| |
| |||||||
Log-Analyse und Auswertung: Nach Trojaner Desktop schwarz Programme und Dateien verschwundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.05.2011, 11:42
| #16 |
 |  Nach Trojaner Desktop schwarz Programme und Dateien verschwunden muss cofix nochmals ausgeführt werden mit aktiver verbindung? |
|
20.05.2011, 13:13
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Ja eine Internetverbindung sollte bestehen.
__________________
__________________ |
|
20.05.2011, 15:16
| #18 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden neue combo-fix log:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 11-05-19.01 - *** 20.05.2011 16:05:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3582.2941 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-20 bis 2011-05-20 ))))))))))))))))))))))))))))))
.
.
2011-05-20 09:07 . 2011-05-20 09:07 -------- d-----w- C:\_OTL
2011-05-19 11:44 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-19 11:44 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-19 09:52 . 2011-05-19 09:52 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Identities
2011-05-19 09:50 . 2011-05-19 09:50 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2011-05-19 06:54 . 2011-05-19 06:54 -------- d-----w- c:\dokumente und einstellungen\Rettung\Anwendungsdaten\Malwarebytes
2011-05-19 06:54 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 06:54 . 2011-05-19 06:54 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-05-19 06:54 . 2011-05-19 16:54 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-05-18 23:13 . 2011-05-18 23:13 -------- d-----w- c:\dokumente und einstellungen\Rettung\Lokale Einstellungen\Anwendungsdaten\Conduit
2011-05-18 23:13 . 2011-05-18 23:15 -------- d-----w- c:\dokumente und einstellungen\Rettung\Lokale Einstellungen\Anwendungsdaten\softonic-de3
2011-04-21 17:42 . 2011-04-21 17:42 -------- d-----w- C:\UserData
2011-04-21 17:33 . 2009-10-29 17:28 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-04-21 17:33 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-04-21 17:33 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-04-21 17:33 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-04-21 17:33 . 2011-04-21 17:33 -------- d-----w- c:\windows\system32\SupportAppCB
2011-04-21 17:33 . 2011-04-21 17:34 -------- d-----w- c:\programme\1&1 Surf-Stick
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 18:30 . 2011-03-31 17:23 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-07 05:33 . 2004-08-13 12:53 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-13 12:40 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-13 12:40 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05 . 2004-08-13 12:40 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05 . 2004-08-13 12:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:05 . 2004-08-13 12:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-13 12:40 385024 ----a-w- c:\windows\system32\html.iec
2009-07-14 16:00 . 2007-12-10 20:04 67688 ----a-w- c:\programme\mozilla firefox\components\jar50.dll
2009-07-14 16:00 . 2007-12-10 20:04 54368 ----a-w- c:\programme\mozilla firefox\components\jsd3250.dll
2009-07-14 16:00 . 2007-12-10 20:04 34944 ----a-w- c:\programme\mozilla firefox\components\myspell.dll
2009-07-14 16:00 . 2007-12-10 20:04 46712 ----a-w- c:\programme\mozilla firefox\components\spellchk.dll
2009-07-14 16:00 . 2007-12-10 20:04 172136 ----a-w- c:\programme\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-20_10.12.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-20 13:56 . 2011-05-20 13:56 16384 c:\windows\Temp\Perflib_Perfdata_708.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-01-17 14:54 175912 ----a-w- c:\programme\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"DELL Webcam Manager"="c:\programme\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Logitech Hardware Abstraction Layer"="c:\programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\programme\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"dldomon.exe"="c:\programme\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\programme\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\programme\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"SHIWebOnDiskManager"="c:\programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" [2009-08-24 233472]
"UIExec"="c:\programme\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Programme\\Dell 968 AIO Printer\\DLDOFax.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Forum Verlag\\VOB2009CD-ROM\\EasyBrowse2K2.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ7.4\\ICQ.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Dokumente und Einstellungen\\Rettung\\Desktop\\Facemoods.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [19.07.2009 16:20 247096]
R2 UI Assistant Service;UI Assistant Service;c:\programme\1&1 Surf-Stick\AssistantServices.exe [21.04.2011 19:33 253264]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [05.10.2007 15:30 99568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.02.2010 16:35 135664]
S3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\DRIVERS\adiusbae.sys --> c:\windows\system32\DRIVERS\adiusbae.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [04.02.2010 16:35 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [21.04.2011 19:33 9216]
S3 OKI OPHM DCS Loader;OKI OPHM DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHMLDCS.EXE [29.04.2009 11:42 24576]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [10.02.2009 23:24 356920]
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-04 14:35]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-04 14:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme\ICQ7.4\ICQ.exe
Trusted Zone: 1und1.de\kundenshop
Trusted Zone: simyo.de\www
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\s52bt2tq.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
.scr=MicroStation Resource
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-20 16:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2464)
c:\windows\system32\webcheck.dll
.
Zeit der Fertigstellung: 2011-05-20 16:12:54
ComboFix-quarantined-files.txt 2011-05-20 14:12
ComboFix2.txt 2011-05-20 10:14
.
Vor Suchlauf: 19 Verzeichnis(se), 172.918.988.800 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 172.907.212.800 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3858B66F60DD9BCDB9C62D1995D4EC80
|
|
20.05.2011, 15:38
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.05.2011, 18:22
| #20 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden hier nun der gmer-log.(ich musste ein paar files jetzt aus dem log rausnehmen da der ordnername user-angaben enthielt) GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-20 19:10:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500BEVS-75UST0 rev.01.01A01
Running: hnook8c8.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\kwtoiaod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D17380, 0x2F18C7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411954BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41365049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413650B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[996] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!CreateDialogParamW 7E36EA3B 5 Bytes JMP 02570B00 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 02570E60 C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D4664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41365049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 02570D70 C:\Dokumente und Einstellungen\Pradt\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!CreateDialogParamA 7E38C7DB 5 Bytes JMP 02570C80 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!MessageBoxA 7E3A07EA 5 Bytes JMP 02570FE0 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41364F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41364F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 0256FDE0 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41364FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!MessageBoxW 7E3B6534 5 Bytes JMP 025710C0 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 0256FF40 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Programme\internet explorer\iexplore.exe[2548] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 4126DBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\internet explorer\iexplore.exe[2548] ole32.dll!OleLoadFromStream 774F981B 5 Bytes JMP 4136547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\internet explorer\iexplore.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Fastfat \Fat B2A0ED20
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208ge01.dgn 104960 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208ge02.dgn 146944 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208ge03.dgn 122368 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208ge04.dgn 50176 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208pe01.dgn 51712 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208pe02.dgn 59904 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208pe03.dgn 41472 bytes
File C:\Dokumente und Einstellungen\Erw_wurzel_a\geg\konstruktion\k_bgeg208pe04.dgn 50176 bytes
303104 bytes
---- EOF - GMER 1.0.15 ----
|
|
20.05.2011, 18:29
| #21 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Und nun der OSAM-log OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 19:26:43 on 20.05.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "DxCpl.cpl" - "Knowles Acoustics" - C:\WINDOWS\system32\DxCpl.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "AT-AR215 USB ADSL WAN Adapter" (adiusbaw) - ? - C:\WINDOWS\System32\DRIVERS\adiusbaw.sys (File not found) "Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "Bluetooth-Modem" (btwmodem) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwmodem.sys "catchme" (catchme) - ? - C:\DOKUME~1\Pradt\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABMFSM" (DLABMFSM) - "Roxio" - C:\WINDOWS\System32\DLA\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\DLA\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "DSproct" (DSproct) - "Gteko Ltd." - C:\Programme\DellSupport\GTAction\triggers\DSproct.sys "DXEC02" (DXEC02) - "Knowles Acoustics" - C:\WINDOWS\System32\drivers\dxec02.sys "File Security Driver" (IKFileSec) - "PCTools Research Pty Ltd." - C:\WINDOWS\system32\drivers\ikfilesec.sys "General Purpose USB Driver (adildr.sys)" (ADILOADER) - ? - C:\WINDOWS\System32\Drivers\adildr.sys (File not found) "Intel RAID Controller" (iaStor) - "Intel Corporation" - C:\WINDOWS\System32\drivers\iaStor.sys "kwtoiaod" (kwtoiaod) - ? - C:\DOKUME~1\Pradt\LOKALE~1\Temp\kwtoiaod.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "System Filter Driver" (IKSysFlt) - "PCTools Research Pty Ltd." - C:\WINDOWS\System32\drivers\iksysflt.sys "System Security Driver" (IKSysSec) - "PCTools Research Pty Ltd." - C:\WINDOWS\System32\drivers\iksyssec.sys "USB ADSL LAN Adapter" (adiusbae) - ? - C:\WINDOWS\System32\DRIVERS\adiusbae.sys (File not found) "Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} "vsharechrome" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Programme\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Programme\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\Wcesview.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll {5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Programme\Roxio\Drag-to-Disc\Shellex.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\prxtbsof0.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\prxtbsof0.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MI3AA1~1\INetRepl.dll "ICQ7.4" - "ICQ, LLC." - C:\Programme\ICQ7.4\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\prxtbsof0.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\Dell\BAE\BAE.dll {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine " - "Conduit Ltd." - C:\Programme\ConduitEngine\prxConduitEngine.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\prxtbsof0.dll [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Pradt\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Dell 968 AIO Printer Fax Server" - ? - "C:\Programme\Dell 968 AIO Printer\fm3032.exe" /s "Dell QuickSet" - "Dell Inc." - C:\Programme\Dell\QuickSet\quickset.exe "DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe" /s "dldomon.exe" - ? - "C:\Programme\Dell 968 AIO Printer\dldomon.exe" "dscactivate" - " " - c:\dell\dsca.exe 3 "ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "ISUSPM Startup" - "Macrovision Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "KADxMain" - "Knowles Acoustics" - C:\WINDOWS\system32\KADxMain.exe "MemoryCardManager" - ? - "C:\Programme\Dell 968 AIO Printer\memcard.exe" "NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet "PCMService" - "CyberLink Corp." - "C:\Programme\Dell\MediaDirect\PCMService.exe" "RoxioDragToDisc" - "Roxio" - "C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe" "RoxWatchTray" - "Sonic Solutions" - "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" "SHIWebOnDiskManager" - ? - "C:\Programme\SHIWebOnDiskManager\SHIWebOnDiskManager.exe" "SigmatelSysTrayApp" - "SigmaTel, Inc." - stsystra.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "UIExec" - ? - "C:\Programme\1&1 Surf-Stick\UIExec.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Fax Dell 968 AIO Printer Port" - ? - C:\WINDOWS\system32\DLDOPMON.DLL "KM Language Monitor" - "KYOCERA MITA Corporation" - C:\WINDOWS\system32\KMPJLMN.DLL "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "DSBrokerService" (DSBrokerService) - ? - C:\Programme\DellSupport\brkrsvc.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "OKI OPHM DCS Loader" (OKI OPHM DCS Loader) - "Oki Data Corporation" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHMLDCS.EXE "PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe "PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\WINDOWS\system32\PSIService.exe "Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\1&1 Surf-Stick\AssistantServices.exe (File found, but it contains no detailed information) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
|
20.05.2011, 21:32
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden mbrcheck vermisse ich
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.05.2011, 22:47
| #23 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden so nun die mbrcheck MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 160): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xB9F22000 dmio.sys 0xBA330000 PartMgr.sys 0xBA0C8000 VolSnap.sys 0xB9F0A000 atapi.sys 0xB9E4C000 iaStor.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9E2C000 fltmgr.sys 0xB9E1A000 sr.sys 0xB9E04000 DRVMCDB.SYS 0xBA0F8000 PxHelp20.sys 0xB9DED000 KSecDD.sys 0xB9D60000 Ntfs.sys 0xB9D33000 NDIS.sys 0xBA108000 ohci1394.sys 0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xB9D19000 Mup.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB8D20000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB8D0C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB8CE8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB8CC0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB8AA6000 \SystemRoot\system32\DRIVERS\NETw4x32.sys 0xBA198000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0xB8A92000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xB93BE000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xB8A7E000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xB8A2D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xB93AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xB89FB000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA440000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA448000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB939E000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA5E6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xB938E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xB937E000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB89D8000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA5A4000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB9CF5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xB890C000 \SystemRoot\system32\DRIVERS\btkrnl.sys 0xBA75A000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB936E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9CF1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB88F5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB935E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB934E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB88E4000 \SystemRoot\system32\DRIVERS\psched.sys 0xB933E000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB88B4000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5E8000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8856000 \SystemRoot\system32\DRIVERS\update.sys 0xB9CD5000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB87DF000 \SystemRoot\system32\drivers\btaudio.sys 0xB87BB000 \SystemRoot\system32\drivers\portcls.sys 0xBA1C8000 \SystemRoot\system32\drivers\drmk.sys 0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA1E8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xB7627000 \SystemRoot\system32\drivers\sthda.sys 0xB760D000 \SystemRoot\system32\drivers\dxec02.sys 0xB75D9000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xB74E7000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xB7434000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xBA468000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA578000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xBA5F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA708000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5F6000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA480000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA490000 \SystemRoot\System32\drivers\vga.sys 0xBA5F8000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5FA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA498000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA4A0000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA588000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB73D9000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB7380000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB7358000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB7332000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB7310000 \SystemRoot\System32\drivers\afd.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB72E5000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB724D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA218000 \SystemRoot\System32\Drivers\Fips.SYS 0xB8842000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS 0xBA238000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA248000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xBA258000 \SystemRoot\System32\Drivers\btwusb.sys 0xB8832000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xB7769000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xB7765000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBA340000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xBA390000 \SystemRoot\system32\DRIVERS\btport.sys 0xB7167000 \SystemRoot\system32\DRIVERS\btwdndis.sys 0xBA360000 \SystemRoot\system32\DRIVERS\btwmodem.sys 0xBA2D8000 \SystemRoot\system32\DRIVERS\btwhid.sys 0xB712D000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys 0xBA602000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys 0xBA368000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0xBA2E8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB70B2000 \SystemRoot\system32\DRIVERS\Wdf01000.sys 0xBA370000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0xB709A000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB7420000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA398000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA6C9000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBF549000 \SystemRoot\System32\ATMFD.DLL 0xBA2F8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xBA78B000 \SystemRoot\System32\DLA\DLADResM.SYS 0xB4C42000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xBA3F0000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xBA5B2000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xBA3F8000 \SystemRoot\System32\DLA\DLABMFSM.SYS 0xBA400000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0xB4C2C000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0xB4C15000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0xBA408000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xB4BAF000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys 0xB4D62000 \SystemRoot\system32\DRIVERS\nwlnknb.sys 0xB4C7A000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xB4CAE000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB488A000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xBA388000 \??\C:\WINDOWS\system32\drivers\btserial.sys 0xB47AD000 \SystemRoot\system32\drivers\wdmaud.sys 0xB4AA7000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA65C000 \SystemRoot\system32\DRIVERS\dsunidrv.sys 0xB47DE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB451F000 \SystemRoot\system32\DRIVERS\srv.sys 0xB46C7000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys 0xB38A5000 \SystemRoot\System32\Drivers\HTTP.sys 0xB28DC000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 68): 0 System Idle Process 4 System 860 C:\WINDOWS\system32\smss.exe 996 csrss.exe 1028 C:\WINDOWS\system32\winlogon.exe 1072 C:\WINDOWS\system32\services.exe 1084 C:\WINDOWS\system32\lsass.exe 1272 C:\WINDOWS\system32\svchost.exe 1320 svchost.exe 1360 C:\WINDOWS\system32\svchost.exe 1452 C:\Programme\Intel\Wireless\Bin\EvtEng.exe 1564 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 1596 C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe 1692 svchost.exe 1796 svchost.exe 1980 C:\WINDOWS\system32\spoolsv.exe 844 svchost.exe 928 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1404 C:\WINDOWS\system32\dldocoms.exe 1700 C:\Programme\ICQ6Toolbar\ICQ Service.exe 1776 C:\Programme\Java\jre6\bin\jqs.exe 1872 sqlservr.exe 144 C:\WINDOWS\system32\nvsvc32.exe 196 C:\WINDOWS\system32\PSIService.exe 284 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 288 C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe 480 C:\WINDOWS\system32\svchost.exe 528 C:\Programme\1&1 Surf-Stick\AssistantServices.exe 596 wdfmgr.exe 692 C:\WINDOWS\system32\wuauclt.exe 992 C:\Programme\Canon\CAL\CALMAIN.exe 2104 C:\WINDOWS\explorer.exe 2340 C:\Programme\Synaptics\SynTP\SynTPEnh.exe 2380 C:\WINDOWS\system32\rundll32.exe 2388 C:\WINDOWS\system32\rundll32.exe 2396 C:\WINDOWS\OEM02Mon.exe 2404 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 2416 C:\WINDOWS\stsystra.exe 2432 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe 2448 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe 2568 C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe 2640 C:\Programme\Dell\QuickSet\quickset.exe 2848 C:\WINDOWS\system32\KADxMain.exe 2972 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe 2992 C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe 3016 C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe 3052 C:\Programme\Dell\MediaDirect\PCMService.exe 3176 C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe 3232 C:\Programme\FreePDF_XP\fpassist.exe 3296 C:\Programme\Dell 968 AIO Printer\dldomon.exe 3344 C:\Programme\Dell 968 AIO Printer\memcard.exe 3548 C:\Programme\1&1 Surf-Stick\UIExec.exe 3740 C:\Programme\Microsoft ActiveSync\wcescomm.exe 3776 C:\WINDOWS\system32\ctfmon.exe 3864 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 3952 C:\Programme\WEKA\Musterverträge 09.09\SHIWebOnDisk.exe 3968 wmiprvse.exe 1908 C:\WINDOWS\system32\wscntfy.exe 1664 alg.exe 2844 C:\WINDOWS\system32\wbem\wmiapsrv.exe 3320 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe 3640 C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 2508 C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe 3356 C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe 2244 C:\WINDOWS\system32\svchost.exe 1808 C:\Programme\Internet Explorer\iexplore.exe 3200 C:\Programme\Internet Explorer\iexplore.exe 3992 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-75UST0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Dell MBR code detected SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E Done! |
|
20.05.2011, 22:52
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2011, 06:56
| #25 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Malware-log: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 6618 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 21.05.2011 00:48:52 mbam-log-2011-05-21 (00-48-51).txt Scan type: Full scan (C:\|) Objects scanned: 273957 Time elapsed: 52 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
|
21.05.2011, 12:51
| #26 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Super Anti Spyware-Log(gekürzt): SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/21/2011 at 01:41 PM Application Version : 4.52.1000 Core Rules Database Version : 7106 Trace Rules Database Version: 4918 Scan type : Complete Scan Total Scan Time : 01:27:33 Memory items scanned : 610 Memory threats detected : 0 Registry items scanned : 10256 Registry threats detected : 0 File items scanned : 114155 File threats detected : 301 Adware.Tracking Cookie C:\Dokumente und Einstellungen\***\Cookies\***@eas4.emediate[1].txt Trojan.Agent/Gen-Nullo[Micro] C:\DOKUMENTE UND EINSTELLUNGEN\***\LOKALE EINSTELLUNGEN\TEMPORARY INTERNET FILES\CONTENT.WORD\~WRS{258576A0-2BA6-40A4-9C91-5D2EAA18DA37}.TMP C:\DOKUMENTE UND EINSTELLUNGEN\***\LOKALE EINSTELLUNGEN\TEMPORARY INTERNET FILES\CONTENT.WORD\~WRS{D100503A-3C75-4316-9E5C-1E0315C1B6BA}.TMP Trojan.Agent/Gen-Frauder C:\PROGRAMME\1&1 SURF-STICK\COMPONENT\BIUSBSOUND.DLL Trojan.Agent/Gen-Nullo[Short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP770\A0161464.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{DF867C4F-0E0D-4E20-9F25-BC2B2DFBD84A}\RP770\A0161465.EXE |
|
21.05.2011, 13:21
| #27 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden so also Malwarebytes und SUPERAntiSpyware logs sind erstellt, soll ich jetzt nochmals den tdsskiller probieren? |
|
21.05.2011, 13:52
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Stimmt der ging ja nicht. Lad den neu runter und probier es nochmal aus. SASW hat übrigens nur ein paar Überreste gefunden bzw. sich einen Fehalarm geleistet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.05.2011, 14:14
| #29 |
| | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden so tdsskiller hat diesmal ohne probleme funktioniert, hatte auch keinerlei funde: 2011/05/21 15:11:27.0640 2176 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/21 15:11:27.0718 2176 ================================================================================ 2011/05/21 15:11:27.0718 2176 SystemInfo: 2011/05/21 15:11:27.0718 2176 2011/05/21 15:11:27.0718 2176 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/21 15:11:27.0718 2176 Product type: Workstation 2011/05/21 15:11:27.0718 2176 ComputerName: *** 2011/05/21 15:11:27.0718 2176 UserName: *** 2011/05/21 15:11:27.0718 2176 Windows directory: C:\WINDOWS 2011/05/21 15:11:27.0718 2176 System windows directory: C:\WINDOWS 2011/05/21 15:11:27.0718 2176 Processor architecture: Intel x86 2011/05/21 15:11:27.0718 2176 Number of processors: 2 2011/05/21 15:11:27.0718 2176 Page size: 0x1000 2011/05/21 15:11:27.0718 2176 Boot type: Normal boot 2011/05/21 15:11:27.0718 2176 ================================================================================ 2011/05/21 15:11:28.0140 2176 Initialize success 2011/05/21 15:11:38.0703 3396 ================================================================================ 2011/05/21 15:11:38.0703 3396 Scan started 2011/05/21 15:11:38.0703 3396 Mode: Manual; 2011/05/21 15:11:38.0703 3396 ================================================================================ 2011/05/21 15:11:40.0500 3396 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/05/21 15:11:40.0609 3396 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/21 15:11:40.0656 3396 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/21 15:11:40.0734 3396 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/05/21 15:11:40.0765 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/21 15:11:40.0828 3396 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/05/21 15:11:40.0890 3396 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/21 15:11:40.0953 3396 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/05/21 15:11:40.0984 3396 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/05/21 15:11:41.0015 3396 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/05/21 15:11:41.0031 3396 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/05/21 15:11:41.0109 3396 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/05/21 15:11:41.0156 3396 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/05/21 15:11:41.0187 3396 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/05/21 15:11:41.0203 3396 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/05/21 15:11:41.0234 3396 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/05/21 15:11:41.0281 3396 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/05/21 15:11:41.0359 3396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/05/21 15:11:41.0390 3396 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/05/21 15:11:41.0421 3396 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/05/21 15:11:41.0437 3396 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/05/21 15:11:41.0500 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/21 15:11:41.0562 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/21 15:11:41.0625 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/21 15:11:41.0656 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/21 15:11:41.0671 3396 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2011/05/21 15:11:41.0703 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/21 15:11:41.0750 3396 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/05/21 15:11:41.0765 3396 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/05/21 15:11:41.0828 3396 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys 2011/05/21 15:11:41.0890 3396 BTDriver (fde318e3569f57264af74b7e431f60ae) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/05/21 15:11:41.0968 3396 BTKRNL (9c3c8b9e2eda516eb44b51dab81dbd68) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2011/05/21 15:11:42.0031 3396 BTSERIAL (089f7526ff41c17b0a43896d0553d5a2) C:\WINDOWS\system32\drivers\btserial.sys 2011/05/21 15:11:42.0078 3396 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/05/21 15:11:42.0093 3396 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys 2011/05/21 15:11:42.0093 3396 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 2011/05/21 15:11:42.0140 3396 BTWUSB (56c701580f2891952761362ba7594b3d) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/05/21 15:11:42.0375 3396 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/05/21 15:11:42.0390 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/21 15:11:42.0437 3396 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/05/21 15:11:42.0453 3396 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/05/21 15:11:42.0500 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/21 15:11:42.0531 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/21 15:11:42.0578 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/21 15:11:42.0609 3396 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/05/21 15:11:42.0625 3396 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/05/21 15:11:42.0640 3396 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/05/21 15:11:42.0656 3396 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/05/21 15:11:42.0687 3396 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/05/21 15:11:42.0718 3396 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/05/21 15:11:42.0750 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/21 15:11:42.0796 3396 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/05/21 15:11:42.0812 3396 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/05/21 15:11:42.0828 3396 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/05/21 15:11:42.0875 3396 DLADResM (a8dab4d53fb6dc4977c1ca3d28001053) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/05/21 15:11:42.0890 3396 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/05/21 15:11:42.0906 3396 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/05/21 15:11:42.0921 3396 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/05/21 15:11:42.0921 3396 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/05/21 15:11:42.0937 3396 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/05/21 15:11:42.0953 3396 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/05/21 15:11:43.0000 3396 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/21 15:11:43.0046 3396 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/21 15:11:43.0078 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/21 15:11:43.0140 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/21 15:11:43.0203 3396 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/05/21 15:11:43.0218 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/21 15:11:43.0234 3396 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/05/21 15:11:43.0265 3396 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/05/21 15:11:43.0421 3396 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Programme\DellSupport\GTAction\triggers\DSproct.sys 2011/05/21 15:11:43.0468 3396 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 2011/05/21 15:11:43.0546 3396 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys 2011/05/21 15:11:43.0593 3396 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/05/21 15:11:43.0671 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/21 15:11:43.0734 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/05/21 15:11:43.0765 3396 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/21 15:11:43.0812 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/05/21 15:11:43.0859 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/21 15:11:43.0875 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/21 15:11:43.0890 3396 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/21 15:11:43.0968 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/21 15:11:44.0000 3396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/05/21 15:11:44.0015 3396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/21 15:11:44.0062 3396 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/05/21 15:11:44.0125 3396 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2011/05/21 15:11:44.0171 3396 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2011/05/21 15:11:44.0265 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/21 15:11:44.0343 3396 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 2011/05/21 15:11:44.0390 3396 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/05/21 15:11:44.0468 3396 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/05/21 15:11:44.0515 3396 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/21 15:11:44.0546 3396 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys 2011/05/21 15:11:44.0593 3396 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys 2011/05/21 15:11:44.0640 3396 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys 2011/05/21 15:11:44.0656 3396 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys 2011/05/21 15:11:44.0671 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/21 15:11:44.0703 3396 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/05/21 15:11:44.0734 3396 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/05/21 15:11:44.0781 3396 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/05/21 15:11:44.0843 3396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/21 15:11:44.0875 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/21 15:11:44.0921 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/21 15:11:44.0937 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/21 15:11:44.0984 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/21 15:11:45.0046 3396 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/21 15:11:45.0078 3396 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/21 15:11:45.0093 3396 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/05/21 15:11:45.0156 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/21 15:11:45.0187 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/21 15:11:45.0296 3396 LHidFilt (597d79382c154cedb638a65012925a23) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/05/21 15:11:45.0312 3396 LMouFilt (9ead053d28182bd6acb19d5f58202194) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/05/21 15:11:45.0375 3396 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys 2011/05/21 15:11:45.0437 3396 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/05/21 15:11:45.0500 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/21 15:11:45.0578 3396 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/21 15:11:45.0640 3396 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/21 15:11:45.0703 3396 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/21 15:11:45.0734 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/21 15:11:45.0765 3396 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/05/21 15:11:45.0781 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/21 15:11:45.0843 3396 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/21 15:11:45.0890 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/21 15:11:45.0921 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/21 15:11:45.0937 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/21 15:11:45.0984 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/21 15:11:46.0031 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/21 15:11:46.0078 3396 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/05/21 15:11:46.0093 3396 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/21 15:11:46.0125 3396 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/05/21 15:11:46.0187 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/21 15:11:46.0250 3396 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/05/21 15:11:46.0281 3396 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/21 15:11:46.0296 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/21 15:11:46.0312 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/21 15:11:46.0390 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/21 15:11:46.0406 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/21 15:11:46.0468 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/21 15:11:46.0609 3396 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/05/21 15:11:46.0703 3396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/05/21 15:11:46.0750 3396 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2011/05/21 15:11:46.0750 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/21 15:11:46.0890 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/21 15:11:46.0968 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/21 15:11:47.0187 3396 nv (e531eaa795a273fc70c9de3f195069c8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/05/21 15:11:47.0421 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/21 15:11:47.0421 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/21 15:11:47.0468 3396 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2011/05/21 15:11:47.0484 3396 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2011/05/21 15:11:47.0531 3396 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2011/05/21 15:11:47.0609 3396 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys 2011/05/21 15:11:47.0625 3396 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys 2011/05/21 15:11:47.0656 3396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/05/21 15:11:47.0718 3396 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/05/21 15:11:47.0734 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/21 15:11:47.0765 3396 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/21 15:11:47.0765 3396 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/21 15:11:47.0843 3396 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/21 15:11:47.0875 3396 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/21 15:11:47.0984 3396 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/05/21 15:11:48.0015 3396 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/05/21 15:11:48.0062 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/21 15:11:48.0093 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/21 15:11:48.0109 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/21 15:11:48.0140 3396 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/21 15:11:48.0171 3396 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/05/21 15:11:48.0203 3396 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/05/21 15:11:48.0218 3396 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/05/21 15:11:48.0250 3396 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/05/21 15:11:48.0265 3396 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/05/21 15:11:48.0296 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/21 15:11:48.0312 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/21 15:11:48.0328 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/21 15:11:48.0343 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/21 15:11:48.0375 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/21 15:11:48.0390 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/21 15:11:48.0406 3396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/21 15:11:48.0453 3396 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/21 15:11:48.0500 3396 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/21 15:11:48.0562 3396 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2011/05/21 15:11:48.0593 3396 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2011/05/21 15:11:48.0609 3396 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2011/05/21 15:11:48.0656 3396 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/05/21 15:11:48.0718 3396 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/05/21 15:11:48.0812 3396 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS 2011/05/21 15:11:48.0843 3396 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS 2011/05/21 15:11:48.0906 3396 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/05/21 15:11:48.0968 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/21 15:11:49.0015 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/21 15:11:49.0062 3396 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/21 15:11:49.0093 3396 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2011/05/21 15:11:49.0156 3396 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2011/05/21 15:11:49.0187 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/05/21 15:11:49.0250 3396 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/05/21 15:11:49.0265 3396 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/05/21 15:11:49.0312 3396 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/05/21 15:11:49.0343 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/21 15:11:49.0375 3396 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/21 15:11:49.0421 3396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/21 15:11:49.0515 3396 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys 2011/05/21 15:11:49.0562 3396 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/05/21 15:11:49.0609 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/21 15:11:49.0609 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/21 15:11:49.0656 3396 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/05/21 15:11:49.0671 3396 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/05/21 15:11:49.0687 3396 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/05/21 15:11:49.0703 3396 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/05/21 15:11:49.0750 3396 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/05/21 15:11:49.0765 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/21 15:11:49.0843 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/21 15:11:49.0906 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/21 15:11:49.0937 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/21 15:11:49.0968 3396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/21 15:11:50.0015 3396 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/05/21 15:11:50.0031 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/21 15:11:50.0062 3396 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/05/21 15:11:50.0093 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/21 15:11:50.0140 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/21 15:11:50.0203 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/21 15:11:50.0234 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/21 15:11:50.0265 3396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/21 15:11:50.0281 3396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/21 15:11:50.0312 3396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/21 15:11:50.0375 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/21 15:11:50.0421 3396 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/05/21 15:11:50.0453 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/21 15:11:50.0515 3396 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/05/21 15:11:50.0546 3396 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/05/21 15:11:50.0625 3396 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/21 15:11:50.0656 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/21 15:11:50.0703 3396 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/05/21 15:11:50.0765 3396 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/05/21 15:11:50.0843 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/21 15:11:50.0921 3396 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/05/21 15:11:51.0000 3396 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/05/21 15:11:51.0046 3396 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/05/21 15:11:51.0109 3396 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys 2011/05/21 15:11:51.0140 3396 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys 2011/05/21 15:11:51.0171 3396 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys 2011/05/21 15:11:51.0218 3396 ================================================================================ 2011/05/21 15:11:51.0218 3396 Scan finished 2011/05/21 15:11:51.0218 3396 ================================================================================ |
|
21.05.2011, 15:56
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Trojaner Desktop schwarz Programme und Dateien verschwunden Schön! Rechner wieder im Lot?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach Trojaner Desktop schwarz Programme und Dateien verschwunden |
| 0x00000001, 32-bit, adobe, alternate, bildschirm, canon, conduit, dateien verschwunden, desktop, disabletaskmgr, einstellungen, error, fehler, festplatte, firefox, format, infizierte dateien, kunde, microsoft office 2003, microsoft office word, mozilla, object, office 2007, oldtimer, phishing, plug-in, problem, pum.hidden.desktop, registry, searchplugins, senden, shell32.dll, shortcut, siteadvisor, software, spyware, super, system, tracker, trojan.fakems.gen, trojan.zbotr.gen, trojaner, windows, windows internet |
Linear-Darstellung
