| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery eingefangen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.05.2011, 10:42
| #1 |
 |  Windows Recovery eingefangen! Hallo, ich bin durch eine Google-Suche auf dieses Forum aufmerksam geworden. Mir ist aufgefallen, dass hier auch kompletten Computer-Laien wie mir kompetent geholfen wird. Hier von meiner Seite erst einmal großes Lob! Heute Morgen hat mich auf meinem Rechner nach dem Hochfahren ein schwarzer Bildschirm und ein sogenanntes "Windows Recovery" Fenster erwartet und mir kundgetan, dass mein PC kritische Festplatten-Probleme, etc. hätte. Nach einer Suche zu diesem Thema bin ich auf eure Anleitung gestoßen: "Windows Recovery entfernen" Diese Schritte habe ich nun abgearbeitet. Wiindows Recovery scheint entfernt, jedoch sitze ich immer noch einem schwarzen Desktop gegenüber incl. immer noch versteckter Desktop-Symbole und auch meine Task-Leiste besteht überwiegend aus weißen Blättern statt programmspezifischen Symbolen. Ich hoffe ihr könnt mir bei diesem Problem weiterhelfen. Vielen Dank schon mal im Voraus für die Hilfe Im Anhang nun die Log-Files von Malwarebytes und OTL |
|
16.05.2011, 14:32
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Recovery eingefangen!Zitat:
Deinstallier bei der Gelegenheit auch alle besch... Toolbars (falls vorhanden) und andere sinnfreie/unnötige Software. Mach danach ein neues OTL-Log: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
16.05.2011, 15:54
| #3 |
| | Windows Recovery eingefangen! Vielen Dank für die schnelle Antwort.
__________________OK Comodo ist weg. Soweit möglich hab ich jetzt auch weitere unnötige Software entfernt. Hier nun die neue OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.05.2011 16:45:12 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\boelzebub\Desktop 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 12,00 Gb Total Physical Memory | 10,00 Gb Available Physical Memory | 85,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 288 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 247,92 Gb Total Space | 111,32 Gb Free Space | 44,90% Space Free | Partition Type: NTFS Drive D: | 195,21 Gb Total Space | 123,19 Gb Free Space | 63,10% Space Free | Partition Type: NTFS Drive E: | 488,28 Gb Total Space | 156,41 Gb Free Space | 32,03% Space Free | Partition Type: NTFS Computer Name: BOELZEBUB-PC | User Name: boelzebub | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.16 11:05:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2008.04.15 12:31:48 | 001,675,264 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe PRC - [2007.01.19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe ========== Modules (SafeList) ========== MOD - [2011.05.16 11:05:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.05.02 21:41:14 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll -- (Akamai) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.05.04 16:26:11 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.04.01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.04.01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.01.07 17:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 20:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.08.16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2010.08.16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010.01.02 11:43:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.01.02 11:43:02 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.01.02 11:32:47 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.09.23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.04 10:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2008.11.04 10:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.11.04 10:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2008.11.04 10:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2008.11.04 10:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2008.11.04 10:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.11.04 10:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2008.09.09 12:41:12 | 000,047,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc) DRV:64bit: - [2008.09.09 12:40:48 | 000,926,208 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda) DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus) DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D A5 44 0B A5 13 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.13 10:54:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.13 10:54:25 | 000,000,000 | ---D | M] [2011.05.16 16:04:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\boelzebub\AppData\Roaming\mozilla\Extensions [2010.08.03 11:55:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\boelzebub\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.05.16 16:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.05 09:04:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.13 05:21:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.20 15:15:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.04 08:25:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.12 17:36:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.03 03:47:42 | 000,292,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\nppanda3d.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link) O4 - HKLM..\Run: [iTunesHelper] File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell - "" = AutoRun O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell\AutoRun\command - "" = N:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.16 16:24:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.16 15:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.16 15:48:50 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.05.16 15:48:50 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.05.16 15:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.05.16 11:05:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe [2011.05.16 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\boelzebub\AppData\Roaming\Malwarebytes [2011.05.16 08:37:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.16 08:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.16 08:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.16 08:37:23 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.16 08:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.16 07:31:31 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery [2011.05.16 07:30:04 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Local\COMODO [2011.05.11 08:56:13 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\Platinum [2011.05.11 08:51:01 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\EmeraldSword - Moderate [2011.05.09 08:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quests and Legends [2011.05.08 17:11:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\FreeRIP [2011.05.08 17:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3 [2011.05.08 17:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeRIP3 [2011.05.04 16:26:11 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.05.04 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2011.05.04 11:11:33 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2011.05.04 11:05:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Comodo [2011.05.04 10:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.05.04 10:41:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.05.04 08:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.05.04 08:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer [2011.05.04 08:20:41 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\ProtectDISC [2011.05.03 10:13:58 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Local\Panda3D [2011.05.03 10:13:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Panda3D [2011.05.02 11:22:01 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\NFG Downloads [2011.05.02 11:16:41 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\Documents\NFG Home [2011.05.02 11:16:40 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\News File Grabber [2011.05.02 11:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSBR-Software [2011.05.02 11:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\News File Grabber [2011.04.22 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2010.04.21 19:17:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC64A.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.16 16:40:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000UA.job [2011.05.16 16:30:12 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.16 16:30:12 | 000,013,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.16 16:22:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.16 16:22:08 | 1066,754,046 | -HS- | M] () -- C:\hiberfil.sys [2011.05.16 16:21:27 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2011.05.16 15:48:55 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.16 15:44:01 | 000,001,500 | ---- | M] () -- C:\Windows\SysNative\.ini [2011.05.16 11:05:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\boelzebub\Desktop\OTL.exe [2011.05.16 08:37:27 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.16 08:05:13 | 001,642,148 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.16 08:05:13 | 000,707,300 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.16 08:05:13 | 000,660,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.16 08:05:13 | 000,152,892 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.16 08:05:13 | 000,125,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.16 07:39:22 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000Core.job [2011.05.16 07:31:39 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44883704r [2011.05.16 07:31:39 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44883704 [2011.05.16 07:31:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44883704 [2011.05.08 17:12:50 | 000,001,492 | -H-- | M] () -- C:\ProgramData\ss.ini [2011.05.08 17:10:40 | 000,001,020 | -H-- | M] () -- C:\Users\boelzebub\Desktop\FreeRIP.lnk [2011.05.06 09:22:50 | 000,007,618 | -H-- | M] () -- C:\Users\boelzebub\AppData\Local\Resmon.ResmonCfg [2011.05.04 16:26:11 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.05.04 10:41:50 | 000,168,712 | -H-- | M] () -- C:\Users\boelzebub\Documents\cc_20110504_104134.reg [2011.05.04 08:21:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.16 15:48:55 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.16 15:44:01 | 000,001,500 | ---- | C] () -- C:\Windows\SysNative\.ini [2011.05.16 08:37:27 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.16 07:31:39 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~44883704r [2011.05.16 07:31:39 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44883704 [2011.05.16 07:31:29 | 000,000,344 | -H-- | C] () -- C:\ProgramData\44883704 [2011.05.08 17:12:50 | 000,001,492 | -H-- | C] () -- C:\ProgramData\ss.ini [2011.05.08 17:10:40 | 000,001,746 | -H-- | C] () -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickStores.lnk [2011.05.08 17:10:40 | 000,001,020 | -H-- | C] () -- C:\Users\boelzebub\Desktop\FreeRIP.lnk [2011.05.06 09:22:50 | 000,007,618 | -H-- | C] () -- C:\Users\boelzebub\AppData\Local\Resmon.ResmonCfg [2011.05.04 11:10:42 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat [2011.05.04 10:41:37 | 000,168,712 | -H-- | C] () -- C:\Users\boelzebub\Documents\cc_20110504_104134.reg [2011.05.04 08:20:44 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001467.LCS [2011.02.27 21:11:37 | 000,011,264 | -H-- | C] () -- C:\Users\boelzebub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.05 23:08:55 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.05 23:08:49 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.11.19 16:20:03 | 000,000,075 | -H-- | C] () -- C:\ProgramData\nvUnsupRes.dat [2010.09.22 16:05:00 | 000,000,097 | -H-- | C] () -- C:\Users\boelzebub\AppData\Local\fusioncache.dat [2010.04.20 22:18:46 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2009.11.29 20:40:59 | 001,604,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.11.06 22:06:02 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\WlanApp.dll [2009.11.06 22:06:02 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\JJAKEn.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.11.01 18:10:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\2K Sports [2011.02.03 21:31:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Amazon [2010.01.24 19:35:28 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Babylon [2010.07.16 17:36:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\BlackBean [2010.04.01 08:15:43 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Bump Technologies, Inc [2010.01.02 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\DAEMON Tools Lite [2010.01.24 01:56:15 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\fltk.org [2011.05.04 11:09:29 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Free Download Manager [2010.04.20 22:18:46 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\FreeAudioPack [2010.12.05 23:06:27 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Leadertech [2010.08.12 12:58:20 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade [2010.05.09 01:41:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade Warband [2010.04.20 18:53:16 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NCH Swift Sound [2011.05.02 11:16:40 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\News File Grabber [2011.05.04 08:20:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\ProtectDISC [2011.04.16 11:21:24 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Software4u [2010.04.21 20:37:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Sony [2010.08.19 14:08:11 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Subversion [2010.08.03 11:55:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\TomTom [2010.09.24 10:20:44 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Turbine [2009.12.05 18:02:31 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Ubisoft [2011.03.27 22:28:49 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\uTorrent [2011.04.16 11:18:42 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\WindSolutions [2011.03.30 07:20:30 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.01 18:10:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\2K Sports [2010.03.10 08:08:50 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Adobe [2011.02.03 21:31:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Amazon [2011.04.16 11:26:14 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Apple Computer [2010.01.24 19:35:28 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Babylon [2010.07.16 17:36:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\BlackBean [2010.04.01 08:15:43 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Bump Technologies, Inc [2010.01.02 11:35:38 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\DAEMON Tools Lite [2011.05.03 10:18:37 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\DivX [2010.07.19 09:13:37 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\dvdcss [2010.01.24 01:56:15 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\fltk.org [2011.05.04 11:09:29 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Free Download Manager [2010.04.20 22:18:46 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\FreeAudioPack [2009.10.31 20:26:50 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Identities [2009.11.06 22:05:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\InstallShield [2010.12.05 23:06:27 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Leadertech [2009.11.09 09:50:22 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Macromedia [2011.05.16 08:37:39 | 000,000,000 | ---D | M] -- C:\Users\boelzebub\AppData\Roaming\Malwarebytes [2009.07.14 20:18:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Media Center Programs [2011.02.28 22:34:40 | 000,000,000 | --SD | M] -- C:\Users\boelzebub\AppData\Roaming\Microsoft [2010.08.12 12:58:20 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade [2010.05.09 01:41:08 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mount&Blade Warband [2011.05.16 16:04:54 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Mozilla [2009.12.24 13:51:42 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NCH Software [2010.04.20 18:53:16 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NCH Swift Sound [2011.05.02 11:16:40 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\News File Grabber [2010.05.31 13:56:21 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\NVIDIA [2011.05.04 08:20:41 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\ProtectDISC [2011.04.16 11:21:24 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Software4u [2010.04.21 20:37:34 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Sony [2010.08.19 14:08:11 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Subversion [2010.08.03 11:55:07 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\TomTom [2010.09.24 10:20:44 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Turbine [2009.12.05 18:02:31 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\Ubisoft [2011.03.27 22:28:49 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\uTorrent [2011.03.09 21:44:25 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\vlc [2011.04.16 11:18:42 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\WindSolutions [2011.02.15 09:32:49 | 000,000,000 | -H-D | M] -- C:\Users\boelzebub\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.10.02 10:11:08 | 002,788,816 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\boelzebub\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2011.05.04 09:39:48 | 001,431,160 | -H-- | M] (Phoenix Studio) -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Templates\The_World.exe [2011.04.16 11:18:45 | 003,461,672 | -H-- | M] (WindSolutions) -- C:\Users\boelzebub\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\boelzebub\AppData\Local\Temp\RarSFX1\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\boelzebub\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
16.05.2011, 20:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery eingefangen! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKCU..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell - "" = AutoRun
O33 - MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\Shell\AutoRun\command - "" = N:\Autorun.exe
[2011.05.16 07:31:31 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011.05.16 07:30:04 | 000,000,000 | -H-D | C] -- C:\Users\boelzebub\AppData\Local\COMODO
[2011.05.04 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011.05.16 07:31:39 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~44883704r
[2011.05.16 07:31:39 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44883704
[2011.05.16 07:31:29 | 000,000,344 | -H-- | M] () -- C:\ProgramData\44883704
[2011.05.04 08:21:56 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS
[2011.05.08 17:12:50 | 000,001,492 | -H-- | C] () -- C:\ProgramData\ss.ini
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.05.2011, 21:13
| #5 |
| | Windows Recovery eingefangen! OK ist erledigt ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed331866-f781-11de-b73c-90e6ba4492bf}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed331866-f781-11de-b73c-90e6ba4492bf}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed331866-f781-11de-b73c-90e6ba4492bf}\ not found. File N:\Autorun.exe not found. C:\Users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery folder moved successfully. C:\Users\boelzebub\AppData\Local\COMODO\.tmp folder moved successfully. C:\Users\boelzebub\AppData\Local\COMODO folder moved successfully. C:\Users\Public\Documents\COMODO\vaplugin folder moved successfully. C:\Users\Public\Documents\COMODO\temp folder moved successfully. C:\Users\Public\Documents\COMODO\binaries folder moved successfully. C:\Users\Public\Documents\COMODO folder moved successfully. C:\ProgramData\~44883704r moved successfully. C:\ProgramData\~44883704 moved successfully. C:\ProgramData\44883704 moved successfully. C:\Users\Public\Documents\00001467.LCS moved successfully. C:\ProgramData\ss.ini moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05162011_221411 |
|
16.05.2011, 21:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery eingefangen! Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Windows Recovery eingefangen! |
|
16.05.2011, 21:57
| #7 |
| | Windows Recovery eingefangen! Hier der Kaspersky Report: 2011/05/16 22:58:11.0866 2624 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/16 22:58:12.0174 2624 ================================================================================ 2011/05/16 22:58:12.0174 2624 SystemInfo: 2011/05/16 22:58:12.0174 2624 2011/05/16 22:58:12.0174 2624 OS Version: 6.1.7601 ServicePack: 1.0 2011/05/16 22:58:12.0174 2624 Product type: Workstation 2011/05/16 22:58:12.0174 2624 ComputerName: BOELZEBUB-PC 2011/05/16 22:58:12.0175 2624 UserName: boelzebub 2011/05/16 22:58:12.0175 2624 Windows directory: C:\Windows 2011/05/16 22:58:12.0175 2624 System windows directory: C:\Windows 2011/05/16 22:58:12.0175 2624 Running under WOW64 2011/05/16 22:58:12.0175 2624 Processor architecture: Intel x64 2011/05/16 22:58:12.0175 2624 Number of processors: 8 2011/05/16 22:58:12.0175 2624 Page size: 0x1000 2011/05/16 22:58:12.0175 2624 Boot type: Normal boot 2011/05/16 22:58:12.0175 2624 ================================================================================ 2011/05/16 22:58:12.0522 2624 Initialize success 2011/05/16 22:58:24.0614 0720 ================================================================================ 2011/05/16 22:58:24.0614 0720 Scan started 2011/05/16 22:58:24.0614 0720 Mode: Manual; 2011/05/16 22:58:24.0614 0720 ================================================================================ 2011/05/16 22:58:25.0333 0720 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 2011/05/16 22:58:25.0384 0720 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys 2011/05/16 22:58:25.0433 0720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 2011/05/16 22:58:25.0467 0720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 2011/05/16 22:58:25.0526 0720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/16 22:58:25.0563 0720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/16 22:58:25.0594 0720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/16 22:58:25.0651 0720 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys 2011/05/16 22:58:25.0682 0720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 2011/05/16 22:58:25.0712 0720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 2011/05/16 22:58:25.0731 0720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 2011/05/16 22:58:25.0749 0720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/16 22:58:25.0767 0720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/16 22:58:25.0789 0720 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys 2011/05/16 22:58:25.0807 0720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/16 22:58:25.0829 0720 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys 2011/05/16 22:58:25.0881 0720 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 2011/05/16 22:58:25.0924 0720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/16 22:58:25.0946 0720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/16 22:58:25.0995 0720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/16 22:58:26.0010 0720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 2011/05/16 22:58:26.0048 0720 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys 2011/05/16 22:58:26.0119 0720 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/16 22:58:26.0178 0720 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/16 22:58:26.0216 0720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/16 22:58:26.0249 0720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/16 22:58:26.0285 0720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/16 22:58:26.0324 0720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/16 22:58:26.0353 0720 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/16 22:58:26.0361 0720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/16 22:58:26.0381 0720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/16 22:58:26.0396 0720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/16 22:58:26.0410 0720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/16 22:58:26.0420 0720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/16 22:58:26.0431 0720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/16 22:58:26.0442 0720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/16 22:58:26.0466 0720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/16 22:58:26.0491 0720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/16 22:58:26.0507 0720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/16 22:58:26.0539 0720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/16 22:58:26.0588 0720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/16 22:58:26.0609 0720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 2011/05/16 22:58:26.0653 0720 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 2011/05/16 22:58:26.0669 0720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/16 22:58:26.0702 0720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 2011/05/16 22:58:26.0716 0720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/16 22:58:26.0754 0720 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 2011/05/16 22:58:26.0821 0720 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys 2011/05/16 22:58:26.0859 0720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 2011/05/16 22:58:26.0871 0720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/16 22:58:26.0905 0720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/16 22:58:26.0941 0720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/16 22:58:26.0965 0720 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 2011/05/16 22:58:26.0993 0720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/16 22:58:27.0079 0720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/16 22:58:27.0132 0720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/16 22:58:27.0162 0720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 2011/05/16 22:58:27.0199 0720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/16 22:58:27.0223 0720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/16 22:58:27.0245 0720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/16 22:58:27.0269 0720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/16 22:58:27.0282 0720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/16 22:58:27.0292 0720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/16 22:58:27.0331 0720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 2011/05/16 22:58:27.0357 0720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/16 22:58:27.0392 0720 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 2011/05/16 22:58:27.0403 0720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/16 22:58:27.0442 0720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/16 22:58:27.0461 0720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/16 22:58:27.0518 0720 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/16 22:58:27.0564 0720 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 2011/05/16 22:58:27.0585 0720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/16 22:58:27.0652 0720 hcw95bda (2373992cd449bdcb01ca73a0fcaa0e5e) C:\Windows\system32\Drivers\hcw95bda.sys 2011/05/16 22:58:27.0703 0720 hcw95rc (1a01da384414277fc1f22105fb126a65) C:\Windows\system32\DRIVERS\hcw95rc.sys 2011/05/16 22:58:27.0757 0720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 2011/05/16 22:58:27.0795 0720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 2011/05/16 22:58:27.0807 0720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/16 22:58:27.0831 0720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/16 22:58:27.0852 0720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/16 22:58:27.0879 0720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/16 22:58:27.0915 0720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 2011/05/16 22:58:27.0959 0720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 2011/05/16 22:58:27.0989 0720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/16 22:58:28.0014 0720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 2011/05/16 22:58:28.0041 0720 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys 2011/05/16 22:58:28.0067 0720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/16 22:58:28.0098 0720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 2011/05/16 22:58:28.0120 0720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/16 22:58:28.0140 0720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/16 22:58:28.0170 0720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 2011/05/16 22:58:28.0197 0720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/16 22:58:28.0227 0720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/16 22:58:28.0258 0720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 2011/05/16 22:58:28.0281 0720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 2011/05/16 22:58:28.0318 0720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/16 22:58:28.0346 0720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/16 22:58:28.0364 0720 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/16 22:58:28.0396 0720 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/16 22:58:28.0417 0720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/16 22:58:28.0485 0720 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/05/16 22:58:28.0521 0720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/16 22:58:28.0550 0720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/16 22:58:28.0563 0720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/16 22:58:28.0588 0720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/16 22:58:28.0627 0720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/16 22:58:28.0659 0720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/16 22:58:28.0681 0720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/16 22:58:28.0702 0720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/16 22:58:28.0741 0720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/16 22:58:28.0759 0720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/16 22:58:28.0776 0720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/16 22:58:28.0787 0720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/16 22:58:28.0802 0720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 2011/05/16 22:58:28.0824 0720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 2011/05/16 22:58:28.0845 0720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/16 22:58:28.0877 0720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 2011/05/16 22:58:28.0910 0720 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/16 22:58:28.0940 0720 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/16 22:58:28.0962 0720 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/16 22:58:28.0982 0720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 2011/05/16 22:58:28.0999 0720 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 2011/05/16 22:58:29.0028 0720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/16 22:58:29.0046 0720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/16 22:58:29.0067 0720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 2011/05/16 22:58:29.0115 0720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/16 22:58:29.0136 0720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/16 22:58:29.0147 0720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/16 22:58:29.0189 0720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 2011/05/16 22:58:29.0212 0720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 2011/05/16 22:58:29.0221 0720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/16 22:58:29.0243 0720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/16 22:58:29.0290 0720 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/05/16 22:58:29.0314 0720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/16 22:58:29.0357 0720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/16 22:58:29.0409 0720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 2011/05/16 22:58:29.0441 0720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/16 22:58:29.0472 0720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/16 22:58:29.0503 0720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/16 22:58:29.0532 0720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/16 22:58:29.0558 0720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 2011/05/16 22:58:29.0577 0720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/16 22:58:29.0610 0720 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/16 22:58:29.0708 0720 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys 2011/05/16 22:58:29.0756 0720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/16 22:58:29.0779 0720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/16 22:58:29.0807 0720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/16 22:58:29.0864 0720 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys 2011/05/16 22:58:29.0893 0720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/16 22:58:30.0114 0720 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/05/16 22:58:30.0207 0720 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys 2011/05/16 22:58:30.0236 0720 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys 2011/05/16 22:58:30.0284 0720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 2011/05/16 22:58:30.0327 0720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 2011/05/16 22:58:30.0376 0720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/16 22:58:30.0411 0720 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 2011/05/16 22:58:30.0445 0720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 2011/05/16 22:58:30.0460 0720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 2011/05/16 22:58:30.0488 0720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/16 22:58:30.0510 0720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/16 22:58:30.0536 0720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/16 22:58:30.0620 0720 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys 2011/05/16 22:58:30.0668 0720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/16 22:58:30.0692 0720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/16 22:58:30.0752 0720 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/16 22:58:30.0784 0720 pwdrvio (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys 2011/05/16 22:58:30.0830 0720 pwdspio (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys 2011/05/16 22:58:30.0870 0720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/16 22:58:30.0913 0720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/16 22:58:30.0949 0720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/16 22:58:30.0974 0720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/16 22:58:31.0008 0720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/16 22:58:31.0046 0720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/16 22:58:31.0078 0720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/16 22:58:31.0099 0720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/16 22:58:31.0140 0720 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/16 22:58:31.0155 0720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/16 22:58:31.0169 0720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/16 22:58:31.0200 0720 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 2011/05/16 22:58:31.0226 0720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/16 22:58:31.0245 0720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/16 22:58:31.0281 0720 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 2011/05/16 22:58:31.0313 0720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 2011/05/16 22:58:31.0355 0720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/16 22:58:31.0391 0720 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/16 22:58:31.0444 0720 s1018bus (0eecd4b43eb917bd08bbe1738d7ecb11) C:\Windows\system32\DRIVERS\s1018bus.sys 2011/05/16 22:58:31.0479 0720 s1018mdfl (6f892723f1f694430f86e5fa01763c8a) C:\Windows\system32\DRIVERS\s1018mdfl.sys 2011/05/16 22:58:31.0498 0720 s1018mdm (f7cfc8ac6f7f5f34721e6d10098c7aa3) C:\Windows\system32\DRIVERS\s1018mdm.sys 2011/05/16 22:58:31.0520 0720 s1018mgmt (455f361d8d605f059c83ab1016ad0e00) C:\Windows\system32\DRIVERS\s1018mgmt.sys 2011/05/16 22:58:31.0542 0720 s1018nd5 (3f69ca63b7157885abbe8f4d559aec8a) C:\Windows\system32\DRIVERS\s1018nd5.sys 2011/05/16 22:58:31.0568 0720 s1018obex (fd370af1c196e2b339ea32819bec1b9a) C:\Windows\system32\DRIVERS\s1018obex.sys 2011/05/16 22:58:31.0602 0720 s1018unic (0a46da0b8b162af0efb33bea11a6ef3a) C:\Windows\system32\DRIVERS\s1018unic.sys 2011/05/16 22:58:31.0635 0720 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 2011/05/16 22:58:31.0660 0720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 2011/05/16 22:58:31.0693 0720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/16 22:58:31.0717 0720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/16 22:58:31.0752 0720 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys 2011/05/16 22:58:31.0768 0720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/16 22:58:31.0793 0720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/16 22:58:31.0821 0720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/16 22:58:31.0858 0720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2011/05/16 22:58:31.0873 0720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/16 22:58:31.0892 0720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/16 22:58:31.0902 0720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/16 22:58:31.0933 0720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/16 22:58:31.0955 0720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/16 22:58:31.0989 0720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/16 22:58:32.0013 0720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/16 22:58:32.0068 0720 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/05/16 22:58:32.0068 0720 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/05/16 22:58:32.0073 0720 sptd - detected LockedFile.Multi.Generic (1) 2011/05/16 22:58:32.0114 0720 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys 2011/05/16 22:58:32.0138 0720 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/16 22:58:32.0163 0720 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/16 22:58:32.0192 0720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/16 22:58:32.0224 0720 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 2011/05/16 22:58:32.0244 0720 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 2011/05/16 22:58:32.0260 0720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 2011/05/16 22:58:32.0323 0720 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys 2011/05/16 22:58:32.0364 0720 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/16 22:58:32.0404 0720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/16 22:58:32.0425 0720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/16 22:58:32.0442 0720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/16 22:58:32.0484 0720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/16 22:58:32.0507 0720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 2011/05/16 22:58:32.0559 0720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/16 22:58:32.0582 0720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 2011/05/16 22:58:32.0621 0720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/16 22:58:32.0637 0720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/16 22:58:32.0668 0720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/16 22:58:32.0716 0720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/16 22:58:32.0743 0720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 2011/05/16 22:58:32.0765 0720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/16 22:58:32.0823 0720 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 2011/05/16 22:58:32.0868 0720 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 2011/05/16 22:58:32.0905 0720 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/16 22:58:32.0941 0720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 2011/05/16 22:58:32.0968 0720 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/16 22:58:32.0998 0720 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys 2011/05/16 22:58:33.0026 0720 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/16 22:58:33.0059 0720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/16 22:58:33.0100 0720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/16 22:58:33.0122 0720 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/16 22:58:33.0148 0720 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/16 22:58:33.0197 0720 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys 2011/05/16 22:58:33.0237 0720 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys 2011/05/16 22:58:33.0256 0720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 2011/05/16 22:58:33.0282 0720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/16 22:58:33.0300 0720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/16 22:58:33.0322 0720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 2011/05/16 22:58:33.0357 0720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 2011/05/16 22:58:33.0395 0720 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 2011/05/16 22:58:33.0411 0720 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 2011/05/16 22:58:33.0432 0720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 2011/05/16 22:58:33.0465 0720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 2011/05/16 22:58:33.0482 0720 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 2011/05/16 22:58:33.0513 0720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/16 22:58:33.0538 0720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/05/16 22:58:33.0557 0720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/16 22:58:33.0586 0720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/16 22:58:33.0617 0720 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/16 22:58:33.0627 0720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/16 22:58:33.0654 0720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/16 22:58:33.0684 0720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/16 22:58:33.0727 0720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/16 22:58:33.0750 0720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/16 22:58:33.0813 0720 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/16 22:58:33.0839 0720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/16 22:58:33.0868 0720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/16 22:58:33.0908 0720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 2011/05/16 22:58:33.0932 0720 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/16 22:58:33.0990 0720 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys 2011/05/16 22:58:34.0048 0720 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 2011/05/16 22:58:34.0125 0720 ================================================================================ 2011/05/16 22:58:34.0125 0720 Scan finished 2011/05/16 22:58:34.0125 0720 ================================================================================ 2011/05/16 22:58:34.0134 2340 Detected object count: 1 2011/05/16 22:58:50.0054 2340 LockedFile.Multi.Generic(sptd) - User select action: Skip |
|
16.05.2011, 21:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery eingefangen! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2011, 22:12
| #9 |
| | Windows Recovery eingefangen! Combo-Fix-Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-16.01 - boelzebub 16.05.2011 23:09:44.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.12279.10365 [GMT 2:00]
ausgeführt von:: c:\users\boelzebub\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeC64A.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-16 bis 2011-05-16 ))))))))))))))))))))))))))))))
.
.
2011-05-16 21:12 . 2011-05-16 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-16 20:14 . 2011-05-16 20:14 -------- d-----w- C:\_OTL
2011-05-16 19:09 . 2011-05-16 19:09 -------- d-----w- c:\users\boelzebub\AppData\Roaming\Avira
2011-05-16 13:48 . 2011-05-16 13:48 -------- d-----w- c:\programdata\Avira
2011-05-16 13:48 . 2011-04-01 15:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-16 13:48 . 2011-04-01 15:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-16 06:37 . 2011-05-16 06:37 -------- d-----w- c:\users\boelzebub\AppData\Roaming\Malwarebytes
2011-05-16 06:37 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-16 06:37 . 2011-05-16 06:37 -------- d-----w- c:\programdata\Malwarebytes
2011-05-16 06:37 . 2011-05-16 08:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-16 06:37 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-12 05:23 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-12 05:23 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-12 05:23 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-08 15:11 . 2011-05-08 15:11 -------- d-----w- c:\programdata\FreeRIP
2011-05-08 15:10 . 2011-05-08 15:12 -------- d-----w- c:\program files (x86)\FreeRIP3
2011-05-04 14:26 . 2011-05-04 14:26 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-05-04 09:11 . 2011-05-16 05:29 -------- d-----w- C:\VritualRoot
2011-05-04 09:05 . 2011-05-04 09:13 -------- d-----w- c:\programdata\Comodo
2011-05-04 09:04 . 2011-05-04 09:04 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-05-04 08:41 . 2011-05-04 08:41 -------- d-----w- c:\program files\CCleaner
2011-05-04 07:39 . 2011-05-04 07:39 1431160 ----a-w- c:\users\boelzebub\AppData\Roaming\Microsoft\Windows\Templates\The_World.exe
2011-05-04 06:21 . 2011-05-04 06:21 -------- d-----w- c:\program files (x86)\ProtectDisc Driver Installer
2011-05-04 06:20 . 2011-05-04 06:20 -------- d-----w- c:\users\boelzebub\AppData\Roaming\ProtectDISC
2011-05-04 05:28 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B353EE0-ED20-469B-B8C8-E7C56C16990F}\mpengine.dll
2011-05-03 08:13 . 2011-05-03 08:18 -------- d-----w- c:\users\boelzebub\AppData\Local\Panda3D
2011-05-03 08:13 . 2011-03-03 01:47 292520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppanda3d.dll
2011-05-03 08:13 . 2011-05-03 08:13 -------- d-----w- c:\program files (x86)\Panda3D
2011-05-02 09:16 . 2011-05-02 09:16 -------- d-----w- c:\users\boelzebub\AppData\Roaming\News File Grabber
2011-05-02 09:16 . 2011-05-02 09:16 -------- d-----w- c:\program files (x86)\RSBR-Software
2011-04-22 18:03 . 2011-04-22 18:03 -------- d-----w- c:\program files (x86)\KONAMI
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 15:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-12 15:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 13:29 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 06:34 . 2011-04-15 10:53 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 10:53 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-15 10:53 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-15 10:53 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:29 . 2011-04-15 10:52 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 10:52 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-07 06:31 . 2011-04-15 10:53 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 05:33 . 2011-04-15 10:53 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-07 04:24 . 2011-04-15 10:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-07 03:52 . 2011-04-15 10:53 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-03 06:24 . 2011-04-15 10:52 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-15 10:52 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-15 10:52 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-15 10:53 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 04:56 . 2011-04-15 10:51 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-15 10:53 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-15 10:53 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-15 10:53 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-15 10:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-15 10:51 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-15 10:51 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 12:05 . 2011-03-11 10:56 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-11 10:56 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-11 10:56 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-15 10:53 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-15 10:53 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-03-11 10:56 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-11 10:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-15 10:53 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-15 10:53 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 14:36 . 2011-02-18 14:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 10:56 . 2011-04-15 10:54 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:43 . 2011-04-15 10:54 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-140"="c:\program files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2008-04-15 1675264]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2011-02-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\users\boelzebub\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 npkusvc;npkusvc;c:\users\boelzebub\AppData\Roaming\Microsoft\Windows\Templates\5400_25324\npkusvc.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;e:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000Core.job
- c:\users\boelzebub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-30 05:15]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1701181921-1980799291-2397479354-1000UA.job
- c:\users\boelzebub\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-30 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Dragon Age Redesigned© - c:\users\boelzebub\Documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-16 23:13:18
ComboFix-quarantined-files.txt 2011-05-16 21:13
.
Vor Suchlauf: 12 Verzeichnis(se), 143.425.875.968 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 143.366.410.240 Bytes frei
.
- - End Of File - - 9B078A12BBE6024CDF3C4DE54679FDF9
|
|
16.05.2011, 22:19
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery eingefangen! Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2011, 22:38
| #11 |
| | Windows Recovery eingefangen! Hier das GMER Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-16 23:37:15
Windows 6.1.7601 Service Pack 1
Running: 6qlbl0gv.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x41 0x4C 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC6 0x5E 0x1C 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0xB7 0x09 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD2 0x9F 0x91 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x41 0x4C 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC6 0x5E 0x1C 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x58 0xB7 0x09 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xD2 0x9F 0x91 0x6B ...
---- EOF - GMER 1.0.15 ----
Und hier der MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x00000f7c Kernel Drivers (total 201): 0x02E61000 \SystemRoot\system32\ntoskrnl.exe 0x02E18000 \SystemRoot\system32\hal.dll 0x00BAE000 \SystemRoot\system32\kdcom.dll 0x00C1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C6B000 \SystemRoot\system32\PSHED.dll 0x00C7F000 \SystemRoot\system32\CLFS.SYS 0x00CDD000 \SystemRoot\system32\CI.dll 0x00E17000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EBB000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00ECA000 \SystemRoot\System32\Drivers\spuh.sys 0x00FF0000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x00D9D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x010F2000 \SystemRoot\system32\drivers\ACPI.sys 0x01149000 \SystemRoot\system32\drivers\msisadrv.sys 0x01153000 \SystemRoot\system32\drivers\vdrvroot.sys 0x01160000 \SystemRoot\system32\drivers\pci.sys 0x01193000 \SystemRoot\System32\drivers\partmgr.sys 0x011A8000 \SystemRoot\system32\drivers\volmgr.sys 0x01000000 \SystemRoot\System32\drivers\volmgrx.sys 0x0105C000 \SystemRoot\system32\drivers\pciide.sys 0x01063000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x01073000 \SystemRoot\System32\drivers\mountmgr.sys 0x0108D000 \SystemRoot\system32\drivers\vmbus.sys 0x010C9000 \SystemRoot\system32\drivers\winhv.sys 0x010DD000 \SystemRoot\system32\drivers\atapi.sys 0x011BD000 \SystemRoot\system32\drivers\ataport.SYS 0x011E7000 \SystemRoot\system32\drivers\amdxata.sys 0x012AF000 \SystemRoot\system32\drivers\fltmgr.sys 0x012FB000 \SystemRoot\system32\drivers\fileinfo.sys 0x01417000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0130F000 \SystemRoot\System32\Drivers\msrpc.sys 0x015BA000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0136D000 \SystemRoot\System32\Drivers\cng.sys 0x015D5000 \SystemRoot\System32\drivers\pcw.sys 0x015E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0166C000 \SystemRoot\system32\drivers\ndis.sys 0x0175F000 \SystemRoot\system32\drivers\NETIO.SYS 0x017BF000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x018DE000 \SystemRoot\System32\drivers\tcpip.sys 0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01B2C000 \SystemRoot\system32\drivers\vmstorfl.sys 0x01B3C000 \SystemRoot\system32\drivers\volsnap.sys 0x01B88000 \SystemRoot\System32\Drivers\spldr.sys 0x01B90000 \SystemRoot\System32\drivers\rdyboost.sys 0x01BCA000 \SystemRoot\System32\Drivers\mup.sys 0x01BDC000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys 0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x018B6000 \SystemRoot\System32\Drivers\Null.SYS 0x018BF000 \SystemRoot\System32\Drivers\Beep.SYS 0x018C6000 \SystemRoot\System32\drivers\vga.sys 0x0162A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01BE5000 \SystemRoot\System32\drivers\watchdog.sys 0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x018D4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0164F000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01658000 \SystemRoot\System32\Drivers\Msfs.SYS 0x017EA000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01200000 \SystemRoot\system32\DRIVERS\tdx.sys 0x015F0000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01222000 \SystemRoot\system32\drivers\afd.sys 0x04030000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04075000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x0407E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x040A4000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x040BA000 \SystemRoot\system32\DRIVERS\netbios.sys 0x040C9000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x0410C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04127000 \SystemRoot\system32\drivers\termdd.sys 0x0413B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0418C000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04198000 \SystemRoot\system32\drivers\mssmbios.sys 0x041A3000 \SystemRoot\System32\drivers\discache.sys 0x02E1F000 \SystemRoot\system32\drivers\csc.sys 0x02EA2000 \SystemRoot\System32\Drivers\dfsc.sys 0x02EC0000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x02ED1000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x02EF3000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02F19000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0F275000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FF9F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x06EBA000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x06FAE000 \SystemRoot\System32\drivers\dxgmms1.sys 0x06E00000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x06E0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x06E63000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x06E74000 \SystemRoot\system32\drivers\HDAudBus.sys 0x0FFA1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x0F200000 \SystemRoot\system32\drivers\1394ohci.sys 0x06E98000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x06EA5000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x0F23E000 \SystemRoot\system32\drivers\CompositeBus.sys 0x0F24E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x02F2F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x06EAD000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x02F53000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02F82000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02F9D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x02FBE000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x06FF4000 \SystemRoot\system32\DRIVERS\hamachi.sys 0x0F264000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x02FD8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x02FE7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x02E00000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x0F26F000 \SystemRoot\system32\drivers\swenum.sys 0x041B2000 \SystemRoot\system32\drivers\ks.sys 0x02E0C000 \SystemRoot\system32\drivers\umbus.sys 0x078AC000 \SystemRoot\system32\drivers\usbhub.sys 0x07906000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0791B000 \SystemRoot\system32\drivers\HdAudio.sys 0x07977000 \SystemRoot\system32\drivers\portcls.sys 0x079B4000 \SystemRoot\system32\drivers\drmk.sys 0x079D6000 \SystemRoot\system32\drivers\ksthunk.sys 0x079DC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x079EA000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x079F6000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x07800000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00000000 \SystemRoot\System32\win32k.sys 0x07813000 \SystemRoot\System32\drivers\Dxapi.sys 0x0781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0783C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0783E000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x07850000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x07859000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x07867000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x07880000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x0788E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0789B000 \SystemRoot\system32\DRIVERS\point64.sys 0x04000000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x020D2000 \SystemRoot\system32\DRIVERS\netr28ux.sys 0x021AE000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x021BB000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004C0000 \SystemRoot\System32\TSDDD.dll 0x00650000 \SystemRoot\System32\cdd.dll 0x00900000 \SystemRoot\System32\ATMFD.DLL 0x021C9000 \SystemRoot\system32\drivers\luafv.sys 0x02000000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x0201D000 \SystemRoot\system32\drivers\WudfPf.sys 0x0203E000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02053000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x020A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x020B9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0C2DE000 \SystemRoot\system32\drivers\HTTP.sys 0x0C3A7000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0C3C5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0C200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0C22D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0C27A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0C648000 \??\C:\Windows\system32\drivers\acedrv11.sys 0x0C6A2000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x0C6F1000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x0C6FE000 \SystemRoot\system32\drivers\peauth.sys 0x0C7A4000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0C7AF000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0C7E0000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0CA85000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0CAEF000 \SystemRoot\System32\DRIVERS\srv.sys 0x0CB87000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x0CA71000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x0CBD6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77A10000 \Windows\System32\ntdll.dll 0x47DB0000 \Windows\System32\smss.exe 0xFFD30000 \Windows\System32\apisetschema.dll 0xFF720000 \Windows\System32\autochk.exe 0xFFC80000 \Windows\System32\msvcrt.dll 0xFFC00000 \Windows\System32\difxapi.dll 0xFFAD0000 \Windows\System32\wininet.dll 0xFFAC0000 \Windows\System32\lpk.dll 0xFF990000 \Windows\System32\rpcrt4.dll 0x77910000 \Windows\System32\user32.dll 0xFF910000 \Windows\System32\shlwapi.dll |
|
16.05.2011, 22:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery eingefangen! Das mbrcheck-Log ist nicht vollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2011, 23:01
| #13 |
| | Windows Recovery eingefangen! Tut mir leid. Da war ich wohl ein bischen ungeduldig :-) Hier nun vollständig: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x00000f7c Kernel Drivers (total 201): 0x02E61000 \SystemRoot\system32\ntoskrnl.exe 0x02E18000 \SystemRoot\system32\hal.dll 0x00BAE000 \SystemRoot\system32\kdcom.dll 0x00C1C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C6B000 \SystemRoot\system32\PSHED.dll 0x00C7F000 \SystemRoot\system32\CLFS.SYS 0x00CDD000 \SystemRoot\system32\CI.dll 0x00E17000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00EBB000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00ECA000 \SystemRoot\System32\Drivers\spuh.sys 0x00FF0000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x00D9D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x010F2000 \SystemRoot\system32\drivers\ACPI.sys 0x01149000 \SystemRoot\system32\drivers\msisadrv.sys 0x01153000 \SystemRoot\system32\drivers\vdrvroot.sys 0x01160000 \SystemRoot\system32\drivers\pci.sys 0x01193000 \SystemRoot\System32\drivers\partmgr.sys 0x011A8000 \SystemRoot\system32\drivers\volmgr.sys 0x01000000 \SystemRoot\System32\drivers\volmgrx.sys 0x0105C000 \SystemRoot\system32\drivers\pciide.sys 0x01063000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x01073000 \SystemRoot\System32\drivers\mountmgr.sys 0x0108D000 \SystemRoot\system32\drivers\vmbus.sys 0x010C9000 \SystemRoot\system32\drivers\winhv.sys 0x010DD000 \SystemRoot\system32\drivers\atapi.sys 0x011BD000 \SystemRoot\system32\drivers\ataport.SYS 0x011E7000 \SystemRoot\system32\drivers\amdxata.sys 0x012AF000 \SystemRoot\system32\drivers\fltmgr.sys 0x012FB000 \SystemRoot\system32\drivers\fileinfo.sys 0x01417000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0130F000 \SystemRoot\System32\Drivers\msrpc.sys 0x015BA000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0136D000 \SystemRoot\System32\Drivers\cng.sys 0x015D5000 \SystemRoot\System32\drivers\pcw.sys 0x015E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x0166C000 \SystemRoot\system32\drivers\ndis.sys 0x0175F000 \SystemRoot\system32\drivers\NETIO.SYS 0x017BF000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x018DE000 \SystemRoot\System32\drivers\tcpip.sys 0x01AE2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01B2C000 \SystemRoot\system32\drivers\vmstorfl.sys 0x01B3C000 \SystemRoot\system32\drivers\volsnap.sys 0x01B88000 \SystemRoot\System32\Drivers\spldr.sys 0x01B90000 \SystemRoot\System32\drivers\rdyboost.sys 0x01BCA000 \SystemRoot\System32\Drivers\mup.sys 0x01BDC000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys 0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x018B6000 \SystemRoot\System32\Drivers\Null.SYS 0x018BF000 \SystemRoot\System32\Drivers\Beep.SYS 0x018C6000 \SystemRoot\System32\drivers\vga.sys 0x0162A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01BE5000 \SystemRoot\System32\drivers\watchdog.sys 0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x018D4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x0164F000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01658000 \SystemRoot\System32\Drivers\Msfs.SYS 0x017EA000 \SystemRoot\System32\Drivers\Npfs.SYS 0x01200000 \SystemRoot\system32\DRIVERS\tdx.sys 0x015F0000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x01222000 \SystemRoot\system32\drivers\afd.sys 0x04030000 \SystemRoot\System32\DRIVERS\netbt.sys 0x04075000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x0407E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x040A4000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x040BA000 \SystemRoot\system32\DRIVERS\netbios.sys 0x040C9000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x0410C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x04127000 \SystemRoot\system32\drivers\termdd.sys 0x0413B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x0418C000 \SystemRoot\system32\drivers\nsiproxy.sys 0x04198000 \SystemRoot\system32\drivers\mssmbios.sys 0x041A3000 \SystemRoot\System32\drivers\discache.sys 0x02E1F000 \SystemRoot\system32\drivers\csc.sys 0x02EA2000 \SystemRoot\System32\Drivers\dfsc.sys 0x02EC0000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x02ED1000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x02EF3000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x02F19000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x0F275000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FF9F000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x06EBA000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x06FAE000 \SystemRoot\System32\drivers\dxgmms1.sys 0x06E00000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x06E0D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x06E63000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x06E74000 \SystemRoot\system32\drivers\HDAudBus.sys 0x0FFA1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x0F200000 \SystemRoot\system32\drivers\1394ohci.sys 0x06E98000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x06EA5000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x0F23E000 \SystemRoot\system32\drivers\CompositeBus.sys 0x0F24E000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x02F2F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x06EAD000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x02F53000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02F82000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02F9D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x02FBE000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x06FF4000 \SystemRoot\system32\DRIVERS\hamachi.sys 0x0F264000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x02FD8000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x02FE7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x02E00000 \SystemRoot\system32\DRIVERS\seehcri.sys 0x0F26F000 \SystemRoot\system32\drivers\swenum.sys 0x041B2000 \SystemRoot\system32\drivers\ks.sys 0x02E0C000 \SystemRoot\system32\drivers\umbus.sys 0x078AC000 \SystemRoot\system32\drivers\usbhub.sys 0x07906000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0791B000 \SystemRoot\system32\drivers\HdAudio.sys 0x07977000 \SystemRoot\system32\drivers\portcls.sys 0x079B4000 \SystemRoot\system32\drivers\drmk.sys 0x079D6000 \SystemRoot\system32\drivers\ksthunk.sys 0x079DC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x079EA000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x079F6000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x07800000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x00000000 \SystemRoot\System32\win32k.sys 0x07813000 \SystemRoot\System32\drivers\Dxapi.sys 0x0781F000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0783C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0783E000 \SystemRoot\system32\DRIVERS\dc3d.sys 0x07850000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x07859000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x07867000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x07880000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x0788E000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0789B000 \SystemRoot\system32\DRIVERS\point64.sys 0x04000000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x020D2000 \SystemRoot\system32\DRIVERS\netr28ux.sys 0x021AE000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x021BB000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004C0000 \SystemRoot\System32\TSDDD.dll 0x00650000 \SystemRoot\System32\cdd.dll 0x00900000 \SystemRoot\System32\ATMFD.DLL 0x021C9000 \SystemRoot\system32\drivers\luafv.sys 0x02000000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x0201D000 \SystemRoot\system32\drivers\WudfPf.sys 0x0203E000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02053000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x020A6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x020B9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0C2DE000 \SystemRoot\system32\drivers\HTTP.sys 0x0C3A7000 \SystemRoot\system32\DRIVERS\bowser.sys 0x0C3C5000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0C200000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x0C22D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0C27A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x0C648000 \??\C:\Windows\system32\drivers\acedrv11.sys 0x0C6A2000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x0C6F1000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x0C6FE000 \SystemRoot\system32\drivers\peauth.sys 0x0C7A4000 \SystemRoot\System32\Drivers\secdrv.SYS 0x0C7AF000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0C7E0000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0CA85000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0CAEF000 \SystemRoot\System32\DRIVERS\srv.sys 0x0CB87000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x0CA71000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x0CBD6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77A10000 \Windows\System32\ntdll.dll 0x47DB0000 \Windows\System32\smss.exe 0xFFD30000 \Windows\System32\apisetschema.dll 0xFF720000 \Windows\System32\autochk.exe 0xFFC80000 \Windows\System32\msvcrt.dll 0xFFC00000 \Windows\System32\difxapi.dll 0xFFAD0000 \Windows\System32\wininet.dll 0xFFAC0000 \Windows\System32\lpk.dll 0xFF990000 \Windows\System32\rpcrt4.dll 0x77910000 \Windows\System32\user32.dll 0xFF910000 \Windows\System32\shlwapi.dll 0x777F0000 \Windows\System32\kernel32.dll 0xFF800000 \Windows\System32\msctf.dll 0x77BE0000 \Windows\System32\psapi.dll 0xFF730000 \Windows\System32\usp10.dll 0xFF690000 \Windows\System32\clbcatq.dll 0xFF5F0000 \Windows\System32\comdlg32.dll 0xFF590000 \Windows\System32\Wldap32.dll 0xFF330000 \Windows\System32\iertutil.dll 0xFF310000 \Windows\System32\imagehlp.dll 0xFF100000 \Windows\System32\ole32.dll 0xFE370000 \Windows\System32\shell32.dll 0xFE290000 \Windows\System32\oleaut32.dll 0xFE1B0000 \Windows\System32\advapi32.dll 0xFE140000 \Windows\System32\gdi32.dll 0x77BD0000 \Windows\System32\normaliz.dll 0xFE120000 \Windows\System32\sechost.dll 0xFDFA0000 \Windows\System32\urlmon.dll 0xFDF50000 \Windows\System32\ws2_32.dll 0xFDF40000 \Windows\System32\nsi.dll 0xFDD60000 \Windows\System32\setupapi.dll 0xFDD30000 \Windows\System32\imm32.dll 0xFDCF0000 \Windows\System32\cfgmgr32.dll 0xFDB80000 \Windows\System32\crypt32.dll 0xFDB40000 \Windows\System32\wintrust.dll 0xFDB20000 \Windows\System32\devobj.dll 0xFDAB0000 \Windows\System32\KernelBase.dll 0xFDA10000 \Windows\System32\comctl32.dll 0xFDA00000 \Windows\System32\msasn1.dll Processes (total 52): 0 System Idle Process 4 System 284 C:\Windows\System32\smss.exe 376 csrss.exe 492 C:\Windows\System32\wininit.exe 520 csrss.exe 552 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 580 C:\Windows\System32\lsm.exe 676 C:\Windows\System32\winlogon.exe 744 C:\Windows\System32\svchost.exe 844 C:\Windows\System32\nvvsvc.exe 884 C:\Windows\System32\svchost.exe 972 C:\Windows\System32\svchost.exe 1016 C:\Windows\System32\svchost.exe 312 C:\Windows\System32\svchost.exe 424 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\nvvsvc.exe 1168 C:\Windows\System32\svchost.exe 1404 C:\Windows\System32\spoolsv.exe 1432 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1480 C:\Windows\System32\svchost.exe 1640 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 1688 E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe 1744 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 1756 C:\Windows\System32\conhost.exe 1944 C:\Windows\System32\svchost.exe 1980 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1736 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2360 WUDFHost.exe 2400 C:\Windows\System32\svchost.exe 2716 C:\Windows\System32\taskhost.exe 2896 C:\Windows\System32\dwm.exe 2928 C:\Windows\explorer.exe 2856 C:\Windows\System32\svchost.exe 404 C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe 3068 C:\Program Files (x86)\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe 2832 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 1336 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2688 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2596 C:\Windows\System32\SearchIndexer.exe 3356 C:\Program Files\Windows Media Player\wmpnetwk.exe 2864 C:\Windows\SysWOW64\svchost.exe 2392 C:\Program Files\Internet Explorer\iexplore.exe 1300 C:\Program Files\Internet Explorer\iexplore.exe 3136 C:\Windows\System32\audiodg.exe 1120 C:\Windows\System32\SearchProtocolHost.exe 2576 C:\Windows\System32\SearchFilterHost.exe 1648 taskhost.exe 2760 C:\Users\boelzebub\Desktop\MBRCheck.exe 2876 C:\Windows\System32\conhost.exe 3660 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x000000aa`e6100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000030`d4100000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
16.05.2011, 23:04
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Recovery eingefangen! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.05.2011, 23:59
| #15 |
| | Windows Recovery eingefangen! Hier schon mal die Malwarebytes Log-Datei: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6593 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 17.05.2011 00:55:07 mbam-log-2011-05-17 (00-55-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 323188 Laufzeit: 42 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
| Themen zu Windows Recovery eingefangen! |
| anhang, anleitung, bildschirm, desktop, eingefangen, entfernen, entfernt, fenster, festplatte, forum, gen, großes, hochfahren, kompetent, komplette, malwarebytes, morgen, platte, rechner, recovery, schei, schwarzer bildschirm, seite, thema, weiße, windows |
Textbox.
.
Linear-Darstellung
