| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Bildschirm, kein Zugriff auf FestplatteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.05.2011, 22:30
| #1 |
 |  Schwarzer Bildschirm, kein Zugriff auf Festplatte Hallo! Ich habe mich eben angemeldet, weil ich ein Problem mit dem Computer habe. Das Betriebssystem ist Windows 7. Plötzlich kamen diese Meldungen: "Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr". "Festplatte beschädigt. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA- Festplatten erkannt. Es wird empholen das System neu zu starten" "Kritischer Fehler. Fehler der Festplatte RAM-Speicher Nutzung ist kritisch hoch. RAM Speicher gescheitert." Der Bildschirm ist schwarz geworden, die Icons sind verschwunden und ich kann nicht mehr auf meine Daten zugreifen. Ich habe mich im Forum umgeschaut und ähnliche Fälle gefunden. Das ist mein Malware logfile: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6569 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.05.2011 21:41:46 mbam-log-2011-05-13 (21-41-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 229610 Laufzeit: 1 Stunde(n), 5 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 6 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKLuVrOIsaEYCN (Rogue.Installer.Gen) -> Value: vKLuVrOIsaEYCN -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\vkluvroisaeycn.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Lisa\AppData\Local\Temp\5zklycqi.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\Lisa\AppData\Local\Temp\k7gnj9eb.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully. c:\Users\Lisa\AppData\Local\Temp\tmp1565.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\Lisa\AppData\LocalLow\Sun\Java\deployment\cache\6.0\22\39e1d656-17e67c7f (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\programdata\31448824.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully. Und das OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 5/13/2011 11:06:13 PM - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lisa Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 44.43 Gb Free Space | 55.53% Space Free | Partition Type: NTFS Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS Computer Name: LISASIHRER | User Name: Lisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lisa\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\asus\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe () PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\Lisa\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe () SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) ========== Driver Services (SafeList) ========== DRV - (MpKsl3a7c6a8d) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89DF136D-E8AE-4214-A117-09D1D7610AEA}\MpKsl3a7c6a8d.sys (Microsoft Corporation) DRV - (MpKsl4330bb19) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89DF136D-E8AE-4214-A117-09D1D7610AEA}\MpKsl4330bb19.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (asushwio) -- C:\Windows\System32\drivers\ASUSHWIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 15:54:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 15:53:04 | 000,000,000 | ---D | M] [2010/04/10 10:55:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions [2011/05/05 04:02:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions [2010/11/03 01:04:15 | 000,000,000 | -H-D | M] (Forecastfox Weather) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011/04/29 16:35:04 | 000,000,000 | -H-D | M] (Winload Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011/04/29 16:35:16 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/04/29 16:35:02 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011/04/24 06:24:17 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/04/24 06:24:15 | 000,000,000 | -H-D | M] (Download Statusbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010/07/06 11:47:36 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011/04/29 16:35:14 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\engine@conduit.com [2010/03/24 16:13:02 | 000,000,917 | -H-- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\88g6p2db.default\searchplugins\conduit.xml [2011/05/11 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/08/06 06:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/11 15:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/12/15 06:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/12/27 06:32:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2011/05/13 22:20:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.122.1.1 71.250.0.12 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\asus\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell - "" = AutoRun O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell - "" = AutoRun O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/05/13 23:05:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\OTL.exe [2011/05/13 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2011/05/13 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/05/13 20:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/13 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/05/13 20:29:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/05/13 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/05/13 19:05:33 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011/05/11 09:21:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2011/05/11 09:21:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/05/10 19:33:14 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\4.0 [2011/05/10 19:33:10 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\.tfo4 [2011/04/27 19:25:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe [2011/04/27 19:24:50 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll [2011/04/27 19:24:49 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys [2011/04/27 19:24:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe [2011/04/27 19:23:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll [2011/04/27 19:22:29 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2011/04/15 04:18:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2011/04/15 04:18:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2011/04/15 04:18:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe [2011/04/15 04:18:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2011/04/15 04:18:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2011/04/15 04:18:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/04/15 04:18:21 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/04/15 04:18:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/04/15 04:18:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/04/15 04:18:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/04/15 04:18:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/04/15 04:18:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/04/15 04:18:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/04/15 04:18:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/04/15 04:18:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/04/15 04:18:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/04/15 04:17:50 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/04/15 04:17:48 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe [2011/04/15 04:17:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll [2011/04/15 04:17:41 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll [2011/04/15 04:17:40 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll [2009/08/18 19:14:32 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011/05/13 23:05:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\OTL.exe [2011/05/13 22:31:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/13 22:31:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/13 22:28:33 | 000,656,266 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/05/13 22:28:33 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/05/13 22:28:33 | 000,131,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/05/13 22:28:33 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/05/13 22:23:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/05/13 22:23:46 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys [2011/05/13 22:20:02 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts [2011/05/13 20:29:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/13 19:05:33 | 000,000,635 | -H-- | M] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk [2011/05/13 19:05:19 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31448824 [2011/05/08 19:26:40 | 000,000,100 | -H-- | M] () -- C:\Users\Lisa\Desktop\verkleinerer.set [2011/04/24 06:20:53 | 000,319,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011/05/13 20:29:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/05/13 19:05:33 | 000,000,635 | -H-- | C] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk [2011/05/13 19:05:18 | 000,000,336 | -H-- | C] () -- C:\ProgramData\31448824 [2010/06/02 13:30:40 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010/05/01 15:29:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/04/22 18:26:06 | 000,014,336 | -H-- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/10 11:11:48 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2009/10/26 15:46:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/10/26 10:11:16 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe [2009/10/26 10:11:16 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2009/10/26 10:08:53 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2009/10/26 10:05:52 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2009/07/26 03:28:45 | 000,656,266 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/07/26 03:28:45 | 000,131,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,319,456 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat < End of report > Und das Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 5/13/2011 11:06:13 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lisa
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 44.43 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Computer Name: LISASIHRER | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{470F98FC-4831-4ACB-9A8C-D114ED27C120}" = LocaleMe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"Audio Tuner" = Audio Tuner (remove only)
"Eee Docking_is1" = Eee Docking 3.6.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemSetting_is1" = SystemSetting
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/12/2010 11:46:43 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12/22/2010 10:16:53 PM | Computer Name = LisasIhrer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x2c0 Startzeit der fehlerhaften Anwendung: 0x01cba0c2f30b4091 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: b49a1bb5-0e3a-11e0-9e47-e0cb4e2cc176
Error - 12/23/2010 3:41:45 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12/24/2010 4:10:26 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12/28/2010 9:02:02 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 1/19/2011 2:13:21 PM | Computer Name = LisasIhrer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.0.0.152, Zeitstempel:
0x4cb31516 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xe0fafafa Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01cbb33020606d50 Pfad der
fehlerhaften Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: cbb8e2bf-23f7-11e0-9daf-e0cb4e2cc176
Error - 1/23/2011 12:52:34 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 1/27/2011 4:27:51 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 1/27/2011 5:31:17 PM | Computer Name = LisasIhrer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: RSZShell.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x491df3d2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0cd29cf4
ID
des fehlerhaften Prozesses: 0x910 Startzeit der fehlerhaften Anwendung: 0x01cbbb7793cdd5e9
Pfad
der fehlerhaften Anwendung: C:\windows\Explorer.exe Pfad des fehlerhaften Moduls:
RSZShell.dll Berichtskennung: c58ecd38-2a5c-11e0-9d99-e0cb4e2cc176
Error - 1/30/2011 11:19:42 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 10/14/2010 10:56:30 PM | Computer Name = LisasIhrer | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.91.1720.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.6201.0 Fehlercode:
0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 10/14/2010 10:56:30 PM | Computer Name = LisasIhrer | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.91.1720.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.6201.0 Fehlercode:
0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support".
Error - 10/15/2010 7:16:37 AM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/16/2010 12:25:43 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/17/2010 12:55:42 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/17/2010 5:44:52 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/18/2010 1:08:46 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/19/2010 1:01:48 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10/19/2010 5:54:11 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 10/19/2010 10:26:43 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Was muss ich als nächstes tun? |
|
14.05.2011, 17:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Schwarzer Bildschirm, kein Zugriff auf Festplatte Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
15.05.2011, 16:34
| #3 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte Ich konnte keine anderen Logfiles finden, deshalb habe ich den Vollscan nocheinmal durchführen lassen. Das ist das Ergebnis:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6585 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.05.2011 17:27:09 mbam-log-2011-05-15 (17-27-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 51099 Laufzeit: 20 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Wie kann ich die anderen Logs sehen? |
|
15.05.2011, 16:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, kein Zugriff auf Festplatte Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alle entfernen und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell - "" = AutoRun
O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
[2011/05/10 19:33:14 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\4.0
[2011/05/10 19:33:10 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\.tfo4
[2011/05/13 19:05:19 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31448824
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.05.2011, 17:48
| #5 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ not found. File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ not found. File "E:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found. C:\Users\Lisa\4.0\package folder moved successfully. C:\Users\Lisa\4.0 folder moved successfully. C:\Users\Lisa\.tfo4\temp folder moved successfully. C:\Users\Lisa\.tfo4\.fontRenderer folder moved successfully. C:\Users\Lisa\.tfo4 folder moved successfully. C:\ProgramData\31448824 moved successfully. ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05152011_183558 Das ist das Log nach dem Fixen. Er hat aber keinen Neustart gemacht. |
|
15.05.2011, 18:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, kein Zugriff auf Festplatte Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Schwarzer Bildschirm, kein Zugriff auf Festplatte |
|
15.05.2011, 18:45
| #7 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte Hier ist der Report: 2011/05/15 19:40:54.0892 7928 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/15 19:40:55.0434 7928 ================================================================================ 2011/05/15 19:40:55.0435 7928 SystemInfo: 2011/05/15 19:40:55.0435 7928 2011/05/15 19:40:55.0435 7928 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/15 19:40:55.0435 7928 Product type: Workstation 2011/05/15 19:40:55.0436 7928 ComputerName: LISASIHRER 2011/05/15 19:40:55.0437 7928 UserName: Lisa 2011/05/15 19:40:55.0437 7928 Windows directory: C:\windows 2011/05/15 19:40:55.0437 7928 System windows directory: C:\windows 2011/05/15 19:40:55.0437 7928 Processor architecture: Intel x86 2011/05/15 19:40:55.0438 7928 Number of processors: 2 2011/05/15 19:40:55.0438 7928 Page size: 0x1000 2011/05/15 19:40:55.0438 7928 Boot type: Normal boot 2011/05/15 19:40:55.0438 7928 ================================================================================ 2011/05/15 19:40:57.0271 7928 Initialize success 2011/05/15 19:41:02.0577 7128 ================================================================================ 2011/05/15 19:41:02.0578 7128 Scan started 2011/05/15 19:41:02.0578 7128 Mode: Manual; 2011/05/15 19:41:02.0578 7128 ================================================================================ 2011/05/15 19:41:03.0494 7128 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys 2011/05/15 19:41:03.0578 7128 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys 2011/05/15 19:41:03.0717 7128 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys 2011/05/15 19:41:03.0819 7128 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 2011/05/15 19:41:03.0972 7128 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 2011/05/15 19:41:04.0064 7128 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 2011/05/15 19:41:04.0265 7128 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys 2011/05/15 19:41:04.0354 7128 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys 2011/05/15 19:41:04.0496 7128 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 2011/05/15 19:41:04.0666 7128 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys 2011/05/15 19:41:04.0747 7128 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys 2011/05/15 19:41:04.0795 7128 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys 2011/05/15 19:41:04.0859 7128 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 2011/05/15 19:41:04.0917 7128 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 2011/05/15 19:41:05.0065 7128 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys 2011/05/15 19:41:05.0187 7128 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 2011/05/15 19:41:05.0317 7128 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys 2011/05/15 19:41:05.0417 7128 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys 2011/05/15 19:41:05.0579 7128 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 2011/05/15 19:41:05.0662 7128 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 2011/05/15 19:41:05.0829 7128 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys 2011/05/15 19:41:06.0005 7128 asushwio (b6b5566b24329432e0fd1e4ed15a683b) C:\windows\system32\drivers\asushwio.sys 2011/05/15 19:41:06.0221 7128 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 2011/05/15 19:41:06.0384 7128 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys 2011/05/15 19:41:06.0538 7128 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys 2011/05/15 19:41:06.0774 7128 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 2011/05/15 19:41:06.0970 7128 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 2011/05/15 19:41:07.0076 7128 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 2011/05/15 19:41:07.0231 7128 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 2011/05/15 19:41:07.0321 7128 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys 2011/05/15 19:41:07.0388 7128 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 2011/05/15 19:41:07.0497 7128 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 2011/05/15 19:41:07.0648 7128 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 2011/05/15 19:41:07.0765 7128 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 2011/05/15 19:41:07.0858 7128 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 2011/05/15 19:41:07.0908 7128 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 2011/05/15 19:41:08.0050 7128 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys 2011/05/15 19:41:08.0130 7128 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 2011/05/15 19:41:08.0175 7128 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys 2011/05/15 19:41:08.0263 7128 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys 2011/05/15 19:41:08.0406 7128 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys 2011/05/15 19:41:08.0508 7128 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys 2011/05/15 19:41:08.0673 7128 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys 2011/05/15 19:41:08.0864 7128 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys 2011/05/15 19:41:08.0940 7128 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys 2011/05/15 19:41:09.0090 7128 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 2011/05/15 19:41:09.0199 7128 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys 2011/05/15 19:41:09.0363 7128 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 2011/05/15 19:41:09.0457 7128 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 2011/05/15 19:41:09.0638 7128 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 2011/05/15 19:41:09.0721 7128 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys 2011/05/15 19:41:09.0795 7128 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys 2011/05/15 19:41:09.0921 7128 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 2011/05/15 19:41:10.0017 7128 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys 2011/05/15 19:41:10.0183 7128 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 2011/05/15 19:41:10.0708 7128 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys 2011/05/15 19:41:10.0891 7128 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 2011/05/15 19:41:11.0070 7128 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 2011/05/15 19:41:11.0203 7128 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 2011/05/15 19:41:11.0359 7128 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys 2011/05/15 19:41:11.0662 7128 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 2011/05/15 19:41:11.0937 7128 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 2011/05/15 19:41:12.0095 7128 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys 2011/05/15 19:41:12.0236 7128 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 2011/05/15 19:41:12.0377 7128 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 2011/05/15 19:41:12.0461 7128 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 2011/05/15 19:41:12.0634 7128 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 2011/05/15 19:41:12.0683 7128 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 2011/05/15 19:41:12.0731 7128 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 2011/05/15 19:41:12.0917 7128 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 2011/05/15 19:41:13.0047 7128 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 2011/05/15 19:41:13.0160 7128 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 2011/05/15 19:41:13.0347 7128 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys 2011/05/15 19:41:13.0487 7128 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 2011/05/15 19:41:13.0762 7128 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 2011/05/15 19:41:13.0847 7128 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys 2011/05/15 19:41:14.0057 7128 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys 2011/05/15 19:41:14.0144 7128 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 2011/05/15 19:41:14.0227 7128 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 2011/05/15 19:41:14.0319 7128 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 2011/05/15 19:41:14.0532 7128 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 2011/05/15 19:41:14.0708 7128 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys 2011/05/15 19:41:14.0868 7128 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys 2011/05/15 19:41:15.0003 7128 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys 2011/05/15 19:41:15.0105 7128 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 2011/05/15 19:41:15.0257 7128 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys 2011/05/15 19:41:15.0368 7128 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys 2011/05/15 19:41:15.0733 7128 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys 2011/05/15 19:41:16.0064 7128 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 2011/05/15 19:41:16.0275 7128 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys 2011/05/15 19:41:16.0539 7128 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys 2011/05/15 19:41:16.0620 7128 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 2011/05/15 19:41:16.0772 7128 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/05/15 19:41:16.0868 7128 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys 2011/05/15 19:41:17.0010 7128 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 2011/05/15 19:41:17.0081 7128 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 2011/05/15 19:41:17.0214 7128 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys 2011/05/15 19:41:17.0290 7128 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys 2011/05/15 19:41:17.0424 7128 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 2011/05/15 19:41:17.0537 7128 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys 2011/05/15 19:41:17.0692 7128 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys 2011/05/15 19:41:17.0774 7128 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys 2011/05/15 19:41:17.0854 7128 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys 2011/05/15 19:41:18.0015 7128 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys 2011/05/15 19:41:18.0162 7128 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 2011/05/15 19:41:18.0345 7128 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 2011/05/15 19:41:18.0414 7128 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 2011/05/15 19:41:18.0513 7128 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 2011/05/15 19:41:18.0585 7128 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 2011/05/15 19:41:18.0761 7128 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 2011/05/15 19:41:18.0945 7128 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 2011/05/15 19:41:19.0040 7128 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 2011/05/15 19:41:19.0207 7128 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 2011/05/15 19:41:19.0297 7128 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 2011/05/15 19:41:19.0453 7128 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 2011/05/15 19:41:19.0564 7128 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 2011/05/15 19:41:19.0700 7128 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys 2011/05/15 19:41:19.0940 7128 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys 2011/05/15 19:41:20.0055 7128 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys 2011/05/15 19:41:20.0421 7128 MpKsl78d785e3 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55E50FA0-CF29-450A-BC25-04E7FC49D8BD}\MpKsl78d785e3.sys 2011/05/15 19:41:20.0710 7128 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys 2011/05/15 19:41:20.0788 7128 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 2011/05/15 19:41:20.0935 7128 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys 2011/05/15 19:41:21.0036 7128 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/05/15 19:41:21.0186 7128 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys 2011/05/15 19:41:21.0270 7128 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys 2011/05/15 19:41:21.0397 7128 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys 2011/05/15 19:41:21.0470 7128 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys 2011/05/15 19:41:21.0647 7128 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 2011/05/15 19:41:21.0719 7128 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 2011/05/15 19:41:21.0776 7128 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys 2011/05/15 19:41:21.0949 7128 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 2011/05/15 19:41:22.0132 7128 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 2011/05/15 19:41:22.0177 7128 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 2011/05/15 19:41:22.0273 7128 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 2011/05/15 19:41:22.0429 7128 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 2011/05/15 19:41:22.0480 7128 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 2011/05/15 19:41:22.0538 7128 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 2011/05/15 19:41:22.0673 7128 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 2011/05/15 19:41:22.0758 7128 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 2011/05/15 19:41:22.0915 7128 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys 2011/05/15 19:41:23.0072 7128 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 2011/05/15 19:41:23.0150 7128 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 2011/05/15 19:41:23.0210 7128 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys 2011/05/15 19:41:23.0342 7128 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys 2011/05/15 19:41:23.0408 7128 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys 2011/05/15 19:41:23.0545 7128 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 2011/05/15 19:41:23.0624 7128 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys 2011/05/15 19:41:23.0853 7128 netr28 (596e25b4631df2be98fd2bade8bcc625) C:\windows\system32\DRIVERS\netr28.sys 2011/05/15 19:41:24.0069 7128 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 2011/05/15 19:41:24.0174 7128 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys 2011/05/15 19:41:24.0347 7128 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 2011/05/15 19:41:24.0439 7128 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 2011/05/15 19:41:24.0564 7128 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys 2011/05/15 19:41:24.0737 7128 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 2011/05/15 19:41:24.0832 7128 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys 2011/05/15 19:41:24.0965 7128 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys 2011/05/15 19:41:25.0059 7128 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys 2011/05/15 19:41:25.0205 7128 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys 2011/05/15 19:41:25.0325 7128 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 2011/05/15 19:41:25.0378 7128 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys 2011/05/15 19:41:25.0503 7128 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 2011/05/15 19:41:25.0607 7128 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys 2011/05/15 19:41:25.0665 7128 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys 2011/05/15 19:41:25.0822 7128 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 2011/05/15 19:41:25.0881 7128 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 2011/05/15 19:41:25.0957 7128 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 2011/05/15 19:41:26.0332 7128 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 2011/05/15 19:41:26.0399 7128 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 2011/05/15 19:41:26.0591 7128 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 2011/05/15 19:41:26.0705 7128 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 2011/05/15 19:41:26.0914 7128 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 2011/05/15 19:41:26.0993 7128 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 2011/05/15 19:41:27.0051 7128 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 2011/05/15 19:41:27.0193 7128 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 2011/05/15 19:41:27.0310 7128 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/05/15 19:41:27.0471 7128 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 2011/05/15 19:41:27.0529 7128 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 2011/05/15 19:41:27.0608 7128 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys 2011/05/15 19:41:27.0761 7128 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 2011/05/15 19:41:27.0880 7128 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/05/15 19:41:28.0032 7128 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 2011/05/15 19:41:28.0118 7128 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 2011/05/15 19:41:28.0190 7128 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys 2011/05/15 19:41:28.0328 7128 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys 2011/05/15 19:41:28.0458 7128 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys 2011/05/15 19:41:28.0684 7128 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 2011/05/15 19:41:28.0797 7128 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys 2011/05/15 19:41:28.0974 7128 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys 2011/05/15 19:41:29.0181 7128 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 2011/05/15 19:41:29.0292 7128 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 2011/05/15 19:41:29.0437 7128 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 2011/05/15 19:41:29.0585 7128 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 2011/05/15 19:41:29.0725 7128 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys 2011/05/15 19:41:29.0788 7128 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys 2011/05/15 19:41:29.0953 7128 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys 2011/05/15 19:41:30.0020 7128 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 2011/05/15 19:41:30.0114 7128 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys 2011/05/15 19:41:30.0200 7128 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 2011/05/15 19:41:30.0326 7128 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 2011/05/15 19:41:30.0425 7128 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 2011/05/15 19:41:30.0630 7128 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 2011/05/15 19:41:30.0873 7128 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys 2011/05/15 19:41:30.0946 7128 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys 2011/05/15 19:41:31.0008 7128 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys 2011/05/15 19:41:31.0173 7128 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 2011/05/15 19:41:31.0279 7128 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 2011/05/15 19:41:31.0462 7128 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys 2011/05/15 19:41:31.0661 7128 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys 2011/05/15 19:41:31.0886 7128 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys 2011/05/15 19:41:32.0061 7128 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys 2011/05/15 19:41:32.0201 7128 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys 2011/05/15 19:41:32.0330 7128 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys 2011/05/15 19:41:32.0424 7128 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys 2011/05/15 19:41:32.0633 7128 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys 2011/05/15 19:41:32.0840 7128 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys 2011/05/15 19:41:32.0997 7128 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys 2011/05/15 19:41:33.0078 7128 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 2011/05/15 19:41:33.0155 7128 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys 2011/05/15 19:41:33.0369 7128 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys 2011/05/15 19:41:33.0453 7128 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys 2011/05/15 19:41:33.0627 7128 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 2011/05/15 19:41:33.0757 7128 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys 2011/05/15 19:41:33.0889 7128 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys 2011/05/15 19:41:33.0970 7128 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys 2011/05/15 19:41:34.0091 7128 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys 2011/05/15 19:41:34.0221 7128 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys 2011/05/15 19:41:34.0332 7128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 2011/05/15 19:41:34.0439 7128 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\drivers\USBSTOR.SYS 2011/05/15 19:41:34.0551 7128 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys 2011/05/15 19:41:34.0679 7128 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys 2011/05/15 19:41:34.0845 7128 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys 2011/05/15 19:41:34.0955 7128 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 2011/05/15 19:41:35.0077 7128 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 2011/05/15 19:41:35.0197 7128 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys 2011/05/15 19:41:35.0309 7128 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys 2011/05/15 19:41:35.0404 7128 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 2011/05/15 19:41:35.0467 7128 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys 2011/05/15 19:41:35.0529 7128 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys 2011/05/15 19:41:35.0655 7128 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 2011/05/15 19:41:35.0774 7128 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys 2011/05/15 19:41:35.0910 7128 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 2011/05/15 19:41:36.0024 7128 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 2011/05/15 19:41:36.0154 7128 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 2011/05/15 19:41:36.0323 7128 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys 2011/05/15 19:41:36.0431 7128 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 2011/05/15 19:41:36.0571 7128 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/05/15 19:41:36.0644 7128 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/05/15 19:41:36.0786 7128 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 2011/05/15 19:41:36.0889 7128 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 2011/05/15 19:41:37.0191 7128 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 2011/05/15 19:41:37.0320 7128 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 2011/05/15 19:41:37.0635 7128 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 2011/05/15 19:41:37.0814 7128 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 2011/05/15 19:41:37.0932 7128 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys 2011/05/15 19:41:38.0067 7128 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys 2011/05/15 19:41:38.0259 7128 ================================================================================ 2011/05/15 19:41:38.0260 7128 Scan finished 2011/05/15 19:41:38.0260 7128 ================================================================================ |
|
15.05.2011, 19:19
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, kein Zugriff auf Festplatte Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 19:58
| #9 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte Wie deaktiviere ich antivirus: Microsoft Security Essentials und antispyware Microsoft Security Essentials? |
|
15.05.2011, 20:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, kein Zugriff auf Festplatte Es ist dir ausdrücklich erlaubt, solche einfachen Sachen selbst zu recherchieren  Unter Einstellungen den oberen Haken rausnehmen (Echtzeitschutz) 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2011, 02:52
| #11 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte Combofix Logfile: Code:
ATTFilter ComboFix 11-05-15.03 - Lisa 16.05.2011 3:11.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.2039.1170 [GMT 2:00]
ausgeführt von:: c:\users\Lisa\Desktop\cofi.exe.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Lisa\OTL.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-16 bis 2011-05-16 ))))))))))))))))))))))))))))))
.
.
2011-05-16 01:42 . 2011-05-16 01:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-15 16:35 . 2011-05-15 16:35 -------- d-----w- C:\_OTL
2011-05-13 18:29 . 2011-05-13 18:29 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes
2011-05-13 18:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 18:29 . 2011-05-13 18:29 -------- d-----w- c:\programdata\Malwarebytes
2011-05-13 18:29 . 2011-05-13 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 18:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 13:53 . 2011-04-14 16:26 711672 ----a-w- c:\program files\Mozilla Firefox\helper.exe
2011-05-11 13:53 . 2011-04-14 16:26 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 13:53 . 2011-04-14 16:25 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 13:53 . 2011-04-14 16:25 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 13:53 . 2011-04-14 16:25 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 13:53 . 2011-04-14 16:25 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 13:53 . 2011-04-14 16:25 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 13:53 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 13:53 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 07:21 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 07:21 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-27 17:25 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 17:24 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:24 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:24 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:24 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:24 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 17:24 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 17:24 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:24 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:24 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 17:23 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 17:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 05:40 . 2011-04-15 02:17 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 02:17 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-15 02:17 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 02:18 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 02:18 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-15 02:17 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-15 02:17 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-15 02:18 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-15 02:18 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-15 02:18 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-15 02:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-23 05:06 . 2011-04-15 02:18 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-15 02:18 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-15 02:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-15 02:17 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-15 02:17 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-15 02:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-15 02:17 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 05:33 . 2011-03-09 04:04 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 04:04 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 04:04 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-04-15 02:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-15 02:18 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:36 . 2011-04-15 02:18 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 16:26 . 2011-05-11 13:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24 2736736 ----a-w- c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"PDFPrint"="c:\users\Lisa\Downloads\PDF24\pdf24.exe" [2010-12-14 216456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 MpKsl3d69d22b;MpKsl3d69d22b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2364BB9-7D04-4D43-9424-BA14B0398E10}\MpKsl3d69d22b.sys [x]
R1 MpKslee86f52e;MpKslee86f52e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{645E8158-4B5F-4626-9DD0-AEC15A0DF0BB}\MpKslee86f52e.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-11 626688]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 MpKsl4330bb19;MpKsl4330bb19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89DF136D-E8AE-4214-A117-09D1D7610AEA}\MpKsl4330bb19.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*NewlyCreated* - MPKSL3695926B
*NewlyCreated* - MPKSL78D785E3
*Deregistered* - klmd25
*Deregistered* - MpKsl3695926b
*Deregistered* - MpKsl78d785e3
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\88g6p2db.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-16 03:48:32
ComboFix-quarantined-files.txt 2011-05-16 01:48
.
Vor Suchlauf: 8 Verzeichnis(se), 47.230.185.472 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 47.077.879.808 Bytes frei
.
- - End Of File - - D423AF3D5F1A7358E296A05F6F5E1AB0
|
|
16.05.2011, 12:00
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, kein Zugriff auf FestplatteZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2011, 22:40
| #13 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte Ich habe sie gerade deinstalliert. Um sicher zu gehen, dass sie weg sind, habe ich noch ein OTM Log machen lassen:OTL Logfile: Code:
ATTFilter OTL logfile created on: 5/16/2011 11:25:48 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lisa\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 43.80 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Computer Name: LISASIHRER | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Lisa\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
========== Modules (SafeList) ==========
MOD - C:\Users\Lisa\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ==========
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 15:54:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 15:53:04 | 000,000,000 | ---D | M]
[2010/04/10 10:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
[2011/05/16 23:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions
[2010/11/03 01:04:15 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/04/29 16:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/24 06:24:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/06 11:47:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/29 16:35:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\engine@conduit.com
[2010/03/24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\88g6p2db.default\searchplugins\conduit.xml
[2011/05/11 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/08/06 06:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 15:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/15 06:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 06:32:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\88G6P2DB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/05/16 03:43:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.122.1.1 71.250.0.12
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/16 03:48:36 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/05/16 03:46:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/16 03:09:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/05/16 03:09:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/05/16 03:09:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/05/16 03:07:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/05/16 02:49:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/15 20:58:07 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/05/15 20:34:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/15 19:37:30 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2011/05/15 18:35:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/13 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2011/05/13 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 20:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/13 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 20:29:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/13 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 19:05:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/11 09:21:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 09:21:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/27 19:25:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/27 19:24:50 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/27 19:24:49 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/27 19:24:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe
[2011/04/27 19:23:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/04/27 19:22:29 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2009/08/18 19:14:32 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
========== Files - Modified Within 30 Days ==========
[2011/05/16 22:30:04 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 22:30:03 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 22:27:42 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/05/16 22:27:42 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/05/16 22:27:42 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/05/16 22:27:42 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/05/16 22:22:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/16 22:22:40 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 03:43:01 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/05/16 03:07:19 | 004,348,896 | R--- | M] () -- C:\Users\Lisa\Desktop\cofi.exe.exe
[2011/05/15 20:43:44 | 000,013,744 | ---- | M] () -- C:\Users\Lisa\Desktop\firefox - Verknüpfung.lnk
[2011/05/15 19:38:08 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2011/05/13 20:29:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 19:05:33 | 000,000,635 | ---- | M] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk
[2011/05/08 19:26:40 | 000,000,100 | ---- | M] () -- C:\Users\Lisa\Desktop\verkleinerer.set
[2011/04/24 06:20:53 | 000,319,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2011/05/16 03:09:06 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/05/16 03:09:06 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/05/16 03:09:06 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/05/16 03:09:06 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/05/16 03:09:06 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/05/15 20:43:44 | 000,013,744 | ---- | C] () -- C:\Users\Lisa\Desktop\firefox - Verknüpfung.lnk
[2011/05/15 20:31:28 | 004,348,896 | R--- | C] () -- C:\Users\Lisa\Desktop\cofi.exe.exe
[2011/05/13 20:29:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 19:05:33 | 000,000,635 | ---- | C] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk
[2010/06/02 13:30:40 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/05/01 15:29:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/22 18:26:06 | 000,014,336 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 11:11:48 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/10/26 10:11:16 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/10/26 10:11:16 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/10/26 10:08:53 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/10/26 10:05:52 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/07/26 03:28:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 03:28:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,319,456 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
< End of report >
|
|
16.05.2011, 23:00
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, kein Zugriff auf Festplatte Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2011, 03:08
| #15 |
| | Schwarzer Bildschirm, kein Zugriff auf Festplatte GMER:GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-17 04:05:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: 63rbhrw0.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\kxtdquow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 81E60569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E85092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015aff487d1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015aff487d1 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
| Themen zu Schwarzer Bildschirm, kein Zugriff auf Festplatte |
| adblock, bho, bildschirm, c:\windows\system32\rundll32.exe, computer, conduit, desktop, error, festplatte, firefox, flash player, google, install.exe, installation, location, logfile, malware, microsoft security, mozilla, oldtimer, plug-in, problem, problembehandlung, realtek, registry, richtlinie, rogue.installer.gen, rundll, scan, schwarzer bildschirm, searchplugins, security, security scan, shell32.dll, software, start menu, starten, system neu, taskhost.exe, updates, webcheck, windows, windows 7 starter, winload toolbar |
Linear-Darstellung
