| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Bildschirm, Dateien verstecktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.05.2011, 23:18
| #1 |
 |  Schwarzer Bildschirm, Dateien versteckt Hallo Zusammen! Ich habe mir heute leider einen Trojaner eingefangen. Folgende Schritte habe ich, dank der großartige Unterstützung dieses Boards, bereits (erfolgreich) ausgeführt: 1. Zunächst habe ich mit Malwarebytes den Quick-Scan gemacht und 5 infizierte Entitäten entfernt. (Der vollständige Scan läuft zur Zeit noch! ;-)) 2. OTL Scan Der Trojaner scheint beseitigt zu sein. Nun möchte ich gerne meine Dateien, Bildschirm, Icons, etc. wiederherstellen, soweit dies möglich ist. Was ist zu tun? Vielen Lieben Dank schon mal für eure Hilfe Mercury -------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6686 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 8.0.6001.19048 26.05.2011 22:53:21 mbam-log-2011-05-26 (22-53-21).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 158965 Laufzeit: 6 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gODYLqGmtHs (Trojan.FakeMS) -> Value: gODYLqGmtHs -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\godylqgmths.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\programdata\40165112.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\Users\**\AppData\Local\Temp\0.35363133943457037.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\**\AppData\Roaming\Adobe\plugs\mmc135.exe (Trojan.Agent) -> Quarantined and deleted successfully. --------------------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.05.2011 23:31:21 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\**\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,71% Memory free 6,19 Gb Paging File | 4,14 Gb Available in Paging File | 66,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 189,80 Gb Free Space | 67,24% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,26 Gb Free Space | 26,96% Space Free | Partition Type: FAT32 Computer Name: **-PC | User Name: ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Softex\OmniPass\scureapp.exe () PRC - C:\Programme\Softex\OmniPass\opvapp.exe () PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\**\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll (Microsoft Corporation) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.04.21 00:32:55 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\**\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\**\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\AutoRun\command - "" = jdhc2x2.com O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\explore\Command - "" = jdhc2x2.com O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\open\Command - "" = jdhc2x2.com O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.26 23:29:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe [2011.05.26 21:51:03 | 000,000,000 | -H-D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes [2011.05.26 21:50:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.26 21:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.26 21:50:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.05.26 21:50:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.26 21:50:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.26 12:12:41 | 000,000,000 | -H-D | C] -- C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.19 23:43:45 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.04.27 12:08:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 12:08:43 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 12:08:38 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.26 23:32:53 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DED8CED-791A-45C1-9746-788654B34E0F}.job [2011.05.26 23:29:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe [2011.05.26 23:25:02 | 000,026,897 | ---- | M] () -- C:\Users\**\Desktop\85104-otl-otlogfile-oldtimer.html [2011.05.26 22:57:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.26 22:57:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 22:57:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 22:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.26 22:57:20 | 3215,859,712 | -HS- | M] () -- C:\hiberfil.sys [2011.05.26 22:43:58 | 366,236,649 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.05.26 22:37:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.26 22:05:31 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.26 21:53:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.26 21:29:21 | 000,000,371 | -H-- | M] () -- C:\Users\**\Documents\Bilder - Verknüpfung.lnk [2011.05.26 13:07:04 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.05.26 12:59:46 | 000,001,905 | -H-- | M] () -- C:\Windows\diagwrn.xml [2011.05.26 12:59:46 | 000,001,905 | -H-- | M] () -- C:\Windows\diagerr.xml [2011.05.26 12:13:12 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~40165112r [2011.05.26 12:13:12 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~40165112 [2011.05.26 12:12:53 | 000,000,599 | -H-- | M] () -- C:\Users\**\Desktop\Windows Vista Recovery.lnk [2011.05.26 12:12:05 | 000,000,336 | -H-- | M] () -- C:\ProgramData\40165112 [2011.05.26 11:07:17 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.26 11:07:17 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.26 11:07:17 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.26 11:07:17 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.19 23:43:45 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.07 11:27:26 | 001,663,352 | -H-- | M] () -- C:\Users\**\Desktop\TECOSIM_Job_KO_Berechnungsingenieur.pdf [2011.04.28 09:44:20 | 000,050,845 | -H-- | M] () -- C:\Users\**\Desktop\Lebenslauf2011.pdf [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.26 23:25:01 | 000,026,897 | ---- | C] () -- C:\Users\**\Desktop\85104-otl-otlogfile-oldtimer.html [2011.05.26 22:57:20 | 3215,859,712 | -HS- | C] () -- C:\hiberfil.sys [2011.05.26 22:05:31 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.26 21:29:21 | 000,000,371 | -H-- | C] () -- C:\Users\**\Documents\Bilder - Verknüpfung.lnk [2011.05.26 12:59:26 | 000,001,905 | -H-- | C] () -- C:\Windows\diagwrn.xml [2011.05.26 12:59:26 | 000,001,905 | -H-- | C] () -- C:\Windows\diagerr.xml [2011.05.26 12:13:12 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~40165112r [2011.05.26 12:13:12 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~40165112 [2011.05.26 12:12:53 | 000,000,599 | -H-- | C] () -- C:\Users\**\Desktop\Windows Vista Recovery.lnk [2011.05.26 12:12:05 | 000,000,336 | -H-- | C] () -- C:\ProgramData\40165112 [2011.05.07 11:27:26 | 001,663,352 | -H-- | C] () -- C:\Users\**\Desktop\TECOSIM_Job_KO_Berechnungsingenieur.pdf [2011.04.28 09:47:26 | 000,050,845 | -H-- | C] () -- C:\Users\**\Desktop\Lebenslauf2011.pdf [2011.04.13 16:11:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Programme\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Programme\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini [2010.07.22 08:21:37 | 000,000,680 | -H-- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2009.11.17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.09.17 20:13:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 20:13:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 20:12:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.04 13:14:44 | 000,106,496 | -H-- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.04 13:14:29 | 000,024,206 | -H-- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png [2008.09.30 16:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.09.30 13:55:26 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.09.30 13:16:02 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.09.30 13:16:01 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.09.30 13:16:01 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.09.30 13:16:01 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.09.30 05:04:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll [2008.09.30 04:09:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.30 03:57:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.09.30 03:57:16 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.09.30 03:57:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.09.30 03:57:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.09.30 03:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.09.30 03:21:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,349,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > --------------------------------------------------------------------------OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.05.2011 23:31:21 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\**\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 45,71% Memory free
6,19 Gb Paging File | 4,14 Gb Available in Paging File | 66,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 189,80 Gb Free Space | 67,24% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,26 Gb Free Space | 26,96% Space Free | Partition Type: FAT32
Computer Name: **-PC | User Name: ** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24302E9B-2E5D-4C5C-9067-77A4975DCD25}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92B27A07-7B4C-4CC9-9D45-A647E94E232F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16BF3B58-9289-4178-BF9E-754E1179F541}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{196A33DE-8F1D-4B8B-91FF-7F142C7E8A55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30A42F73-7E41-4AC6-96EE-175A9CEE7D74}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30F9B9D9-BB1E-466E-84D7-779BFF35996C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{40C2DF0F-92D7-44D3-8A2F-0CF542B5CE68}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{6451B310-EA86-46DD-B00D-7AB343871246}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8298BC19-EA0B-4E53-909C-9F2179384984}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{90FFBDD7-606B-4A06-A7B2-76A7CECE13DC}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{AF8F63A5-8870-4606-8707-B7D4D49B6251}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{D4E70552-2928-4619-A5F5-DA61FE95CEE3}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{E25660AD-C22A-4919-9BD4-699EBD83D684}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD767686-D18A-4C46-B866-C2C749A46B33}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{10EDB0DE-46F8-4723-BA6D-4E0D51EA58C5}" = Audiograbber
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2D438E32-E46F-A3C7-B390-CFC652EE6478}" = Skins
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{35000C37-2D29-9C85-FCA2-433E6D462851}" = Catalyst Control Center Graphics Full New
"{35AEFC0E-C869-EA72-107A-9F0F630D8C2A}" = Catalyst Control Center Graphics Previews Common
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43141122-99AC-0765-CB34-A8F1BF4978C3}" = CCC Help German
"{44061C54-0775-4AE1-B433-79BCC6431817}" = WISO Mein Geld 2009 Professional
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{478CF179-BFA5-07C9-43A4-301B5DC449D2}" = Catalyst Control Center Graphics Previews Vista
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A69FE72-6764-B2CE-C275-89EDCCFC858D}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{70020E29-1E80-2F90-B125-30C752B3DFEE}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7D3398D2-0A93-E93D-4D3B-D93D1829964B}" = Catalyst Control Center InstallProxy
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D798C7D-933C-4678-28DE-B33A734B4DE9}" = ccc-utility
"{9DC7D0A4-00A8-5D59-B104-A7C82ED9FA7A}" = Catalyst Control Center Localization German
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B50E4F43-69CC-15E3-3BA2-8F4220AE1946}" = ATI Catalyst Install Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BABDF173-48C2-7BFF-CA6D-961CE652123C}" = Catalyst Control Center Core Implementation
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2479F1E-974C-E57E-4D20-40E0C37C80E5}" = ccc-core-static
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.01.24
"{F50C9048-B456-8BE2-B623-95A48B7F5463}" = Catalyst Control Center Graphics Full Existing
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JOE (Java oriented editing) 2.3.25_is1" = JOE (Java oriented editing) 2.3.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.7" = MiKTeX 2.7
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 1.0.0
"WinRAR archiver" = WinRAR Archivierer
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.11.2010 05:50:27 | Computer Name = **-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.11.2010 05:50:27 | Computer Name = **-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 30.11.2010 10:59:34 | Computer Name = **-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.11.2010 14:49:46 | Computer Name = **-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.11.2010 17:32:06 | Computer Name = **-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.11.2010 17:32:54 | Computer Name = **-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x27172717, Prozess-ID 0xb28, Anwendungsstartzeit
01cb90d5f381691b.
Error - 01.12.2010 02:15:07 | Computer Name = **-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2010 02:59:30 | Computer Name = **-PC | Source = EventSystem | ID = 4621
Description =
Error - 01.12.2010 03:03:27 | Computer Name = **-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.12.2010 07:31:15 | Computer Name = **-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.07.2009 18:07:41 | Computer Name = **-PC | Source = HTTP | ID = 15016
Description =
Error - 03.07.2009 18:09:06 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.07.2009 10:08:45 | Computer Name = **-PC | Source = HTTP | ID = 15016
Description =
Error - 04.07.2009 10:08:50 | Computer Name = **-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.35 für die Netzwerkkarte mit der Netzwerkadresse
00215D41B514 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 04.07.2009 10:10:14 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.07.2009 15:17:56 | Computer Name = **-PC | Source = HTTP | ID = 15016
Description =
Error - 04.07.2009 15:19:28 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.07.2009 14:26:39 | Computer Name = **-PC | Source = HTTP | ID = 15016
Description =
Error - 06.07.2009 14:26:44 | Computer Name = **-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.35 für die Netzwerkkarte mit der Netzwerkadresse
00215D41B514 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 06.07.2009 14:28:13 | Computer Name = **-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Ich bin's nochmal! Den vollständigen Suchlauf habe ich nun auch ausgeführt. Vielen vielen Dank schonmal Hier das Log-File: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6686 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 27.05.2011 01:51:01 mbam-log-2011-05-27 (01-51-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Durchsuchte Objekte: 349516 Laufzeit: 1 Stunde(n), 29 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\**\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\AH14O66U\windows-update-sp4-kb83810-setup[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully. c:\Users\**\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29\4e1187dd-12cc5991 (Trojan.Downloader) -> Quarantined and deleted successfully. c:\Users\**\AppData\Roaming\Adobe\plugs\mmc9997604.txt (Trojan.FakeMS) -> Quarantined and deleted successfully. Außerdem habe ich noch GMER durchlaufen lassen. Ich hoffe, dass die Infos zur vollständigen Diagnose meines Problems ausreichen. Ich freue mich über jede hilfreiche Antwort. Mercury Anhang 18179 |
|
29.05.2011, 10:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Schwarzer Bildschirm, Dateien verstecktZitat:
Bei dieser Gelegenheit auch am besten alle Toolbars deinstallieren. Erstell danach ein frisches OTL-Log und poste es: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
29.05.2011, 19:56
| #3 |
| | Schwarzer Bildschirm, Dateien versteckt Herzlichen Dank für die schnelle Antwort.
__________________Ich warte auf neue Befehle! ;-) Viele Grüße Mercury -------------- OTL-File -------------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.05.2011 20:00:00 - Run 3 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\**\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,51% Memory free 6,18 Gb Paging File | 4,96 Gb Available in Paging File | 80,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 282,27 Gb Total Space | 190,62 Gb Free Space | 67,53% Space Free | Partition Type: NTFS Drive D: | 15,81 Gb Total Space | 4,26 Gb Free Space | 26,96% Space Free | Partition Type: FAT32 Computer Name: **-PC | User Name: ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\Softex\OmniPass\scureapp.exe () PRC - C:\Programme\Softex\OmniPass\opvapp.exe () PRC - C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\**\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\KC\AppData\Local\Temp\cpes_clean_launcher.exe () O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\**\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\**\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\AutoRun\command - "" = jdhc2x2.com O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\explore\Command - "" = jdhc2x2.com O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\open\Command - "" = jdhc2x2.com O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.29 19:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles [2011.05.28 12:07:38 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Local\Buhl Data Service [2011.05.28 12:07:37 | 000,000,000 | ---D | C] -- C:\Users\**\AppData\Roaming\Buhl Data Service GmbH [2011.05.27 19:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.05.27 19:05:02 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.05.27 17:50:55 | 000,100,736 | ---- | C] (GMER) -- C:\pgldqpoc.sys [2011.05.26 23:29:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe [2011.05.26 21:51:03 | 000,000,000 | -H-D | C] -- C:\Users\**\AppData\Roaming\Malwarebytes [2011.05.26 21:50:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.26 21:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.26 21:50:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.05.26 21:50:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.26 21:50:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.26 12:12:41 | 000,000,000 | -H-D | C] -- C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.29 19:56:18 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DED8CED-791A-45C1-9746-788654B34E0F}.job [2011.05.29 19:54:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.29 19:53:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 19:53:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.29 19:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.29 19:53:45 | 3215,859,712 | -HS- | M] () -- C:\hiberfil.sys [2011.05.29 19:46:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.29 19:37:14 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.28 12:36:15 | 334,339,017 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.05.28 11:58:50 | 000,000,760 | -H-- | M] () -- C:\Users\**\Documents\Meine freigegebenen Ordner.lnk [2011.05.28 11:54:54 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2011.05.27 19:05:43 | 000,007,233 | ---- | M] () -- C:\Users\**\Desktop\Gmer.zip [2011.05.27 19:04:50 | 001,110,476 | ---- | M] () -- C:\Users\**\Desktop\7z920.exe [2011.05.27 17:50:55 | 000,100,736 | ---- | M] (GMER) -- C:\pgldqpoc.sys [2011.05.27 17:44:20 | 000,302,080 | ---- | M] () -- C:\Users\**\Desktop\qvq6xx08.exe [2011.05.26 23:29:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\**\Desktop\OTL.exe [2011.05.26 23:25:02 | 000,026,897 | ---- | M] () -- C:\Users\**\Desktop\85104-otl-otlogfile-oldtimer.html [2011.05.26 22:05:31 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.26 21:29:21 | 000,000,371 | -H-- | M] () -- C:\Users\KC\Documents\Bilder - Verknüpfung.lnk [2011.05.26 13:07:04 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.05.26 12:59:46 | 000,001,905 | -H-- | M] () -- C:\Windows\diagwrn.xml [2011.05.26 12:59:46 | 000,001,905 | -H-- | M] () -- C:\Windows\diagerr.xml [2011.05.26 12:13:12 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~40165112r [2011.05.26 12:13:12 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~40165112 [2011.05.26 12:12:53 | 000,000,599 | -H-- | M] () -- C:\Users\**\Desktop\Windows Vista Recovery.lnk [2011.05.26 12:12:05 | 000,000,336 | -H-- | M] () -- C:\ProgramData\40165112 [2011.05.26 11:07:17 | 000,629,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.26 11:07:17 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.26 11:07:17 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.26 11:07:17 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.07 11:27:26 | 001,663,352 | -H-- | M] () -- C:\Users\**\Desktop\TECOSIM_Job_KO_Berechnungsingenieur.pdf [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.27 19:05:43 | 000,007,233 | ---- | C] () -- C:\Users\**\Desktop\Gmer.zip [2011.05.27 19:04:46 | 001,110,476 | ---- | C] () -- C:\Users\**\Desktop\7z920.exe [2011.05.27 17:44:16 | 000,302,080 | ---- | C] () -- C:\Users\**\Desktop\qvq6xx08.exe [2011.05.26 23:25:01 | 000,026,897 | ---- | C] () -- C:\Users\**\Desktop\85104-otl-otlogfile-oldtimer.html [2011.05.26 22:57:20 | 3215,859,712 | -HS- | C] () -- C:\hiberfil.sys [2011.05.26 22:05:31 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.26 21:29:21 | 000,000,371 | -H-- | C] () -- C:\Users\**\Documents\Bilder - Verknüpfung.lnk [2011.05.26 12:59:26 | 000,001,905 | -H-- | C] () -- C:\Windows\diagwrn.xml [2011.05.26 12:59:26 | 000,001,905 | -H-- | C] () -- C:\Windows\diagerr.xml [2011.05.26 12:13:12 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~40165112r [2011.05.26 12:13:12 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~40165112 [2011.05.26 12:12:53 | 000,000,599 | -H-- | C] () -- C:\Users\**\Desktop\Windows Vista Recovery.lnk [2011.05.26 12:12:05 | 000,000,336 | -H-- | C] () -- C:\ProgramData\40165112 [2011.05.07 11:27:26 | 001,663,352 | -H-- | C] () -- C:\Users\**\Desktop\TECOSIM_Job_KO_Berechnungsingenieur.pdf [2011.04.13 16:11:47 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Programme\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Programme\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Programme\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini [2010.07.22 08:21:37 | 000,000,680 | -H-- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2009.09.17 20:13:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 20:13:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.17 20:12:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.04 13:14:44 | 000,106,496 | -H-- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.04 13:14:29 | 000,024,206 | -H-- | C] () -- C:\Users\**\AppData\Roaming\UserTile.png [2008.09.30 16:46:42 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.09.30 13:55:26 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.09.30 13:16:02 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.09.30 13:16:01 | 000,629,186 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.09.30 13:16:01 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.09.30 13:16:01 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.09.30 05:04:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll [2008.09.30 04:09:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.30 03:57:16 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.09.30 03:57:16 | 000,172,033 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.09.30 03:57:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.09.30 03:57:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.09.30 03:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.09.30 03:21:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.12.21 16:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,349,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,596,440 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2011.05.28 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Buhl Data Service GmbH [2010.08.04 08:16:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\CheckPoint [2011.04.13 14:05:03 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org [2011.05.07 00:21:37 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\SoftGrid Client [2011.01.30 15:24:28 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\TP [2009.04.09 12:36:02 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Windows Live Writer [2011.05.29 19:46:20 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.29 19:56:18 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5DED8CED-791A-45C1-9746-788654B34E0F}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.26 12:02:34 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Adobe [2009.01.03 20:12:46 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\ATI [2010.11.07 10:40:08 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Avira [2011.05.28 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Buhl Data Service GmbH [2010.08.04 08:16:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\CheckPoint [2009.08.16 19:02:49 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\CyberLink [2011.05.26 21:21:58 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\dvdcss [2009.01.04 15:13:29 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Google [2009.01.03 20:12:18 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Identities [2010.01.26 09:57:32 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\InstallShield [2009.01.04 15:18:04 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Macromedia [2011.05.26 21:51:03 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Media Center Programs [2011.04.15 15:47:26 | 000,000,000 | --SD | M] -- C:\Users\**\AppData\Roaming\Microsoft [2009.01.04 13:07:49 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Nero [2011.04.13 14:05:03 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org [2011.05.29 19:55:42 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Skype [2011.05.26 12:35:41 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\skypePM [2011.05.07 00:21:37 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\SoftGrid Client [2011.01.30 15:24:28 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\TP [2011.05.26 21:22:00 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\vlc [2009.04.09 12:36:02 | 000,000,000 | -H-D | M] -- C:\Users\**\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2009.09.10 18:51:03 | 000,010,752 | RH-- | M] () -- C:\Users\**\AppData\Roaming\Microsoft\Installer\{10EDB0DE-46F8-4723-BA6D-4E0D51EA58C5}\Icon10EDB0DE.exe [2009.09.10 18:51:03 | 000,017,408 | RH-- | M] () -- C:\Users\**\AppData\Roaming\Microsoft\Installer\{10EDB0DE-46F8-4723-BA6D-4E0D51EA58C5}\Icon10EDB0DE2.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.08.18 12:13:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.08.18 12:13:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.08.18 12:13:54 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll < > < End of report > |
|
30.05.2011, 09:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, Dateien versteckt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\AutoRun\command - "" = jdhc2x2.com
O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\explore\Command - "" = jdhc2x2.com
O33 - MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\Shell\open\Command - "" = jdhc2x2.com
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.05.2011, 11:28
| #5 |
| | Schwarzer Bildschirm, Dateien versteckt Hallo Arne! Der OTL Fix ging unerwartet schnell. Ich hoffe, ich habe alles richtig gemacht. Gruß Mercury ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. D:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1eaa1-8825-11de-8c59-001060d122ed}\ not found. File jdhc2x2.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1eaa1-8825-11de-8c59-001060d122ed}\ not found. File jdhc2x2.com not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8e1eaa1-8825-11de-8c59-001060d122ed}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8e1eaa1-8825-11de-8c59-001060d122ed}\ not found. File jdhc2x2.com not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.23.0 log created on 05302011_122319 |
|
30.05.2011, 13:32
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, Dateien versteckt Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Schwarzer Bildschirm, Dateien versteckt |
|
30.05.2011, 18:24
| #7 |
| | Schwarzer Bildschirm, Dateien versteckt Hallo Arne! Kaspersky hat keine infizierten Objekte gefunden. Das sieht schonmal sehr gut aus: 2011/05/30 19:13:39.0519 2904 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24 2011/05/30 19:13:39.0566 2904 ================================================================================ 2011/05/30 19:13:39.0566 2904 SystemInfo: 2011/05/30 19:13:39.0566 2904 2011/05/30 19:13:39.0566 2904 OS Version: 6.0.6002 ServicePack: 2.0 2011/05/30 19:13:39.0566 2904 Product type: Workstation 2011/05/30 19:13:39.0566 2904 ComputerName: **-PC 2011/05/30 19:13:39.0566 2904 UserName: ** 2011/05/30 19:13:39.0566 2904 Windows directory: C:\Windows 2011/05/30 19:13:39.0566 2904 System windows directory: C:\Windows 2011/05/30 19:13:39.0566 2904 Processor architecture: Intel x86 2011/05/30 19:13:39.0566 2904 Number of processors: 2 2011/05/30 19:13:39.0566 2904 Page size: 0x1000 2011/05/30 19:13:39.0566 2904 Boot type: Normal boot 2011/05/30 19:13:39.0566 2904 ================================================================================ 2011/05/30 19:13:41.0079 2904 Initialize success 2011/05/30 19:13:46.0570 3008 ================================================================================ 2011/05/30 19:13:46.0570 3008 Scan started 2011/05/30 19:13:46.0570 3008 Mode: Manual; 2011/05/30 19:13:46.0570 3008 ================================================================================ 2011/05/30 19:13:47.0350 3008 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/05/30 19:13:47.0459 3008 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/05/30 19:13:47.0506 3008 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/05/30 19:13:47.0537 3008 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/05/30 19:13:47.0584 3008 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/05/30 19:13:47.0647 3008 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/05/30 19:13:47.0693 3008 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/05/30 19:13:47.0725 3008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/05/30 19:13:47.0771 3008 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/05/30 19:13:47.0803 3008 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/05/30 19:13:47.0818 3008 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/05/30 19:13:47.0849 3008 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/05/30 19:13:47.0896 3008 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/05/30 19:13:47.0990 3008 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/05/30 19:13:48.0052 3008 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/05/30 19:13:48.0115 3008 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/30 19:13:48.0146 3008 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/05/30 19:13:48.0286 3008 atikmdag (bc3ef1d5aced536b5046eeb8aeb6daae) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/30 19:13:48.0442 3008 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys 2011/05/30 19:13:48.0536 3008 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/30 19:13:48.0629 3008 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/30 19:13:48.0661 3008 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/30 19:13:48.0707 3008 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/05/30 19:13:48.0754 3008 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/05/30 19:13:48.0801 3008 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/30 19:13:48.0848 3008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/05/30 19:13:48.0863 3008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/05/30 19:13:48.0926 3008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/05/30 19:13:48.0973 3008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/05/30 19:13:49.0004 3008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/05/30 19:13:49.0051 3008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/05/30 19:13:49.0082 3008 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/05/30 19:13:49.0129 3008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/05/30 19:13:49.0175 3008 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/05/30 19:13:49.0222 3008 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys 2011/05/30 19:13:49.0253 3008 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/05/30 19:13:49.0285 3008 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/30 19:13:49.0331 3008 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/30 19:13:49.0378 3008 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/05/30 19:13:49.0425 3008 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/05/30 19:13:49.0503 3008 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/30 19:13:49.0550 3008 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/05/30 19:13:49.0597 3008 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/30 19:13:49.0612 3008 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/05/30 19:13:49.0643 3008 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/05/30 19:13:49.0721 3008 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/05/30 19:13:49.0768 3008 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/05/30 19:13:49.0862 3008 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/05/30 19:13:49.0909 3008 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 2011/05/30 19:13:50.0033 3008 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/05/30 19:13:50.0205 3008 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/30 19:13:50.0314 3008 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/05/30 19:13:50.0377 3008 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/05/30 19:13:50.0501 3008 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/05/30 19:13:50.0564 3008 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/05/30 19:13:50.0642 3008 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/05/30 19:13:50.0720 3008 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/05/30 19:13:50.0751 3008 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/30 19:13:50.0813 3008 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/05/30 19:13:50.0845 3008 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/05/30 19:13:50.0938 3008 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/30 19:13:50.0985 3008 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/05/30 19:13:51.0079 3008 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/30 19:13:51.0110 3008 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/05/30 19:13:51.0203 3008 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2011/05/30 19:13:51.0250 3008 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/30 19:13:51.0313 3008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/05/30 19:13:51.0344 3008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/05/30 19:13:51.0406 3008 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/30 19:13:51.0453 3008 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/05/30 19:13:51.0625 3008 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/05/30 19:13:51.0656 3008 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/05/30 19:13:51.0687 3008 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/30 19:13:51.0718 3008 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/05/30 19:13:51.0765 3008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/05/30 19:13:51.0921 3008 IntcAzAudAddService (f3005ab264de5a56774e115729d50335) C:\Windows\system32\drivers\RTKVHDA.sys 2011/05/30 19:13:52.0046 3008 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/05/30 19:13:52.0093 3008 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/30 19:13:52.0139 3008 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/30 19:13:52.0217 3008 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/05/30 19:13:52.0342 3008 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/05/30 19:13:52.0373 3008 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/05/30 19:13:52.0405 3008 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/05/30 19:13:52.0514 3008 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/30 19:13:52.0545 3008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/05/30 19:13:52.0592 3008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/05/30 19:13:52.0639 3008 JRAID (edd98815d445e6a42a60815173bf4afa) C:\Windows\system32\DRIVERS\jraid.sys 2011/05/30 19:13:52.0670 3008 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/30 19:13:52.0717 3008 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/05/30 19:13:52.0779 3008 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/30 19:13:52.0841 3008 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/30 19:13:52.0888 3008 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/05/30 19:13:52.0919 3008 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/05/30 19:13:52.0951 3008 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/05/30 19:13:53.0013 3008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/05/30 19:13:53.0091 3008 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/05/30 19:13:53.0153 3008 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/05/30 19:13:53.0216 3008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/05/30 19:13:53.0294 3008 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/30 19:13:53.0309 3008 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/30 19:13:53.0341 3008 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/30 19:13:53.0372 3008 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/05/30 19:13:53.0419 3008 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/05/30 19:13:53.0450 3008 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/30 19:13:53.0512 3008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/05/30 19:13:53.0575 3008 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/30 19:13:53.0653 3008 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/30 19:13:53.0715 3008 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/30 19:13:53.0731 3008 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/30 19:13:53.0777 3008 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/05/30 19:13:53.0855 3008 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/05/30 19:13:53.0887 3008 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/05/30 19:13:53.0949 3008 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/05/30 19:13:54.0011 3008 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/30 19:13:54.0058 3008 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/30 19:13:54.0089 3008 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/05/30 19:13:54.0152 3008 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/05/30 19:13:54.0183 3008 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/30 19:13:54.0245 3008 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/05/30 19:13:54.0308 3008 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/05/30 19:13:54.0355 3008 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/30 19:13:54.0433 3008 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/05/30 19:13:54.0495 3008 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/30 19:13:54.0526 3008 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/30 19:13:54.0557 3008 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/30 19:13:54.0589 3008 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/05/30 19:13:54.0651 3008 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/30 19:13:54.0698 3008 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/30 19:13:54.0854 3008 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/05/30 19:13:54.0994 3008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/05/30 19:13:55.0041 3008 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/05/30 19:13:55.0088 3008 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/30 19:13:55.0197 3008 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/05/30 19:13:55.0244 3008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/05/30 19:13:55.0275 3008 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/05/30 19:13:55.0306 3008 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/05/30 19:13:55.0337 3008 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/05/30 19:13:55.0369 3008 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/05/30 19:13:55.0493 3008 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/05/30 19:13:55.0540 3008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/05/30 19:13:55.0587 3008 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/05/30 19:13:55.0603 3008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/05/30 19:13:55.0681 3008 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/05/30 19:13:55.0727 3008 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/05/30 19:13:55.0759 3008 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/05/30 19:13:55.0837 3008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/05/30 19:13:55.0930 3008 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/30 19:13:55.0961 3008 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/05/30 19:13:56.0055 3008 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/30 19:13:56.0133 3008 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/05/30 19:13:56.0211 3008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/05/30 19:13:56.0242 3008 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/30 19:13:56.0273 3008 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/30 19:13:56.0305 3008 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/30 19:13:56.0351 3008 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/30 19:13:56.0398 3008 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/30 19:13:56.0445 3008 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/30 19:13:56.0476 3008 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/30 19:13:56.0523 3008 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/05/30 19:13:56.0539 3008 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/30 19:13:56.0585 3008 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/05/30 19:13:56.0695 3008 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/05/30 19:13:56.0851 3008 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/30 19:13:56.0929 3008 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/05/30 19:13:56.0975 3008 RTSTOR (4f31cfdebd0a5bc27d45e7ebfefaaf6f) C:\Windows\system32\drivers\RTSTOR.SYS 2011/05/30 19:13:57.0007 3008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/05/30 19:13:57.0053 3008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/05/30 19:13:57.0100 3008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/05/30 19:13:57.0131 3008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/05/30 19:13:57.0163 3008 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/05/30 19:13:57.0209 3008 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/05/30 19:13:57.0241 3008 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/30 19:13:57.0272 3008 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/30 19:13:57.0303 3008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/05/30 19:13:57.0365 3008 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys 2011/05/30 19:13:57.0428 3008 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys 2011/05/30 19:13:57.0459 3008 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys 2011/05/30 19:13:57.0490 3008 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys 2011/05/30 19:13:57.0537 3008 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/05/30 19:13:57.0553 3008 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/05/30 19:13:57.0584 3008 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/05/30 19:13:57.0631 3008 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/05/30 19:13:57.0662 3008 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/05/30 19:13:57.0724 3008 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/05/30 19:13:57.0771 3008 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/30 19:13:57.0802 3008 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/30 19:13:57.0818 3008 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/05/30 19:13:57.0880 3008 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/30 19:13:57.0911 3008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/05/30 19:13:57.0943 3008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/05/30 19:13:57.0974 3008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/05/30 19:13:58.0036 3008 SynTP (4351ec1757f4bec35f635f6ac995c060) C:\Windows\system32\DRIVERS\SynTP.sys 2011/05/30 19:13:58.0114 3008 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys 2011/05/30 19:13:58.0192 3008 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/30 19:13:58.0208 3008 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/30 19:13:58.0255 3008 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/05/30 19:13:58.0301 3008 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/05/30 19:13:58.0333 3008 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/30 19:13:58.0364 3008 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/30 19:13:58.0426 3008 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys 2011/05/30 19:13:58.0457 3008 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\Windows\system32\DRIVERS\tosrfbd.sys 2011/05/30 19:13:58.0473 3008 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys 2011/05/30 19:13:58.0520 3008 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\Windows\system32\Drivers\tosrfcom.sys 2011/05/30 19:13:58.0551 3008 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys 2011/05/30 19:13:58.0582 3008 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys 2011/05/30 19:13:58.0613 3008 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys 2011/05/30 19:13:58.0629 3008 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys 2011/05/30 19:13:58.0707 3008 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/30 19:13:58.0738 3008 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/05/30 19:13:58.0769 3008 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/30 19:13:58.0816 3008 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/05/30 19:13:58.0863 3008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/30 19:13:58.0910 3008 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/30 19:13:58.0941 3008 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/05/30 19:13:58.0988 3008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/05/30 19:13:59.0019 3008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/05/30 19:13:59.0066 3008 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/30 19:13:59.0097 3008 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/30 19:13:59.0128 3008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/05/30 19:13:59.0191 3008 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/30 19:13:59.0222 3008 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/30 19:13:59.0269 3008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/05/30 19:13:59.0300 3008 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2011/05/30 19:13:59.0331 3008 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/30 19:13:59.0362 3008 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/30 19:13:59.0409 3008 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/05/30 19:13:59.0471 3008 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/30 19:13:59.0487 3008 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/05/30 19:13:59.0534 3008 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/05/30 19:13:59.0565 3008 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/05/30 19:13:59.0612 3008 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/05/30 19:13:59.0643 3008 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/05/30 19:13:59.0674 3008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/05/30 19:13:59.0721 3008 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/05/30 19:13:59.0768 3008 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/05/30 19:13:59.0830 3008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/05/30 19:13:59.0877 3008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/30 19:13:59.0908 3008 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/30 19:13:59.0955 3008 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/05/30 19:14:00.0002 3008 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/30 19:14:00.0158 3008 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/30 19:14:00.0220 3008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/05/30 19:14:00.0267 3008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/30 19:14:00.0314 3008 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/30 19:14:00.0376 3008 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/05/30 19:14:00.0392 3008 ================================================================================ 2011/05/30 19:14:00.0392 3008 Scan finished 2011/05/30 19:14:00.0392 3008 ================================================================================ 2011/05/30 19:14:00.0392 1968 Detected object count: 0 2011/05/30 19:14:00.0392 1968 Actual detected object count: 0 |
|
30.05.2011, 18:29
| #8 |
| | Schwarzer Bildschirm, Dateien versteckt Unhide.exe hat meine persönlichen Daten auch wieder vollständig sichtbar gemacht. Allerdings fehlen noch ein paar Verlinkungen auf dem Desktop (Arbeitsplatz, Papierkorb,...) und die Icons in der Fußzeile links neben dem Start Button. Außerdem ist mein noch Hintergrund komplett schwarz. Ich bin aber schonmal sehr, sehr erleichtert, dass alle meine Daten wieder da sind! ;-) Ganz herzlichen Dank dafür. Mercury |
|
30.05.2011, 19:26
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, Dateien versteckt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2011, 20:07
| #10 |
| | Schwarzer Bildschirm, Dateien versteckt Done!!! Combofix Logfile: Code:
ATTFilter ComboFix 11-05-30.04 - ** 30.05.2011 20:35:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1903 [GMT 2:00]
ausgeführt von:: c:\users\**\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\users\**\AppData\Roaming\Adobe\plugs
c:\users\**\AppData\Roaming\Adobe\shed
c:\users\**\AppData\Roaming\Adobe\shed\thr1.chm
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 18:42 . 2011-05-30 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 18:31 . 2011-05-30 18:32 -------- d-----w- C:\32788R22FWJFW
2011-05-30 10:23 . 2011-05-30 10:23 -------- d-----w- C:\_OTL
2011-05-28 10:07 . 2011-05-28 10:07 -------- d-----w- c:\users\**\AppData\Local\Buhl Data Service
2011-05-28 10:07 . 2011-05-28 10:07 -------- d-----w- c:\users\**\AppData\Roaming\Buhl Data Service GmbH
2011-05-27 17:05 . 2011-05-27 17:05 -------- d-----w- c:\program files\7-Zip
2011-05-27 15:50 . 2011-05-27 15:50 100736 ----a-w- C:\pgldqpoc.sys
2011-05-26 19:51 . 2011-05-26 19:51 -------- d-----w- c:\users\**\AppData\Roaming\Malwarebytes
2011-05-26 19:50 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-26 19:50 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 19:50 . 2011-05-26 20:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-19 21:43 . 2011-05-19 21:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 07:05 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 11:58 . 2010-07-01 17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 12:17 . 2009-06-28 17:14 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-27 10:08 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-12 21:00 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-12 21:00 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-12 21:00 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 10:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 10:08 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 10:08 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 10:08 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 10:08 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-12 21:00 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-12 21:00 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-01-19 11:34 . 2011-01-19 11:34 3003392 ----a-w- c:\program files\openofficeorg33.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-24 6298144]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-08-05 2666496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-04 1033512]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-05 30192]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca1e91e080bf4a;Google Update Service (gupdate1ca1e91e080bf4a);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-05 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 133104]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 16:51]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-16 16:51]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{5DED8CED-791A-45C1-9746-788654B34E0F}.job
- c:\windows\system32\msfeedssync.exe [2011-04-12 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-30 20:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{024df4c0-d370-4740-8d0b-448f3acaebc9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{38d5588b-72b0-47c5-8033-febb4f4ae021}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:17000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{715cd67b-515c-4107-8e11-5c0e05c8e017}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:17000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8c6b6d97-6173-4b9d-b858-a87426eda3b2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1d020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9fa0e3fd-d6d1-4262-bf61-eb83f3276f05}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14001060
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ae3bf138-64e4-481f-888a-61a9de656fb6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a0040d0
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c58c93a5-8400-42d1-9808-812d4bee057d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001060
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d77176ae-80da-4224-89dc-3ce0ef2eb4ad}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d959d73b-3262-4772-ae14-19f93b9d4b32}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:130016ea
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{db28065a-7bbb-428d-8d68-55c23449e42a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1e00059a
"Dhcpv6State"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-30 20:57:51
ComboFix-quarantined-files.txt 2011-05-30 18:57
.
Vor Suchlauf: 10 Verzeichnis(se), 203.601.199.104 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 206.054.838.272 Bytes frei
.
- - End Of File - - 17A06037C483BDB94B9B94EE8E0B2531
|
|
02.06.2011, 20:49
| #11 |
| | Schwarzer Bildschirm, Dateien versteckt Hallo Arne! Mein AntiVirenProgramm findet nach wie vor unerwünschte Objekte/Dateien. Traue mich zur Zeit nicht, meinen Rechner normal zu benutzen. Wie soll ich nun weiter verfahren? Viele Grüße Mercury |
|
03.06.2011, 10:54
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, Dateien verstecktZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2011, 14:20
| #13 |
| | Schwarzer Bildschirm, Dateien versteckt Hi! Was hat denn der Scan von Cofi ergeben? Sieht das OK aus? Viele Grüße Mercury Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 2. Juni 2011 20:06 Es wird nach 2707846 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : **-PC Versionsinformationen: BUILD.DAT : 10.0.0.648 31823 Bytes 01.04.2011 18:23:00 AVSCAN.EXE : 10.0.4.2 442024 Bytes 03.05.2011 10:16:46 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 11:42:16 LUKE.DLL : 10.0.3.2 104296 Bytes 11.12.2010 22:40:45 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:58:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:39:27 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 20:59:01 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 20:51:55 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 22:55:27 VBASE005.VDF : 7.11.8.179 2048 Bytes 31.05.2011 22:55:27 VBASE006.VDF : 7.11.8.180 2048 Bytes 31.05.2011 22:55:27 VBASE007.VDF : 7.11.8.181 2048 Bytes 31.05.2011 22:55:27 VBASE008.VDF : 7.11.8.182 2048 Bytes 31.05.2011 22:55:27 VBASE009.VDF : 7.11.8.183 2048 Bytes 31.05.2011 22:55:27 VBASE010.VDF : 7.11.8.184 2048 Bytes 31.05.2011 22:55:27 VBASE011.VDF : 7.11.8.185 2048 Bytes 31.05.2011 22:55:27 VBASE012.VDF : 7.11.8.186 2048 Bytes 31.05.2011 22:55:27 VBASE013.VDF : 7.11.8.222 121856 Bytes 02.06.2011 18:04:55 VBASE014.VDF : 7.11.8.223 2048 Bytes 02.06.2011 18:04:56 VBASE015.VDF : 7.11.8.224 2048 Bytes 02.06.2011 18:04:56 VBASE016.VDF : 7.11.8.225 2048 Bytes 02.06.2011 18:04:57 VBASE017.VDF : 7.11.8.226 2048 Bytes 02.06.2011 18:04:57 VBASE018.VDF : 7.11.8.227 2048 Bytes 02.06.2011 18:04:57 VBASE019.VDF : 7.11.8.228 2048 Bytes 02.06.2011 18:04:58 VBASE020.VDF : 7.11.8.229 2048 Bytes 02.06.2011 18:05:00 VBASE021.VDF : 7.11.8.230 2048 Bytes 02.06.2011 18:05:00 VBASE022.VDF : 7.11.8.231 2048 Bytes 02.06.2011 18:05:01 VBASE023.VDF : 7.11.8.232 2048 Bytes 02.06.2011 18:05:01 VBASE024.VDF : 7.11.8.233 2048 Bytes 02.06.2011 18:05:02 VBASE025.VDF : 7.11.8.234 2048 Bytes 02.06.2011 18:05:02 VBASE026.VDF : 7.11.8.235 2048 Bytes 02.06.2011 18:05:02 VBASE027.VDF : 7.11.8.236 2048 Bytes 02.06.2011 18:05:02 VBASE028.VDF : 7.11.8.237 2048 Bytes 02.06.2011 18:05:02 VBASE029.VDF : 7.11.8.238 2048 Bytes 02.06.2011 18:05:02 VBASE030.VDF : 7.11.8.239 2048 Bytes 02.06.2011 18:05:03 VBASE031.VDF : 7.11.8.246 34304 Bytes 02.06.2011 18:05:05 Engineversion : 8.2.5.12 AEVDF.DLL : 8.1.2.1 106868 Bytes 10.11.2010 09:04:19 AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 27.05.2011 06:24:42 AESCN.DLL : 8.1.7.2 127349 Bytes 28.11.2010 18:54:51 AESBX.DLL : 8.2.1.34 323957 Bytes 02.06.2011 18:06:20 AERDL.DLL : 8.1.9.9 639347 Bytes 30.03.2011 12:17:01 AEPACK.DLL : 8.2.6.8 557430 Bytes 26.05.2011 10:07:42 AEOFFICE.DLL : 8.1.1.25 205178 Bytes 02.06.2011 18:06:12 AEHEUR.DLL : 8.1.2.123 3502456 Bytes 02.06.2011 18:06:10 AEHELP.DLL : 8.1.17.2 246135 Bytes 26.05.2011 10:07:39 AEGEN.DLL : 8.1.5.6 401780 Bytes 26.05.2011 10:07:38 AEEMU.DLL : 8.1.3.0 393589 Bytes 28.11.2010 18:54:48 AECORE.DLL : 8.1.21.1 196983 Bytes 26.05.2011 10:07:38 AEBB.DLL : 8.1.1.0 53618 Bytes 10.11.2010 09:04:19 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:59:07 AVREP.DLL : 10.0.0.10 174120 Bytes 26.05.2011 10:07:43 AVREG.DLL : 10.0.3.2 53096 Bytes 10.11.2010 09:04:19 AVSCPLR.DLL : 10.0.4.2 84840 Bytes 03.05.2011 10:16:46 AVARKT.DLL : 10.0.22.6 231784 Bytes 11.12.2010 22:40:44 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 09:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.11.2010 09:04:19 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Q:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Donnerstag, 2. Juni 2011 20:06 Der Suchlauf nach versteckten Objekten wird begonnen. c:\windows\system32\logonui.exe c:\windows\system32\logonui.exe [HINWEIS] Der Prozess ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'DllHost.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '169' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtProc.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'tosOBEX.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'TosAVRC.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexingService.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtHsp.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtHid.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'TosA2dp.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.bin' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'soffice.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'wuauclt.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtMng.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'ISUSPM.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexStoreSvr.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'opvapp.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'AdobeARM.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleDesktop.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'PDVDServ.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'scureapp.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'ItSecMng.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'CVHSVC.EXE' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'sftlist.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'TosBtSrv.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'PSIService.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'IoctlSvc.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'NBService.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'OmniServ.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'Q:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '382' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <BOOT> C:\Users\**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\4d7d421f-55974b3e [0] Archivtyp: ZIP [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2711 --> google/jora.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2711 --> google/kopler.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.16518 --> google/maria.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.600 --> google/opeltur.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.1281 --> google/psalero.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.1151 C:\Users\**\Desktop\cofi.exe [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [0] Archivtyp: NSIS --> ProgramFilesDir/handle.cfxxe [1] Archivtyp: RSRC --> Object [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen Beginne mit der Suche in 'D:\' <RECOVER> Beginne mit der Suche in 'Q:\' Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden! Systemfehler [5]: Zugriff verweigert Beginne mit der Desinfektion: C:\Users\**\Desktop\cofi.exe [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [WARNUNG] Fehler in der ARK Library [WARNUNG] Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche Ursache: Zugriff verweigert C:\Users\**\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\4d7d421f-55974b3e [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.1151 [WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! [WARNUNG] Fehler in der ARK Library [WARNUNG] Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden. Mögliche Ursache: Zugriff verweigert Die Reparaturanweisungen wurden in die Datei 'C:\avrescue\rescue.avp' geschrieben. Ende des Suchlaufs: Donnerstag, 2. Juni 2011 21:36 Benötigte Zeit: 1:28:53 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 30558 Verzeichnisse wurden überprüft 692089 Dateien wurden geprüft 6 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 692083 Dateien ohne Befall 5963 Archive wurden durchsucht 2 Warnungen 1 Hinweise 644321 Objekte wurden beim Rootkitscan durchsucht 1 Versteckte Objekte wurden gefunden |
|
03.06.2011, 19:01
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Schwarzer Bildschirm, Dateien verstecktZitat:
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.06.2011, 19:48
| #15 |
| | Schwarzer Bildschirm, Dateien versteckt Hallo Arne! Danke dir! Hab mir schon sowas gedacht. Ich habe nun OSAM ausgeführt. GMER hat nicht funktioniert. Hier das Log-File: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:40:37 on 03.06.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\KC\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pgldqpoc" (pgldqpoc) - ? - C:\Users\KC\AppData\Local\Temp\pgldqpoc.sys (Hidden registry entry, rootkit activity | File not found) "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) {00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) <binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START "JMB36X IDE Setup" - ? - C:\Windows\RaidTool\xInsIDE.exe (File found, but it contains no detailed information) "LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe" "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll (File found, but it contains no detailed information) "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Update Service (gupdate1ca1e91e080bf4a)" (gupdate1ca1e91e080bf4a) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
| Themen zu Schwarzer Bildschirm, Dateien versteckt |
| antivir, autorun, avira, bho, bildschirm, checkpoint, conduit, dateien versteckt, document, ebay, error, excel.exe, firefox, flash player, geld, google, google chrome, home, iexplore.exe, install.exe, installation, intranet, logfile, microsoft office word, mozilla, msvcr80.dll, office 2007, oldtimer, plug-in, realtek, registry, sched.exe, schwarzer bildschirm, security, security update, senden, shell32.dll, software, start menu, svchost.exe, trojan.fakems, trojaner, usb 2.0, vista |
Textbox.
.
Linear-Darstellung
