folder moved successfully. C:\Program Files\pdfforge Toolbar\FF folder moved successfully. C:\Program Files\pdfforge Toolbar folder moved successfully. C:\Program Files\Common Files\Spigot\wtxpcom\components folder moved successfully. C:\Program Files\Common Files\Spigot\wtxpcom folder moved successfully. C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully. C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully. C:\Program Files\Common Files\Spigot folder moved successfully. C:\Program Files\Application Updater folder moved successfully. ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Alexa ->Temp folder emptied: 2496590 bytes ->Temporary Internet Files folder emptied: 33974 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 33493575 bytes ->Flash cache emptied: 1742 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1440435 bytes RecycleBin emptied: 10141 bytes Total Files Cleaned = 36.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05112011_214119 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
11.05.2011, 21:33 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2011, 21:52 | #9 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. so, hat funktioniert mit TDSSKiller.. und nu? 2011/05/11 22:44:57.0115 2720 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/11 22:44:58.0456 2720 ================================================================================ 2011/05/11 22:44:58.0456 2720 SystemInfo: 2011/05/11 22:44:58.0456 2720 2011/05/11 22:44:58.0456 2720 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/11 22:44:58.0456 2720 Product type: Workstation 2011/05/11 22:44:58.0457 2720 ComputerName: ALEXA-PC 2011/05/11 22:44:58.0457 2720 UserName: Alexa 2011/05/11 22:44:58.0457 2720 Windows directory: C:\windows 2011/05/11 22:44:58.0457 2720 System windows directory: C:\windows 2011/05/11 22:44:58.0458 2720 Processor architecture: Intel x86 2011/05/11 22:44:58.0458 2720 Number of processors: 2 2011/05/11 22:44:58.0458 2720 Page size: 0x1000 2011/05/11 22:44:58.0458 2720 Boot type: Normal boot 2011/05/11 22:44:58.0458 2720 ================================================================================ 2011/05/11 22:44:59.0295 2720 Initialize success 2011/05/11 22:45:08.0793 5756 ================================================================================ 2011/05/11 22:45:08.0793 5756 Scan started 2011/05/11 22:45:08.0793 5756 Mode: Manual; 2011/05/11 22:45:08.0793 5756 ================================================================================ 2011/05/11 22:45:10.0462 5756 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys 2011/05/11 22:45:10.0546 5756 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys 2011/05/11 22:45:10.0679 5756 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys 2011/05/11 22:45:10.0779 5756 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 2011/05/11 22:45:10.0909 5756 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 2011/05/11 22:45:10.0994 5756 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 2011/05/11 22:45:11.0172 5756 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys 2011/05/11 22:45:11.0233 5756 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys 2011/05/11 22:45:11.0357 5756 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 2011/05/11 22:45:11.0517 5756 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys 2011/05/11 22:45:11.0578 5756 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys 2011/05/11 22:45:11.0728 5756 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys 2011/05/11 22:45:11.0791 5756 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 2011/05/11 22:45:11.0894 5756 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 2011/05/11 22:45:11.0965 5756 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys 2011/05/11 22:45:12.0108 5756 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 2011/05/11 22:45:12.0174 5756 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys 2011/05/11 22:45:12.0377 5756 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys 2011/05/11 22:45:12.0588 5756 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 2011/05/11 22:45:12.0643 5756 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 2011/05/11 22:45:12.0785 5756 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 2011/05/11 22:45:12.0939 5756 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys 2011/05/11 22:45:13.0042 5756 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys 2011/05/11 22:45:13.0181 5756 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys 2011/05/11 22:45:13.0342 5756 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 2011/05/11 22:45:13.0482 5756 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 2011/05/11 22:45:13.0639 5756 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\windows\system32\DRIVERS\bcmwl6.sys 2011/05/11 22:45:13.0828 5756 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 2011/05/11 22:45:14.0010 5756 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 2011/05/11 22:45:14.0191 5756 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys 2011/05/11 22:45:14.0349 5756 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 2011/05/11 22:45:14.0414 5756 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 2011/05/11 22:45:14.0542 5756 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 2011/05/11 22:45:14.0622 5756 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 2011/05/11 22:45:14.0782 5756 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 2011/05/11 22:45:14.0949 5756 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 2011/05/11 22:45:15.0048 5756 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys 2011/05/11 22:45:15.0150 5756 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 2011/05/11 22:45:15.0321 5756 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 2011/05/11 22:45:15.0522 5756 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys 2011/05/11 22:45:15.0721 5756 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys 2011/05/11 22:45:15.0901 5756 btwampfl (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys 2011/05/11 22:45:16.0038 5756 btwaudio (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys 2011/05/11 22:45:16.0108 5756 btwavdt (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\drivers\btwavdt.sys 2011/05/11 22:45:16.0248 5756 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys 2011/05/11 22:45:16.0306 5756 btwrchid (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys 2011/05/11 22:45:16.0440 5756 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 2011/05/11 22:45:16.0520 5756 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys 2011/05/11 22:45:16.0643 5756 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 2011/05/11 22:45:16.0728 5756 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 2011/05/11 22:45:16.0896 5756 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 2011/05/11 22:45:16.0952 5756 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys 2011/05/11 22:45:17.0014 5756 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys 2011/05/11 22:45:17.0148 5756 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 2011/05/11 22:45:17.0295 5756 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys 2011/05/11 22:45:17.0378 5756 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 2011/05/11 22:45:17.0536 5756 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys 2011/05/11 22:45:17.0720 5756 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys 2011/05/11 22:45:17.0839 5756 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys 2011/05/11 22:45:17.0976 5756 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 2011/05/11 22:45:18.0053 5756 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 2011/05/11 22:45:18.0179 5756 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys 2011/05/11 22:45:18.0309 5756 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 2011/05/11 22:45:18.0441 5756 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys 2011/05/11 22:45:18.0687 5756 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 2011/05/11 22:45:18.0953 5756 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 2011/05/11 22:45:19.0078 5756 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys 2011/05/11 22:45:19.0189 5756 ETD (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys 2011/05/11 22:45:19.0339 5756 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 2011/05/11 22:45:19.0410 5756 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 2011/05/11 22:45:19.0563 5756 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 2011/05/11 22:45:19.0647 5756 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 2011/05/11 22:45:19.0693 5756 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 2011/05/11 22:45:19.0821 5756 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 2011/05/11 22:45:19.0889 5756 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 2011/05/11 22:45:20.0046 5756 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 2011/05/11 22:45:20.0111 5756 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys 2011/05/11 22:45:20.0238 5756 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 2011/05/11 22:45:20.0401 5756 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys 2011/05/11 22:45:20.0536 5756 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 2011/05/11 22:45:20.0621 5756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/11 22:45:20.0780 5756 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 2011/05/11 22:45:20.0861 5756 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys 2011/05/11 22:45:20.0996 5756 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys 2011/05/11 22:45:21.0058 5756 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 2011/05/11 22:45:21.0098 5756 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 2011/05/11 22:45:21.0152 5756 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 2011/05/11 22:45:21.0319 5756 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 2011/05/11 22:45:21.0444 5756 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys 2011/05/11 22:45:21.0605 5756 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys 2011/05/11 22:45:21.0727 5756 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys 2011/05/11 22:45:21.0791 5756 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 2011/05/11 22:45:21.0949 5756 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2011/05/11 22:45:22.0036 5756 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys 2011/05/11 22:45:22.0324 5756 igfx (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys 2011/05/11 22:45:22.0643 5756 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 2011/05/11 22:45:22.0844 5756 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys 2011/05/11 22:45:23.0059 5756 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys 2011/05/11 22:45:23.0121 5756 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 2011/05/11 22:45:23.0270 5756 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/05/11 22:45:23.0334 5756 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys 2011/05/11 22:45:23.0385 5756 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 2011/05/11 22:45:23.0557 5756 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 2011/05/11 22:45:23.0607 5756 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys 2011/05/11 22:45:23.0658 5756 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys 2011/05/11 22:45:23.0802 5756 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 2011/05/11 22:45:23.0866 5756 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys 2011/05/11 22:45:24.0005 5756 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys 2011/05/11 22:45:24.0080 5756 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys 2011/05/11 22:45:24.0297 5756 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 2011/05/11 22:45:24.0436 5756 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 2011/05/11 22:45:24.0575 5756 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 2011/05/11 22:45:24.0646 5756 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 2011/05/11 22:45:24.0764 5756 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 2011/05/11 22:45:24.0834 5756 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 2011/05/11 22:45:24.0979 5756 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\windows\system32\DRIVERS\LVPr2Mon.sys 2011/05/11 22:45:25.0070 5756 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\windows\system32\DRIVERS\lvrs.sys 2011/05/11 22:45:25.0401 5756 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\windows\system32\DRIVERS\lvuvc.sys 2011/05/11 22:45:25.0777 5756 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 2011/05/11 22:45:25.0875 5756 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 2011/05/11 22:45:26.0017 5756 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 2011/05/11 22:45:26.0097 5756 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 2011/05/11 22:45:26.0219 5756 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 2011/05/11 22:45:26.0375 5756 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 2011/05/11 22:45:26.0442 5756 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys 2011/05/11 22:45:26.0574 5756 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys 2011/05/11 22:45:26.0644 5756 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 2011/05/11 22:45:26.0708 5756 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys 2011/05/11 22:45:26.0852 5756 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/05/11 22:45:27.0066 5756 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys 2011/05/11 22:45:27.0690 5756 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys 2011/05/11 22:45:28.0386 5756 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys 2011/05/11 22:45:28.0603 5756 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys 2011/05/11 22:45:29.0049 5756 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 2011/05/11 22:45:29.0607 5756 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 2011/05/11 22:45:29.0817 5756 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys 2011/05/11 22:45:30.0113 5756 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 2011/05/11 22:45:30.0485 5756 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 2011/05/11 22:45:30.0929 5756 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 2011/05/11 22:45:32.0130 5756 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 2011/05/11 22:45:32.0497 5756 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 2011/05/11 22:45:32.0740 5756 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 2011/05/11 22:45:32.0940 5756 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 2011/05/11 22:45:33.0206 5756 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 2011/05/11 22:45:33.0459 5756 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 2011/05/11 22:45:33.0549 5756 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys 2011/05/11 22:45:33.0716 5756 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 2011/05/11 22:45:33.0842 5756 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 2011/05/11 22:45:34.0212 5756 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys 2011/05/11 22:45:34.0289 5756 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys 2011/05/11 22:45:34.0480 5756 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys 2011/05/11 22:45:34.0662 5756 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 2011/05/11 22:45:34.0751 5756 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys 2011/05/11 22:45:35.0077 5756 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 2011/05/11 22:45:35.0269 5756 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 2011/05/11 22:45:35.0455 5756 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 2011/05/11 22:45:35.0822 5756 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys 2011/05/11 22:45:36.0029 5756 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 2011/05/11 22:45:36.0215 5756 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys 2011/05/11 22:45:36.0350 5756 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys 2011/05/11 22:45:36.0510 5756 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys 2011/05/11 22:45:36.0617 5756 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys 2011/05/11 22:45:36.0957 5756 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 2011/05/11 22:45:37.0152 5756 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys 2011/05/11 22:45:37.0296 5756 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 2011/05/11 22:45:37.0396 5756 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys 2011/05/11 22:45:37.0521 5756 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys 2011/05/11 22:45:37.0608 5756 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 2011/05/11 22:45:37.0852 5756 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 2011/05/11 22:45:38.0023 5756 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 2011/05/11 22:45:38.0586 5756 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 2011/05/11 22:45:38.0810 5756 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 2011/05/11 22:45:39.0026 5756 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 2011/05/11 22:45:39.0138 5756 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 2011/05/11 22:45:39.0352 5756 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 2011/05/11 22:45:39.0445 5756 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 2011/05/11 22:45:39.0591 5756 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 2011/05/11 22:45:39.0677 5756 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 2011/05/11 22:45:39.0866 5756 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/05/11 22:45:40.0047 5756 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 2011/05/11 22:45:40.0220 5756 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 2011/05/11 22:45:40.0296 5756 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys 2011/05/11 22:45:40.0483 5756 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 2011/05/11 22:45:40.0666 5756 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/05/11 22:45:40.0927 5756 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 2011/05/11 22:45:41.0082 5756 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 2011/05/11 22:45:41.0243 5756 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys 2011/05/11 22:45:41.0427 5756 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys 2011/05/11 22:45:41.0598 5756 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 2011/05/11 22:45:41.0782 5756 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 2011/05/11 22:45:41.0841 5756 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys 2011/05/11 22:45:41.0967 5756 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys 2011/05/11 22:45:42.0060 5756 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys 2011/05/11 22:45:42.0229 5756 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys 2011/05/11 22:45:42.0295 5756 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys 2011/05/11 22:45:42.0481 5756 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 2011/05/11 22:45:42.0670 5756 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 2011/05/11 22:45:42.0718 5756 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 2011/05/11 22:45:42.0772 5756 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 2011/05/11 22:45:42.0885 5756 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys 2011/05/11 22:45:42.0935 5756 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys 2011/05/11 22:45:42.0987 5756 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys 2011/05/11 22:45:43.0039 5756 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 2011/05/11 22:45:43.0220 5756 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys 2011/05/11 22:45:43.0288 5756 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 2011/05/11 22:45:43.0408 5756 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 2011/05/11 22:45:43.0469 5756 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 2011/05/11 22:45:43.0635 5756 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 2011/05/11 22:45:43.0770 5756 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys 2011/05/11 22:45:43.0770 5756 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/05/11 22:45:43.0787 5756 sptd - detected LockedFile.Multi.Generic (1) 2011/05/11 22:45:43.0932 5756 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys 2011/05/11 22:45:44.0000 5756 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys 2011/05/11 22:45:44.0050 5756 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys 2011/05/11 22:45:44.0211 5756 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 2011/05/11 22:45:44.0309 5756 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 2011/05/11 22:45:44.0471 5756 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 2011/05/11 22:45:44.0737 5756 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys 2011/05/11 22:45:44.0924 5756 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys 2011/05/11 22:45:45.0055 5756 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys 2011/05/11 22:45:45.0148 5756 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys 2011/05/11 22:45:45.0206 5756 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys 2011/05/11 22:45:45.0306 5756 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys 2011/05/11 22:45:45.0432 5756 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys 2011/05/11 22:45:45.0608 5756 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys 2011/05/11 22:45:45.0741 5756 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys 2011/05/11 22:45:45.0800 5756 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 2011/05/11 22:45:45.0862 5756 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys 2011/05/11 22:45:46.0031 5756 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys 2011/05/11 22:45:46.0096 5756 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys 2011/05/11 22:45:46.0210 5756 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 2011/05/11 22:45:46.0310 5756 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys 2011/05/11 22:45:46.0433 5756 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys 2011/05/11 22:45:46.0505 5756 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys 2011/05/11 22:45:46.0639 5756 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\DRIVERS\usbehci.sys 2011/05/11 22:45:46.0702 5756 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\DRIVERS\usbhub.sys 2011/05/11 22:45:46.0836 5756 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys 2011/05/11 22:45:46.0900 5756 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 2011/05/11 22:45:47.0048 5756 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\drivers\USBSTOR.SYS 2011/05/11 22:45:47.0111 5756 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys 2011/05/11 22:45:47.0242 5756 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys 2011/05/11 22:45:47.0442 5756 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys 2011/05/11 22:45:47.0555 5756 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 2011/05/11 22:45:47.0652 5756 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 2011/05/11 22:45:47.0794 5756 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys 2011/05/11 22:45:47.0848 5756 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys 2011/05/11 22:45:47.0900 5756 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 2011/05/11 22:45:48.0018 5756 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys 2011/05/11 22:45:48.0078 5756 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys 2011/05/11 22:45:48.0137 5756 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 2011/05/11 22:45:48.0250 5756 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys 2011/05/11 22:45:48.0330 5756 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 2011/05/11 22:45:48.0504 5756 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 2011/05/11 22:45:48.0592 5756 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 2011/05/11 22:45:48.0768 5756 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 2011/05/11 22:45:48.0864 5756 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/05/11 22:45:48.0940 5756 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/05/11 22:45:49.0191 5756 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 2011/05/11 22:45:49.0327 5756 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 2011/05/11 22:45:49.0620 5756 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 2011/05/11 22:45:49.0709 5756 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 2011/05/11 22:45:50.0222 5756 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 2011/05/11 22:45:50.0667 5756 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 2011/05/11 22:45:50.0995 5756 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys 2011/05/11 22:45:51.0251 5756 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys 2011/05/11 22:45:51.0592 5756 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys 2011/05/11 22:45:52.0116 5756 ================================================================================ 2011/05/11 22:45:52.0116 5756 Scan finished 2011/05/11 22:45:52.0116 5756 ================================================================================ 2011/05/11 22:45:52.0168 4660 Detected object count: 1 2011/05/11 22:46:34.0406 4660 LockedFile.Multi.Generic(sptd) - User select action: Skip |
11.05.2011, 22:04 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2011, 23:01 | #11 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. So, beides erledigt.. und jetzt? Combofix Logfile: Code:
ATTFilter ComboFix 11-05-11.01 - Alexa 11.05.2011 23:17:18.1.2 - x86 Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1013.251 [GMT 2:00] ausgeführt von:: c:\users\Alexa\Desktop\cofi.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-11 bis 2011-05-11 )))))))))))))))))))))))))))))) . . 2011-05-11 21:33 . 2011-05-11 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-11 19:41 . 2011-05-11 19:41 -------- d-----w- C:\_OTL 2011-05-11 13:23 . 2011-05-11 13:23 -------- d-----w- c:\users\Alexa\AppData\Roaming\Malwarebytes 2011-05-11 13:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-11 13:23 . 2011-05-11 13:23 -------- d-----w- c:\programdata\Malwarebytes 2011-05-11 13:23 . 2011-05-11 13:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-11 13:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 17:38 . 2011-05-10 17:38 -------- d-----w- c:\program files\ERUNT 2011-05-10 07:55 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75338500-C4AD-43EE-9E4C-D664F6AA5D8D}\mpengine.dll 2011-05-10 03:54 . 2011-05-10 03:54 -------- d-----w- c:\windows\system32\wbem\it-IT 2011-05-10 03:54 . 2011-05-10 03:54 -------- d-----w- c:\windows\system32\wbem\fr-FR 2011-05-10 03:54 . 2011-05-10 03:54 -------- d-----w- c:\windows\system32\wbem\en-US 2011-04-27 09:33 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-04-27 09:33 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys 2011-04-27 09:33 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys 2011-04-27 09:33 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys 2011-04-27 09:33 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys 2011-04-27 09:33 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-04-27 09:33 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll 2011-04-27 09:33 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2011-04-27 09:33 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-04-27 09:33 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe 2011-04-27 09:33 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-27 09:32 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe 2011-04-14 10:09 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-14 10:09 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-14 10:09 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-14 10:06 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll 2011-04-14 10:06 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-14 10:06 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-14 10:06 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-14 10:06 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-14 10:06 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-17 07:23 . 2010-11-13 12:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-19 05:33 . 2011-03-09 07:53 802304 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 05:32 . 2011-03-09 07:53 1074176 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 05:32 . 2011-03-09 07:53 739840 ----a-w- c:\windows\system32\d2d1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400] "Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-03-25 1891720] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976] . c:\users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-7 828704] phase-6 Reminder.lnk - c:\program files\phase-6\phase-6\reminder\reminder.exe [2009-7-13 1032192] VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-3-2 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 286248] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-12 691696] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-01 109056] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube to Mp3 Converter - c:\users\Alexa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Alexa\AppData\Roaming\Mozilla\Firefox\Profiles\oybokiiu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-2171886030-2800087900-901861080-1000\Software\SecuROM\License information*] "datasecu"=hex:ed,43,4c,eb,e3,d4,2d,70,b9,66,45,1b,45,37,01,cb,dc,af,a5,27,6b, 5f,a5,38,0d,0a,a3,df,99,9a,9e,0d,df,89,68,96,3b,34,2e,63,37,a1,0f,cf,04,8e,\ "rkeysecu"=hex:ef,ab,bc,6b,aa,3e,fb,06,12,94,8a,e5,11,03,38,2a . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-05-11 23:38:00 ComboFix-quarantined-files.txt 2011-05-11 21:37 . Vor Suchlauf: 7 Verzeichnis(se), 61.042.278.400 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 60.948.635.648 Bytes frei . - - End Of File - - AB6855F5832302A9E06BE41357981642 |
12.05.2011, 09:02 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2011, 16:10 | #13 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Hallo Arne, hier die Texte: GMER:GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover Rootkit scan 2011-05-12 16:52:33 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.PB2O Running: 3wsqdvp8.exe; Driver: C:\Users\Alexa\AppData\Local\Temp\uglorpog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81C53569 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C78092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\sple.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 93D4FD18 5 Bytes JMP 857211D8 .text ayo3w2ex.SYS 86BAF000 12 Bytes [44, 58, 02, 82, EE, 56, 02, ...] .text ayo3w2ex.SYS 86BAF00D 9 Bytes [37, 02, 82, 48, 5B, 02, 82, ...] {AAA ; ADD AL, [EDX-0x7dfda4b8]; ADD [EAX], AL} .text ayo3w2ex.SYS 86BAF017 41 Bytes [00, DE, A7, 51, 86, E6, A5, ...] .text ayo3w2ex.SYS 86BAF041 128 Bytes [86, C7, 81, 60, 85, C7, 81, ...] .text ayo3w2ex.SYS 86BAF0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8641E042] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8641E6D6] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8641E800] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8641E13E] \SystemRoot\System32\Drivers\sple.sys IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\ayo3w2ex.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 848011F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{27B6653C-BECA-4859-8E16-283C3165DBFD} 855EF1F8 Device \Driver\sptd \Device\141655478 sple.sys Device \Driver\volmgr \Device\VolMgrControl 83B3E1F8 Device \Driver\usbuhci \Device\USBPDO-0 856D9500 Device \Driver\NetBT \Device\NetBT_Tcpip_{F20B5CFA-2C92-4703-A956-3C98B001D0F6} 855EF1F8 Device \Driver\usbuhci \Device\USBPDO-1 856D9500 Device \Driver\usbuhci \Device\USBPDO-2 856D9500 Device \Driver\usbuhci \Device\USBPDO-3 856D9500 Device \Driver\usbehci \Device\USBPDO-4 856E3500 Device \Driver\PCI_PNP1476 \Device\00000061 sple.sys Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume1 83B3E1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 83B3E1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85CA9500 Device \Driver\volmgr \Device\HarddiskVolume3 83B3E1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\iaStor \Device\Ide\iaStor0 [866AF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [866AF360] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume4 83B3E1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 855EF1F8 Device \Driver\usbuhci \Device\USBFDO-0 856D9500 Device \Driver\usbuhci \Device\USBFDO-1 856D9500 Device \Driver\usbuhci \Device\USBFDO-2 856D9500 Device \Driver\usbuhci \Device\USBFDO-3 856D9500 Device \Driver\usbehci \Device\USBFDO-4 856E3500 Device \Driver\ayo3w2ex \Device\Scsi\ayo3w2ex1 856B3500 Device \Driver\ayo3w2ex \Device\Scsi\ayo3w2ex1Port1Path0Target0Lun0 856B3500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb16030e1 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313acdf82 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x91 0xFE 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0xCC 0x9C 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0xA0 0x20 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x60 0x26 0x40 0x79 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb16030e1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313acdf82 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x91 0xFE 0x72 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0xCC 0x9C 0x6C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC7 0xA0 0x20 0x6C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x60 0x26 0x40 0x79 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- EOF - GMER 1.0.15 ---- OSAM:OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 17:04:58 on 12.05.2011 OS: Windows 7 Starter Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.17 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aq27qsre" (aq27qsre) - "Microsoft Corporation" - C:\windows\system32\drivers\aq27qsre.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Alexa\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "rtport" (rtport) - "Windows (R) 2003 DDK 3790 provider" - C:\windows\system32\drivers\rtport.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Alexa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "phase-6 Reminder.lnk" - "phase-6" - C:\Program Files\phase-6\phase-6\reminder\reminder.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Vid\Vid.exe" -bootmode "Logitech Vid HD" - "Logitech Inc." - "C:\Program Files\Logitech\Vid\vid.exe" -bootmode -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe "Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index und MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Starter Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: Phoenix Technologies Ltd. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: N150P/N210P/N220P Logical Drives Mask: 0x0000001c Kernel Drivers (total 189): 0x81C56000 \SystemRoot\system32\ntkrnlpa.exe 0x81C1F000 \SystemRoot\system32\halmacpi.dll 0x81B23000 \SystemRoot\system32\kdcom.dll 0x82217000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8228F000 \SystemRoot\system32\PSHED.dll 0x822A0000 \SystemRoot\system32\BOOTVID.dll 0x822A8000 \SystemRoot\system32\CLFS.SYS 0x822EA000 \SystemRoot\system32\CI.dll 0x8640B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8647C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8648A000 \SystemRoot\System32\Drivers\splo.sys 0x8657D000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x86586000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x865AC000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x865F4000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x86400000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x82395000 \SystemRoot\system32\DRIVERS\pci.sys 0x823BF000 \SystemRoot\System32\drivers\partmgr.sys 0x823D0000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x823D8000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x823E3000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8662A000 \SystemRoot\System32\drivers\volmgrx.sys 0x86675000 \SystemRoot\System32\drivers\mountmgr.sys 0x8668B000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x86765000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8676E000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x86791000 \SystemRoot\system32\DRIVERS\msahci.sys 0x8679B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x867A9000 \SystemRoot\system32\drivers\amdxata.sys 0x867B2000 \SystemRoot\system32\drivers\fltmgr.sys 0x867E6000 \SystemRoot\system32\drivers\fileinfo.sys 0x86817000 \SystemRoot\System32\Drivers\Ntfs.sys 0x86946000 \SystemRoot\System32\Drivers\msrpc.sys 0x86971000 \SystemRoot\System32\Drivers\ksecdd.sys 0x86984000 \SystemRoot\System32\Drivers\cng.sys 0x869E1000 \SystemRoot\System32\drivers\pcw.sys 0x869EF000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x86A0C000 \SystemRoot\system32\drivers\ndis.sys 0x86AC3000 \SystemRoot\system32\drivers\NETIO.SYS 0x86B01000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x86C3E000 \SystemRoot\System32\drivers\tcpip.sys 0x86D87000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x86DB8000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x86DF7000 \SystemRoot\System32\Drivers\spldr.sys 0x86C00000 \SystemRoot\System32\drivers\rdyboost.sys 0x86C2D000 \SystemRoot\System32\Drivers\mup.sys 0x86B26000 \SystemRoot\System32\drivers\hwpolicy.sys 0x86B2E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x86B60000 \SystemRoot\system32\DRIVERS\disk.sys 0x86B71000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x89F23000 \SystemRoot\System32\Drivers\Null.SYS 0x89F2A000 \SystemRoot\System32\Drivers\Beep.SYS 0x89F31000 \SystemRoot\System32\drivers\vga.sys 0x89F3D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x89F5E000 \SystemRoot\System32\drivers\watchdog.sys 0x89F6B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x89F73000 \SystemRoot\system32\drivers\rdpencdd.sys 0x89F7B000 \SystemRoot\system32\drivers\rdprefmp.sys 0x89F83000 \SystemRoot\System32\Drivers\Msfs.SYS 0x89F8E000 \SystemRoot\System32\Drivers\Npfs.SYS 0x89F9C000 \SystemRoot\system32\DRIVERS\tdx.sys 0x89FB3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x86BA3000 \SystemRoot\system32\drivers\afd.sys 0x89FBE000 \SystemRoot\System32\DRIVERS\netbt.sys 0x89FF0000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x89F04000 \SystemRoot\system32\DRIVERS\pacer.sys 0x89E00000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x86800000 \SystemRoot\system32\DRIVERS\netbios.sys 0x86600000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x86613000 \SystemRoot\system32\DRIVERS\termdd.sys 0x89E11000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x89FF7000 \??\C:\windows\system32\Drivers\SABI.sys 0x8AA2F000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8AA70000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8AA7A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8AA84000 \SystemRoot\System32\drivers\discache.sys 0x8AA90000 \SystemRoot\System32\Drivers\dfsc.sys 0x8AAA8000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8AAB6000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8AADC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8AAFD000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8B03B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8B543000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8B000000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8AB0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x91832000 \SystemRoot\system32\DRIVERS\bcmwl6.sys 0x91ACB000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x91AD5000 \SystemRoot\system32\DRIVERS\yk62x86.sys 0x91B26000 \SystemRoot\system32\drivers\usbuhci.sys 0x91B31000 \SystemRoot\system32\drivers\USBPORT.SYS 0x91B7C000 \SystemRoot\system32\drivers\usbehci.sys 0x91B8B000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x91B8F000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x91BA7000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x91BB4000 \SystemRoot\system32\DRIVERS\ETD.sys 0x91BD3000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8AB2E000 \SystemRoot\System32\Drivers\aq27qsre.SYS 0x91BE0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x91800000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x9181F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8AB67000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x91BED000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8AB7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8ABA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8ABB9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8ABD0000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x91BF8000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8CE28000 \SystemRoot\system32\DRIVERS\ks.sys 0x8CE5C000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8CE6A000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8CEAE000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8DA1B000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8DD07000 \SystemRoot\system32\drivers\portcls.sys 0x8DD36000 \SystemRoot\system32\drivers\drmk.sys 0x8DD4F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8DD6E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8DD74000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8CEBF000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x8DD81000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x80E10000 \SystemRoot\System32\win32k.sys 0x8DD92000 \SystemRoot\System32\drivers\Dxapi.sys 0x8DD9C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8DDB3000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8DDB5000 \SystemRoot\System32\Drivers\usbvideo.sys 0x8DDD9000 \SystemRoot\system32\DRIVERS\monitor.sys 0x81070000 \SystemRoot\System32\TSDDD.dll 0x810A0000 \SystemRoot\System32\cdd.dll 0x8DDE4000 \SystemRoot\system32\drivers\luafv.sys 0x8DA00000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8CF99000 \SystemRoot\system32\drivers\WudfPf.sys 0x8CFB3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x89E17000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8CFC3000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8CFD3000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x89E5D000 \SystemRoot\system32\drivers\HTTP.sys 0x8CFE6000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8CE00000 \SystemRoot\System32\drivers\mpsdrv.sys 0x8AA00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA7829000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA7864000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA7897000 \??\C:\windows\system32\Drivers\CVPNDRVA.sys 0xA7927000 \SystemRoot\system32\drivers\peauth.sys 0xA79BE000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA79C8000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA79E9000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA9805000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA9854000 \SystemRoot\System32\DRIVERS\srv.sys 0xA98A6000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xA98AB000 \SystemRoot\system32\DRIVERS\CVirtA.sys 0x77B80000 \Windows\System32\ntdll.dll 0x48300000 \Windows\System32\smss.exe 0x77DC0000 \Windows\System32\apisetschema.dll 0x00340000 \Windows\System32\autochk.exe 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll 0x77CE0000 \Windows\System32\msctf.dll 0x76F30000 \Windows\System32\shell32.dll 0x76ED0000 \Windows\System32\shlwapi.dll 0x76DD0000 \Windows\System32\wininet.dll 0x76D00000 \Windows\System32\user32.dll 0x76C70000 \Windows\System32\oleaut32.dll 0x76BF0000 \Windows\System32\comdlg32.dll 0x77CD0000 \Windows\System32\nsi.dll 0x76BD0000 \Windows\System32\sechost.dll 0x76B20000 \Windows\System32\rpcrt4.dll 0x76920000 \Windows\System32\iertutil.dll 0x77CC0000 \Windows\System32\lpk.dll 0x76900000 \Windows\System32\imm32.dll 0x768B0000 \Windows\System32\Wldap32.dll 0x767D0000 \Windows\System32\kernel32.dll 0x76720000 \Windows\System32\msvcrt.dll 0x76710000 \Windows\System32\psapi.dll 0x76700000 \Windows\System32\normaliz.dll 0x76560000 \Windows\System32\setupapi.dll 0x76420000 \Windows\System32\urlmon.dll 0x762C0000 \Windows\System32\ole32.dll 0x76260000 \Windows\System32\difxapi.dll 0x761C0000 \Windows\System32\advapi32.dll 0x76120000 \Windows\System32\usp10.dll 0x760F0000 \Windows\System32\imagehlp.dll 0x760B0000 \Windows\System32\ws2_32.dll 0x76060000 \Windows\System32\gdi32.dll 0x75FD0000 \Windows\System32\clbcatq.dll 0x75EB0000 \Windows\System32\crypt32.dll 0x75E60000 \Windows\System32\KernelBase.dll 0x75E30000 \Windows\System32\wintrust.dll 0x75E00000 \Windows\System32\cfgmgr32.dll 0x75D70000 \Windows\System32\comctl32.dll 0x75D50000 \Windows\System32\devobj.dll 0x75D40000 \Windows\System32\msasn1.dll Processes (total 81): 0 System Idle Process 4 System 312 C:\Windows\System32\smss.exe 444 csrss.exe 500 C:\Windows\System32\wininit.exe 508 csrss.exe 564 C:\Windows\System32\winlogon.exe 604 C:\Windows\System32\services.exe 612 C:\Windows\System32\lsass.exe 620 C:\Windows\System32\lsm.exe 712 C:\Windows\System32\svchost.exe 812 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\audiodg.exe 1124 C:\Windows\System32\svchost.exe 1184 C:\Program Files\Stardock\MyColors\VistaSrv.exe 1200 C:\Program Files\Stardock\MyColors\WBVista.exe 1304 C:\Windows\System32\svchost.exe 1460 C:\Windows\System32\dwm.exe 1476 C:\Windows\System32\wlanext.exe 1484 C:\Windows\System32\conhost.exe 1500 C:\Windows\explorer.exe 1580 C:\Windows\System32\spoolsv.exe 1628 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1676 C:\Windows\System32\svchost.exe 1684 C:\Windows\System32\taskhost.exe 1860 C:\Windows\System32\hkcmd.exe 1916 C:\Windows\System32\igfxpers.exe 1932 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 1948 C:\Windows\System32\igfxsrvc.exe 1960 C:\Program Files\Elantech\ETDCtrl.exe 2040 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 332 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 664 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 828 C:\Windows\System32\taskeng.exe 1164 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe 1416 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe 1792 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe 1380 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe 1272 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 376 C:\Program Files\Samsung\SFB\SmartRestarter.exe 2112 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2148 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2224 C:\Program Files\Bonjour\mDNSResponder.exe 2260 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 2276 C:\Program Files\iTunes\iTunesHelper.exe 2312 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2368 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2376 C:\Windows\System32\conhost.exe 2400 C:\Windows\System32\svchost.exe 2412 C:\Program Files\Winamp\winampa.exe 2456 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe 2516 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2548 C:\Windows\System32\svchost.exe 2612 C:\Program Files\DAEMON Tools Lite\DTLite.exe 2620 C:\Program Files\Logitech\Vid\Vid.exe 2644 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 2724 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE 3268 C:\Windows\System32\igfxext.exe 3304 C:\Windows\System32\igfxsrvc.exe 3588 C:\Windows\System32\SearchIndexer.exe 3892 C:\Program Files\iPod\bin\iPodService.exe 112 C:\Program Files\Cisco Systems\VPN Client\vpngui.exe 2580 C:\Program Files\Elantech\ETDCtrlHelper.exe 2428 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 4060 C:\Program Files\Mozilla Firefox\firefox.exe 1296 C:\Program Files\Mozilla Firefox\plugin-container.exe 3732 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 360 C:\Windows\System32\svchost.exe 4300 C:\Windows\System32\wuauclt.exe 4676 C:\Windows\System32\svchost.exe 4056 C:\Windows\System32\SearchProtocolHost.exe 1384 C:\Windows\System32\SearchFilterHost.exe 2868 C:\Windows\System32\rundll32.exe 3844 MpCmdRun.exe 916 dllhost.exe 4988 dllhost.exe 4480 C:\Users\Alexa\Downloads\MBRCheck.exe 5116 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`46600000 (NTFS) PhysicalDrive0 Model Number: HitachiHTS545025B9A300, Rev: PB2OC66G Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: |
12.05.2011, 16:11 | #14 |
| Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Ich habe die Befürchtung, dass MBRCheck irgendwie nicht funktioniert hat.. |
12.05.2011, 18:16 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden. |
adblock, adobe, antivir, autorun, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, defender, e-banking, error, excel, firefox, formatieren - funktioniert nicht, install.exe, installation, ip-adresse, jdownloader, location, logfile, maus, microsoft office word, mozilla, mp3, netzwerk, office 2007, oldtimer, pdfforge toolbar, plug-in, realtek, registry, rundll, samsung nc10 plus, scan, searchplugins, security, security update, software, spigot, sptd.sys, start menu, trojaner, webcheck, windows, wlansvc |