Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien

Pfälzermäd · 17.05.2011, 20:41

Also... der Rechner wurde gleich nach dem Fixen neu gestartet und dann hat er das Logfile angezeigt.

========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: toolbar-ff@payback.de:1.0.5.76 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
Folder move failed. C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\search\engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content scheduled to be moved on reboot.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.
Folder move failed. C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchList deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1739c819-a964-11de-a7f1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1739c819-a964-11de-a7f1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1739c819-a964-11de-a7f1-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7109009-6e3d-11df-9f59-00269e5ff738}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7109009-6e3d-11df-9f59-00269e5ff738}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7109009-6e3d-11df-9f59-00269e5ff738}\ not found.
File F:\Startme.exe not found.
C:\ProgramData\~44293880r moved successfully.
C:\ProgramData\~44293880 moved successfully.
C:\ProgramData\44293880 moved successfully.
C:\Users\bischoff\Desktop\Windows 7 Recovery.lnk moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_213337

Files\Folders moved on Reboot...
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\bischoff\AppData\Roaming\mozilla\Firefox\Profiles\i10k49t2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 18.05.2011, 09:21

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Pfälzermäd · 18.05.2011, 11:27

Hier das Log von Kaspersky:

2011/05/18 12:14:12.0731 2732 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/18 12:14:13.0110 2732 ================================================================================
2011/05/18 12:14:13.0110 2732 SystemInfo:
2011/05/18 12:14:13.0110 2732
2011/05/18 12:14:13.0110 2732 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/18 12:14:13.0110 2732 Product type: Workstation
2011/05/18 12:14:13.0111 2732 ComputerName: BISCHOFF-PC
2011/05/18 12:14:13.0111 2732 UserName: bischoff
2011/05/18 12:14:13.0111 2732 Windows directory: C:\Windows
2011/05/18 12:14:13.0111 2732 System windows directory: C:\Windows
2011/05/18 12:14:13.0111 2732 Running under WOW64
2011/05/18 12:14:13.0111 2732 Processor architecture: Intel x64
2011/05/18 12:14:13.0111 2732 Number of processors: 2
2011/05/18 12:14:13.0111 2732 Page size: 0x1000
2011/05/18 12:14:13.0111 2732 Boot type: Normal boot
2011/05/18 12:14:13.0111 2732 ================================================================================
2011/05/18 12:14:14.0435 2732 Initialize success
2011/05/18 12:14:57.0164 3732 ================================================================================
2011/05/18 12:14:57.0164 3732 Scan started
2011/05/18 12:14:57.0164 3732 Mode: Manual;
2011/05/18 12:14:57.0164 3732 ================================================================================
2011/05/18 12:14:57.0725 3732 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/18 12:14:57.0808 3732 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/18 12:14:57.0854 3732 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/18 12:14:57.0920 3732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/18 12:14:57.0995 3732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/18 12:14:58.0023 3732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/18 12:14:58.0115 3732 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/18 12:14:58.0195 3732 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/05/18 12:14:58.0280 3732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/18 12:14:58.0345 3732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/18 12:14:58.0368 3732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/18 12:14:58.0428 3732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/18 12:14:58.0459 3732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/18 12:14:58.0532 3732 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/18 12:14:58.0595 3732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/18 12:14:58.0655 3732 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/18 12:14:58.0717 3732 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/18 12:14:58.0802 3732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/18 12:14:58.0845 3732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/18 12:14:58.0913 3732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/18 12:14:58.0963 3732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/18 12:14:59.0066 3732 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/18 12:14:59.0201 3732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/18 12:14:59.0283 3732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/18 12:14:59.0342 3732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/18 12:14:59.0419 3732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/18 12:14:59.0479 3732 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/18 12:14:59.0529 3732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/18 12:14:59.0557 3732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/18 12:14:59.0602 3732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/18 12:14:59.0650 3732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/18 12:14:59.0673 3732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/18 12:14:59.0703 3732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/18 12:14:59.0739 3732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/18 12:14:59.0784 3732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/18 12:14:59.0875 3732 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/18 12:14:59.0946 3732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/18 12:14:59.0990 3732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/18 12:15:00.0076 3732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/18 12:15:00.0114 3732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/18 12:15:00.0161 3732 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/18 12:15:00.0244 3732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/18 12:15:00.0307 3732 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/18 12:15:00.0368 3732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/18 12:15:00.0464 3732 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/18 12:15:00.0500 3732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/18 12:15:00.0558 3732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/18 12:15:00.0630 3732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/18 12:15:00.0701 3732 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/18 12:15:00.0821 3732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/18 12:15:00.0993 3732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/18 12:15:01.0022 3732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/18 12:15:01.0101 3732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/18 12:15:01.0137 3732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/18 12:15:01.0208 3732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/18 12:15:01.0267 3732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/18 12:15:01.0300 3732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/18 12:15:01.0360 3732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/18 12:15:01.0388 3732 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/18 12:15:01.0439 3732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/18 12:15:01.0464 3732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/18 12:15:01.0549 3732 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/18 12:15:01.0592 3732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/18 12:15:01.0709 3732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/18 12:15:01.0780 3732 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/18 12:15:01.0843 3732 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/18 12:15:01.0867 3732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/18 12:15:01.0902 3732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/18 12:15:01.0934 3732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/18 12:15:01.0991 3732 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/18 12:15:02.0080 3732 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/18 12:15:02.0142 3732 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/18 12:15:02.0219 3732 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/18 12:15:02.0265 3732 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/18 12:15:02.0333 3732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/18 12:15:02.0389 3732 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/18 12:15:02.0595 3732 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/18 12:15:02.0753 3732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/18 12:15:02.0799 3732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/18 12:15:02.0872 3732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/18 12:15:02.0895 3732 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/18 12:15:02.0934 3732 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/18 12:15:02.0983 3732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/18 12:15:03.0032 3732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/18 12:15:03.0059 3732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/18 12:15:03.0105 3732 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/18 12:15:03.0178 3732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/18 12:15:03.0237 3732 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/18 12:15:03.0291 3732 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/18 12:15:03.0332 3732 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/18 12:15:03.0361 3732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/18 12:15:03.0462 3732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/18 12:15:03.0545 3732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/18 12:15:03.0595 3732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/18 12:15:03.0615 3732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/18 12:15:03.0657 3732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/18 12:15:03.0718 3732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/18 12:15:03.0766 3732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/18 12:15:03.0809 3732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/18 12:15:03.0852 3732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/18 12:15:03.0900 3732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/18 12:15:03.0962 3732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/18 12:15:04.0017 3732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/18 12:15:04.0043 3732 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/18 12:15:04.0140 3732 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/18 12:15:04.0197 3732 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/18 12:15:04.0265 3732 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/18 12:15:04.0312 3732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/18 12:15:04.0345 3732 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/18 12:15:04.0394 3732 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/18 12:15:04.0414 3732 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/18 12:15:04.0469 3732 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/18 12:15:04.0517 3732 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/18 12:15:04.0557 3732 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/18 12:15:04.0624 3732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/18 12:15:04.0653 3732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/18 12:15:04.0668 3732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/18 12:15:04.0746 3732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/18 12:15:04.0786 3732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/18 12:15:04.0809 3732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/18 12:15:04.0858 3732 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/18 12:15:04.0891 3732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/18 12:15:04.0925 3732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/18 12:15:04.0957 3732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/18 12:15:05.0015 3732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/18 12:15:05.0082 3732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/18 12:15:05.0164 3732 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/18 12:15:05.0231 3732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/18 12:15:05.0281 3732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/18 12:15:05.0339 3732 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/18 12:15:05.0368 3732 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/18 12:15:05.0398 3732 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/18 12:15:05.0428 3732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/18 12:15:05.0469 3732 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/18 12:15:05.0663 3732 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/05/18 12:15:05.0847 3732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/18 12:15:05.0946 3732 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/18 12:15:06.0044 3732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/18 12:15:06.0070 3732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/18 12:15:06.0154 3732 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/18 12:15:06.0207 3732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/18 12:15:06.0287 3732 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/18 12:15:06.0597 3732 nvlddmkm (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/18 12:15:06.0718 3732 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/18 12:15:06.0772 3732 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/18 12:15:06.0847 3732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/18 12:15:06.0921 3732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/18 12:15:07.0020 3732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/18 12:15:07.0061 3732 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/18 12:15:07.0114 3732 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/18 12:15:07.0146 3732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/18 12:15:07.0227 3732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/18 12:15:07.0258 3732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/18 12:15:07.0383 3732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/18 12:15:07.0493 3732 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/18 12:15:07.0540 3732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/18 12:15:07.0627 3732 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/18 12:15:07.0701 3732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/18 12:15:07.0774 3732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/18 12:15:07.0823 3732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/18 12:15:07.0847 3732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/18 12:15:07.0902 3732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/18 12:15:07.0936 3732 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/18 12:15:07.0970 3732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/18 12:15:08.0025 3732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/18 12:15:08.0057 3732 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/18 12:15:08.0104 3732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/18 12:15:08.0127 3732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/18 12:15:08.0180 3732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/18 12:15:08.0220 3732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/18 12:15:08.0248 3732 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/18 12:15:08.0311 3732 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/18 12:15:08.0424 3732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/18 12:15:08.0489 3732 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
2011/05/18 12:15:08.0555 3732 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/18 12:15:08.0662 3732 s1018bus (301fba4594fb5c0a469299a65106b4aa) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/05/18 12:15:08.0697 3732 s1018mdfl (d1d7c744f79710357e60fc04d125ed01) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/05/18 12:15:08.0726 3732 s1018mdm (7dbe12cccd837d4266b2ddd80a329c09) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/05/18 12:15:08.0756 3732 s1018mgmt (065ff5e62d2d18a6d93fd925546cd549) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/05/18 12:15:08.0786 3732 s1018nd5 (5101d815bdf0d667e3d5f0ea727caaee) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/05/18 12:15:08.0819 3732 s1018obex (13f220c65b444ac9bda49dacfc3230bb) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/05/18 12:15:08.0849 3732 s1018unic (ce7d8bce80211d8a35f6bd7a87791860) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/05/18 12:15:08.0894 3732 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/18 12:15:08.0939 3732 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/18 12:15:09.0012 3732 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/18 12:15:09.0069 3732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/18 12:15:09.0136 3732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/18 12:15:09.0168 3732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/18 12:15:09.0201 3732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/18 12:15:09.0254 3732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/18 12:15:09.0283 3732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/18 12:15:09.0305 3732 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/18 12:15:09.0336 3732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/18 12:15:09.0404 3732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/18 12:15:09.0433 3732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/18 12:15:09.0503 3732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/18 12:15:09.0577 3732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/18 12:15:09.0649 3732 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/18 12:15:09.0701 3732 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/18 12:15:09.0768 3732 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/05/18 12:15:09.0823 3732 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/05/18 12:15:09.0900 3732 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/05/18 12:15:09.0993 3732 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/18 12:15:10.0082 3732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/18 12:15:10.0157 3732 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/05/18 12:15:10.0229 3732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/18 12:15:10.0307 3732 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/18 12:15:10.0408 3732 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/18 12:15:10.0541 3732 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/18 12:15:10.0589 3732 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/18 12:15:10.0622 3732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/18 12:15:10.0639 3732 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/18 12:15:10.0667 3732 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/18 12:15:10.0707 3732 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/18 12:15:10.0771 3732 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/18 12:15:10.0836 3732 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/18 12:15:10.0876 3732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/18 12:15:10.0909 3732 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/18 12:15:10.0955 3732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/18 12:15:11.0011 3732 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/18 12:15:11.0044 3732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/18 12:15:11.0113 3732 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/18 12:15:11.0164 3732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/18 12:15:11.0215 3732 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/18 12:15:11.0283 3732 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/18 12:15:11.0336 3732 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/05/18 12:15:11.0381 3732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/18 12:15:11.0424 3732 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/18 12:15:11.0453 3732 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/18 12:15:11.0524 3732 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/18 12:15:11.0593 3732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/18 12:15:11.0635 3732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/18 12:15:11.0665 3732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/18 12:15:11.0705 3732 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/18 12:15:11.0731 3732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/18 12:15:11.0773 3732 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/18 12:15:11.0807 3732 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/18 12:15:11.0837 3732 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/18 12:15:11.0863 3732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/18 12:15:11.0900 3732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/18 12:15:11.0961 3732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/18 12:15:12.0019 3732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/18 12:15:12.0081 3732 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 12:15:12.0107 3732 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/18 12:15:12.0180 3732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/18 12:15:12.0222 3732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/18 12:15:12.0316 3732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/18 12:15:12.0348 3732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/18 12:15:12.0462 3732 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/18 12:15:12.0518 3732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/18 12:15:12.0579 3732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/18 12:15:12.0627 3732 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/18 12:15:12.0679 3732 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/18 12:15:12.0767 3732 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/05/18 12:15:12.0837 3732 ================================================================================
2011/05/18 12:15:12.0837 3732 Scan finished
2011/05/18 12:15:12.0837 3732 ================================================================================

cosinus · 18.05.2011, 12:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Pfälzermäd · 18.05.2011, 13:09

Hier der Report:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-17.01 - bischoff 18.05.2011  13:31:13.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4063.2478 [GMT 2:00]
ausgeführt von:: c:\users\bischoff\Desktop\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-18 bis 2011-05-18  ))))))))))))))))))))))))))))))
.
.
2011-05-18 11:36 . 2011-05-18 11:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-18 10:07 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3DAAA42-F9C1-4EB0-9881-73926E7B7729}\mpengine.dll
2011-05-17 19:33 . 2011-05-17 19:33	--------	d-----w-	C:\_OTL
2011-05-16 13:03 . 2011-05-16 13:03	--------	d-----w-	c:\users\bischoff\AppData\Roaming\Malwarebytes
2011-05-16 13:03 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-16 13:03 . 2011-05-16 13:03	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-16 13:03 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-16 13:03 . 2011-05-17 08:14	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-10 18:53 . 2011-05-10 18:53	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-05-10 18:53 . 2010-09-15 02:50	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-05-10 18:20 . 2011-04-09 06:45	5509504	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-05-10 18:20 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:20 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 18:20 . 2011-03-25 03:23	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-05-10 18:20 . 2011-03-25 03:23	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-05-10 18:20 . 2011-03-25 03:23	324608	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-05-10 18:20 . 2011-03-25 03:22	52224	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-05-10 18:20 . 2011-03-25 03:22	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2011-05-10 18:20 . 2011-03-25 03:22	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-05-10 18:20 . 2011-03-25 03:22	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-05-05 19:59 . 2011-03-18 17:56	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-05 19:59 . 2011-03-18 17:56	781272	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-05 19:59 . 2011-03-18 17:56	728024	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-05 19:59 . 2011-03-18 17:56	1975768	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 19:59 . 2011-03-18 17:56	1893336	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-05 19:59 . 2011-03-18 17:56	1874904	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-05 19:59 . 2011-03-18 17:56	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-05 19:59 . 2011-03-18 17:56	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-27 08:52 . 2011-02-26 06:23	2870272	----a-w-	c:\windows\explorer.exe
2011-04-27 08:52 . 2011-02-26 05:33	2614784	----a-w-	c:\windows\SysWow64\explorer.exe
2011-04-27 08:52 . 2011-03-12 11:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-04-27 08:52 . 2011-03-12 12:03	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-21 18:59 . 2011-04-21 18:59	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 17:13 . 2011-03-09 08:25	1152832	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-11 08:21 . 2010-08-25 16:00	8802128	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-31 17:32 . 2011-03-02 21:35	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-29 20:38 . 2011-03-29 20:38	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-03-29 20:37 . 2011-03-02 20:35	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-29 19:36 . 2011-03-02 20:34	1220416	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-11 06:19 . 2011-04-14 17:08	1395712	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-14 17:08	1359872	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 17:08	1164288	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 17:08	1137664	----a-w-	c:\windows\SysWow64\mfc42.dll
2011-03-09 08:26 . 2011-03-09 08:26	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-08 06:14 . 2011-04-14 17:07	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-14 17:07	740864	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-04-27 08:52	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 08:52	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-14 17:07	182272	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-14 17:07	30208	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-14 17:07	28672	----a-w-	c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-14 17:08	3133440	----a-w-	c:\windows\system32\win32k.sys
2011-03-02 21:35 . 2011-03-02 21:35	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-02-24 06:30 . 2011-04-14 17:08	476160	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-24 06:29 . 2011-04-14 17:08	1197056	----a-w-	c:\windows\system32\wininet.dll
2011-02-24 06:24 . 2011-04-14 17:08	57856	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-24 05:32 . 2011-04-14 17:08	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-14 17:08	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-02-24 05:30 . 2011-04-14 17:08	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-02-24 05:05 . 2011-04-14 17:08	482816	----a-w-	c:\windows\system32\html.iec
2011-02-24 04:24 . 2011-04-14 17:08	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-24 04:23 . 2011-04-14 17:08	386048	----a-w-	c:\windows\SysWow64\html.iec
2011-02-24 03:50 . 2011-04-14 17:08	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-02-23 05:16 . 2011-04-14 17:08	461312	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-14 17:08	401920	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-14 17:08	161792	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-14 17:07	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-14 17:07	286720	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-14 17:07	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-14 17:07	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 20:27	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 20:27	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 20:27	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-14 17:08	46080	----a-w-	c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 20:27	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 20:27	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-14 17:08	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-14 17:08	367104	----a-w-	c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-14 17:08	294912	----a-w-	c:\windows\SysWow64\atmfd.dll
2011-02-18 06:37 . 2011-04-14 17:08	612352	----a-w-	c:\windows\system32\vbscript.dll
2011-02-18 05:36 . 2011-04-14 17:08	428032	----a-w-	c:\windows\SysWow64\vbscript.dll
2010-05-30 17:06 . 2010-05-30 17:10	1432080	----a-w-	c:\program files\setup_dm_Fotowelt.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-06-18 772096]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-23 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-19 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\bischoff\AppData\Roaming\Mozilla\Firefox\Profiles\i10k49t2.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-168927394-577395536-1844242911-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,c7,7e,23,f7,82,29,54,a7,6b,44,1e,61,b1,3e,63,51,5d,5f,12,fa,22,41,
   e7,cf,ff,88,1b,3f,9c,ce,76,92,77,d6,92,58,c4,d5,ef,f0,b2,99,3d,31,11,30,20,\
"??"=hex:52,57,98,19,37,aa,d9,ea,4c,15,e3,2a,ae,c8,75,b1
.
[HKEY_USERS\S-1-5-21-168927394-577395536-1844242911-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:0d,46,52,8e,86,83,87,0a,27,be,b0,54,01,ee,5e,cb,49,3e,e9,81,bf,
   89,6d,7e,6c,44,7f,9e,68,20,ad,36,ad,ea,54,c4,78,19,87,a5,0f,75,ef,ef,a4,88,\
"rkeysecu"=hex:8b,0d,55,47,80,5a,30,b0,94,6b,50,99,43,63,9a,5d
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-18  13:38:09
ComboFix-quarantined-files.txt  2011-05-18 11:38
.
Vor Suchlauf: 13 Verzeichnis(se), 229.742.592.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 233.020.600.320 Bytes frei
.
- - End Of File - - 608100E2748A1505AF6FE46B790DEDDC

--- --- ---

cosinus · 18.05.2011, 13:22

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Pfälzermäd · 18.05.2011, 15:36

GMER habe ich zwar durchgeführt aber irgendwie hat das mit der Zwischenablage nicht geklappt. Trotz anklicken von "Copy" hat er mir aus der Zwischenablage immer noch das vorhergehende LOG von ComboFix eingefügt. Weiß nicht wie ich sonst an das LOG komme.
Hier das MBRCheck-Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ71 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 229):
0x02C5F000 \SystemRoot\system32\ntoskrnl.exe
0x02C16000 \SystemRoot\system32\hal.dll
0x00BBC000 \SystemRoot\system32\kdcom.dll
0x00CCB000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D0F000 \SystemRoot\system32\PSHED.dll
0x00D23000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EAD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F51000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F60000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E16000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D81000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E87000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E97000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00E9E000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00EA5000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DDD000 \SystemRoot\System32\drivers\mountmgr.sys
0x010CA000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010F0000 \SystemRoot\system32\drivers\nvraid.sys
0x01118000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01148000 \SystemRoot\system32\DRIVERS\pciide.sys
0x0114F000 \SystemRoot\system32\DRIVERS\viaide.sys
0x01235000 \SystemRoot\system32\drivers\iaStorV.sys
0x01353000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0135C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01386000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01157000 \SystemRoot\system32\DRIVERS\storport.sys
0x013A3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013AE000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01000000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01461000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x014B7000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x014E6000 \SystemRoot\system32\drivers\amdsata.sys
0x01504000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x0154B000 \SystemRoot\system32\drivers\amdxata.sys
0x01556000 \SystemRoot\system32\DRIVERS\arc.sys
0x0156F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x016E1000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01768000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01779000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01798000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x017AB000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x017CA000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01600000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016A4000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016B4000 \SystemRoot\system32\drivers\nvstor.sys
0x01827000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x0158A000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019CB000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019D9000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019F1000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017D6000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01400000 \SystemRoot\system32\drivers\fltmgr.sys
0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A5A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01CAC000 \SystemRoot\System32\Drivers\msrpc.sys
0x01D0A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01D24000 \SystemRoot\System32\Drivers\cng.sys
0x01D97000 \SystemRoot\System32\drivers\pcw.sys
0x01DA8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E73000 \SystemRoot\system32\drivers\ndis.sys
0x01F65000 \SystemRoot\system32\drivers\NETIO.SYS
0x01FC5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01E00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E4A000 \SystemRoot\system32\DRIVERS\wd.sys
0x01DB2000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E52000 \SystemRoot\System32\Drivers\spldr.sys
0x01C00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01C1D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E5A000 \SystemRoot\System32\Drivers\mup.sys
0x01FF0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C57000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C91000 \SystemRoot\system32\DRIVERS\disk.sys
0x013C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01200000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01A38000 \SystemRoot\System32\Drivers\Null.SYS
0x01FF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A41000 \SystemRoot\System32\drivers\vga.sys
0x0107B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01814000 \SystemRoot\System32\drivers\watchdog.sys
0x01A4F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0144C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01455000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x013EF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x010A0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0346C000 \SystemRoot\system32\drivers\afd.sys
0x034F6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0353B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03544000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0356A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03580000 \SystemRoot\system32\DRIVERS\netbios.sys
0x035AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x035C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03400000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03451000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0345D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0358F000 \SystemRoot\System32\drivers\discache.sys
0x035DB000 \SystemRoot\System32\Drivers\dfsc.sys
0x011C6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011D7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0420F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04225000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x050C9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05BC8000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0422A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05053000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x050A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05BCA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0444A000 \SystemRoot\system32\DRIVERS\athrx.sys
0x045B9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045C6000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0441E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x0442A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0431E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04439000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0443B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05BEE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04367000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04377000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0438D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x050BA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x043E0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04651000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04672000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0468C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0468E000 \SystemRoot\system32\DRIVERS\ks.sys
0x046D1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x046E3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0473D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04752000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04600000 \SystemRoot\system32\DRIVERS\portcls.sys
0x047CD000 \SystemRoot\system32\DRIVERS\drmk.sys
0x047EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x06606000 \SystemRoot\system32\drivers\nvhda64v.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x0661E000 \SystemRoot\System32\drivers\Dxapi.sys
0x0662A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06647000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06655000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06661000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0666C000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0667F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0668D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x066A6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x066AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x066BC000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x066D9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06707000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\ATMFD.DLL
0x00830000 \SystemRoot\System32\cdd.dll
0x06715000 \SystemRoot\system32\drivers\luafv.sys
0x06738000 \SystemRoot\system32\drivers\WudfPf.sys
0x06759000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0676E000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x067C1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x067D4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06895000 \SystemRoot\system32\drivers\HTTP.sys
0x0695D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0697B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06993000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06800000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0684E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x070F6000 \SystemRoot\system32\drivers\peauth.sys
0x0719C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x071A7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x071D4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07000000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0727C000 \SystemRoot\System32\DRIVERS\srv.sys
0x073A0000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x073A8000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x073CD000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77630000 \Windows\System32\ntdll.dll
0x47AF0000 \Windows\System32\smss.exe
0xFF950000 \Windows\System32\apisetschema.dll
0xFF840000 \Windows\System32\autochk.exe
0x77800000 \Windows\System32\psapi.dll
0xFF760000 \Windows\System32\setupapi.dll
0xFF680000 \Windows\System32\advapi32.dll
0xFF660000 \Windows\System32\imagehlp.dll
0xFF5E0000 \Windows\System32\shlwapi.dll
0xFF5D0000 \Windows\System32\lpk.dll
0xFF4C0000 \Windows\System32\msctf.dll
0xFF450000 \Windows\System32\gdi32.dll
0xFF320000 \Windows\System32\wininet.dll
0xFF2F0000 \Windows\System32\imm32.dll
0x77530000 \Windows\System32\user32.dll
0xFF250000 \Windows\System32\comdlg32.dll
0xFF230000 \Windows\System32\sechost.dll
0xFF020000 \Windows\System32\ole32.dll
0x77410000 \Windows\System32\kernel32.dll
0xFF010000 \Windows\System32\nsi.dll
0xFEE90000 \Windows\System32\urlmon.dll
0xFED60000 \Windows\System32\rpcrt4.dll
0xFDFD0000 \Windows\System32\shell32.dll
0xFDF80000 \Windows\System32\ws2_32.dll
0xFDEE0000 \Windows\System32\clbcatq.dll
0xFDE60000 \Windows\System32\difxapi.dll
0xFDC00000 \Windows\System32\iertutil.dll
0xFDB20000 \Windows\System32\oleaut32.dll
0xFDAD0000 \Windows\System32\Wldap32.dll
0x777F0000 \Windows\System32\normaliz.dll
0xFDA30000 \Windows\System32\msvcrt.dll
0xFD960000 \Windows\System32\usp10.dll
0xFD8C0000 \Windows\System32\comctl32.dll
0xFD880000 \Windows\System32\wintrust.dll
0xFD710000 \Windows\System32\crypt32.dll
0xFD6D0000 \Windows\System32\cfgmgr32.dll
0xFD660000 \Windows\System32\KernelBase.dll
0xFD640000 \Windows\System32\devobj.dll
0xFD630000 \Windows\System32\msasn1.dll
0x76530000 \Windows\SysWOW64\normaliz.dll

Processes (total 65):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
368 csrss.exe
432 C:\Windows\System32\wininit.exe
448 csrss.exe
480 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
628 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\nvvsvc.exe
732 C:\Windows\System32\svchost.exe
796 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
848 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
748 C:\Windows\System32\winlogon.exe
1064 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\nvvsvc.exe
1372 C:\Windows\System32\spoolsv.exe
1412 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1776 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1904 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2020 C:\Windows\System32\svchost.exe
1524 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
624 C:\Windows\System32\SearchIndexer.exe
2568 C:\Windows\System32\taskhost.exe
1264 C:\Windows\System32\dwm.exe
2352 C:\Windows\explorer.exe
2784 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2584 C:\Program Files\IDT\WDM\sttray64.exe
2588 C:\Program Files\Java\jre6\bin\jusched.exe
2216 C:\Program Files\Microsoft Security Client\msseces.exe
2644 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
320 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
1420 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
2816 C:\Program Files (x86)\ICQ7.2\ICQ.exe
2192 C:\Program Files (x86)\Hp\QuickPlay\QPService.exe
2536 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1660 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2740 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
2636 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1084 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
2548 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2628 WmiPrvSE.exe
1316 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1744 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3244 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3392 C:\Windows\System32\wuauclt.exe
3804 C:\Windows\System32\audiodg.exe
1968 C:\Windows\System32\wbengine.exe
3792 C:\Windows\System32\vds.exe
2964 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3040 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3504 C:\Windows\System32\taskhost.exe
1752 MpCmdRun.exe
3260 C:\Windows\explorer.exe
2304 C:\Windows\System32\SearchProtocolHost.exe
4064 C:\Windows\System32\SearchFilterHost.exe
1540 C:\Users\bischoff\Desktop\MBRCheck.exe
2008 C:\Windows\System32\conhost.exe
2772 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`64700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT1, Rev: 13.01A13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 5B0E5F15069BD77F643C7A73C1D68021BA42EFCE

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus · 18.05.2011, 19:20

Gab es auffällige Meldungen von GMER? Irgendwas von Rootkit o.ä.?

Zitat:

298 GB \\.\PhysicalDrive0 Unknown MBR code

Wir sollten den MBR fixen. Brenner und einen CD-Rohling hast du?

Pfälzermäd · 18.05.2011, 20:02

Ich saß nicht dabei als GMER drüber lief. Als es fertig war, kam jedenfalls keine Meldung. Soll ich es nochmal starten?
Brenner hab ich, Rohling auch. Hoffe, daß ich das hinkriege, habe bisher nur CDs kopiert oder nen selbst erstellten Film kopiert, das geht aber dann automatisch vom Programm aus. Aber ich hab ja ne gute Anleitung ;-)

cosinus · 18.05.2011, 20:40

Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Win7 (64-Bit) installiert?
Wenn nicht: Schau mal hier => RescueDisc-Win7-64-Bit

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Win7-Installations-DVD (64-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Pfälzermäd · 18.05.2011, 20:49

Das Image kann ich doch sicher auch auf meine externe Festplatte machen? Ich habe dort meine Bilder und andere wichtige Daten gesichert (aber nicht als Image).
Habe kein weiteres BS installiert.
Denke nicht, daß ich eine Win7 CD, war vorinstalliert, musste nichts machen.
Bei den vielen Infos weiß ich grad nicht, was ich als nächstes machen soll.

cosinus · 18.05.2011, 21:06

Das Image von der Win7-Rescue-CD? Kann man schon auf eine externe Platte kopieren, bringt aber nichts. Du kannst dann nicht davon booten. Deswegen brenn das Image per Imagebrennfunktion auf einen CD-Rohling. Leere CDRW geht auch.

Das Backup der Bilder muss natürlich nicht in ein Image gegossen werden.

Pfälzermäd · 18.05.2011, 21:52

Krieg das mit ImgBurn nicht hin (alles englisch - blick nix)... hab jetzt mal versucht per power2go. er zeigt mal an: disc-image brennen, jetzt isser fertig
hier das Protokoll (hat er - denk ich mal - gemacht):
User Name : HP
Company Name : CyberLink
CDKey :
OS Version : Windows 7 Home Basic/Premium
C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe : Version 6.0.0.3101
CBS.dll : Version 7.7.4205

==================================================================

Total physical memory : 4062MB (4160436KB)
Free physical memory : 2298MB (2353908KB)
Memory load : 43 percent

Number of CPU : 2
CPU Name : Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
CPU Speed : 2094 MHz

==================================================================

18.5.2011
Task Type : Disc-Image brennen

22:50:02, File(cl_DiscCopyCD.cpp), Line(90)
-> Begin burning process
Current drive: <E: hp DVD RW AD-7581S 4H73>
Current writing speed(x): 24.0
====== Disc Info =======
Disc Type: CD-R
Disc Status: Blank, Appendable
Num. of Sessions: 1 Num. of Tracks: 1
Disc Capacity: 359847LBs
Free Size: 359847LBs Used Size: 0LBs
========================
->Burn from image
Burn option: w/ buffer underrun protection
Burn option: w/o simulation
Burn option: w/o overburn
Burn option: w/o verify disc
Burn option: w/o extra long disc

22:50:02, File(cl_Cdwrite.cpp), Line(2671)
-> Setup drive
Sessn: 1, Sessn type: Disc At Once
Disc physical format: CDROM_MODE1
Trk: 1, Trk mode: MODE1

22:50:02, File(cl_Cdwrite.cpp), Line(1958)
-> Start session
Sessn: 1, Start trk: 1, Last trk: 1

22:50:02, File(cl_Cdwrite.cpp), Line(1984)
-> Start track
Trk: 1, Track start addr(LBA): 0, Trk size(sectors): 84825, Sector size(bytes): 2048

22:51:55, File(cl_Cdwrite.cpp), Line(2202)
-> Write end track

22:51:55, File(cl_Cdwrite.cpp), Line(2231)
-> Write end session

22:52:09, File(cl_Cdwrite.cpp), Line(2404)
-> Write end/Close disc

22:52:09, File(cl_DiscCopyCD.cpp), Line(1712)
-> End burning process

==================================================================

cosinus · 18.05.2011, 21:55

Folge mal dem zweiten Link in meiner Signatur, da wird beschrieben wie man ein ISO-Image mit ImgBurn brennt am Beispiel einer Ubuntu-Imagedatei.

Pfälzermäd · 18.05.2011, 22:12

so.... er arbeitet... aber ich merke, daß meine Konzentration nachlässt....
nach dem brennen werde ich aufhören und morgen abend weiter machen. Morgen muß ich bis 19.00 uhr arbeiten und kann erst wieder so gegen 22.00 uhr hier weiter machen.
So er ist fertig.... werde morgen alles so weiter machen, wie "befohlen" und lasse die 2 programme nochmals drüber laufen. Hoffe, daß es diesmal mit dem GMER klappt.
Übrigens funktionieren diese Buttons in der Windowsleiste (ganz unten) nicht mehr. es kommt immer: dieses element kann nicht mehr geöffnet werden. es wurde evtl. verschoben gelöscht oder umbenannt. funktioniert erst wieder wenn ich eine datei in der art aufgerufen habe. denke, werde ich wieder wohl neu einrichten müssen, wobei ich da selbst garnix gemacht habe. so muß jezt gehen.... vielen dank mal vorab für die hilfe für den heutigen tag.... leider muß ich die nächsten beiden Tage arbeiten und hab nur abends Zeit.
see you

18.05.2011, 21:55	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien Folge mal dem zweiten Link in meiner Signatur, da wird beschrieben wie man ein ISO-Image mit ImgBurn brennt am Beispiel einer Ubuntu-Imagedatei. __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien

Log-Analyse und Auswertung: Trojaner/Virus: Festplatte beschädigt - Bildschirm schwarz - keine Dateien