| |
| |||||||
Log-Analyse und Auswertung: Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.06.2011, 21:38
| #1 |
 |  Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Hallo, seit gestern (zumindest ist es mir vorher nicht aufgefallen) lässt sich der Dienst für das Sicherheitscenter nicht mehr starten. Ferner funktionieren die Systemsicherung/-wiederherstellung sowie die MS Security Essentials (Fenster geht kurz auf und verschwindet dann wieder) nicht. Der Dienst ist deaktiviert, versuche ich ihn zu aktivieren und manuell zu starten, wird dieser kurze Zeit später wieder beendet und deaktiviert. Ich habe sowohl mit Anti-Malware als auch mit MS Safety Scanner das System durchsuchen lassen, allerdings ohne positiven Bescheid. Das Verhalten kommt mir doch relativ seltsam vor. Anbei die otl.txt, evtl. ist ja etwas interessantes dabei.. Danke und Grüße. Code:
ATTFilter OTL logfile created on: 15.06.2011 22:12:24 - Run 2 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\chi\Desktop 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 76,95% Memory free 6,00 Gb Paging File | 4,60 Gb Available in Paging File | 76,67% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 23,27 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive D: | 858,27 Gb Total Space | 82,86 Gb Free Space | 9,65% Space Free | Partition Type: NTFS Drive E: | 833,85 Gb Total Space | 48,11 Gb Free Space | 5,77% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive M: | 3,72 Gb Total Space | 1,16 Gb Free Space | 31,34% Space Free | Partition Type: FAT32 Drive Y: | 73,14 Gb Total Space | 73,04 Gb Free Space | 99,86% Space Free | Partition Type: NTFS Computer Name: STATIC | User Name: chi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.15 16:49:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe PRC - [2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.06.17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe PRC - [2009.03.13 03:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe ========== Modules (SafeList) ========== MOD - [2011.06.15 16:49:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.05.16 18:35:14 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010.09.28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.21 22:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini) DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.11.04 13:13:24 | 000,840,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UDXTTM6010.sys -- (UDXTTM6010) DRV:64bit: - [2009.11.04 13:13:24 | 000,026,688 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Cinergy_Hybrid-Stick_HID.sys -- (TTHID) DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.30 13:45:52 | 000,020,352 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa) DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.12.05 15:20:38 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 C0 5D 5D 68 2B CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.6 FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1 FF - prefs.js..extensions.enabledItems: linkgopher@oooninja.com:1.3.2 FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0\components [2011.03.23 18:46:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0\plugins [2011.03.14 11:55:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.30 01:59:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.03.14 11:55:40 | 000,000,000 | ---D | M] [2011.01.21 17:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chi\AppData\Roaming\mozilla\Extensions [2009.10.02 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.31 00:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chi\AppData\Roaming\mozilla\Firefox\Profiles\jn1rmkw8.default\extensions [2011.05.31 00:28:02 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\chi\AppData\Roaming\mozilla\Firefox\Profiles\jn1rmkw8.default\extensions\foxmarks@kei.com [2011.01.21 17:36:36 | 000,000,000 | ---D | M] (Link Gopher) -- C:\Users\chi\AppData\Roaming\mozilla\Firefox\Profiles\jn1rmkw8.default\extensions\linkgopher@oooninja.com [2010.08.03 10:39:56 | 000,001,660 | ---- | M] () -- C:\Users\chi\AppData\Roaming\Mozilla\Firefox\Profiles\jn1rmkw8.default\searchplugins\leo-deu-eng.xml [2009.10.11 22:18:05 | 000,001,340 | ---- | M] () -- C:\Users\chi\AppData\Roaming\Mozilla\Firefox\Profiles\jn1rmkw8.default\searchplugins\wikipedia-en.xml File not found (No name found) -- File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA () (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI () (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI () (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\IZER@CAMELCAMELCAMEL.COM.XPI () (No name found) -- C:\USERS\CHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JN1RMKW8.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe () O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - Startup: C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell - "" = AutoRun O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.06.15 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2011.06.15 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Cleaner Pro [2011.06.15 20:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Cleaner Pro [2011.06.15 20:53:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.06.15 20:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.06.15 20:16:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.06.15 17:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2011.06.15 17:22:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client [2011.06.15 16:49:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe [2011.06.15 16:33:07 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.15 16:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.15 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.15 15:53:35 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\ElevatedDiagnostics [2011.06.15 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\VSRevoGroup [2011.06.15 00:40:37 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Malwarebytes [2011.06.15 00:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.15 00:40:29 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.14 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\FFSJ [2011.06.12 23:18:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader_nightly [2011.06.11 12:31:08 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\MediaMonkey [2011.06.10 17:08:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server [2011.06.10 17:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2011.06.10 17:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework [2011.06.10 17:08:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework [2011.06.10 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.06.10 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011.06.10 17:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2011.06.10 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch [2011.06.10 17:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2011.06.10 17:04:23 | 000,000,000 | ---D | C] -- C:\Programme\IIS [2011.06.10 17:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS [2011.06.10 17:03:46 | 000,000,000 | ---D | C] -- C:\Users\chi\Documents\Visual Studio 2008 [2011.06.10 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer [2011.06.10 16:59:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031 [2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 [2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F# [2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2011.06.10 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop [2011.06.10 16:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011.06.10 16:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2011.06.10 16:56:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031 [2011.06.10 16:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011.06.09 16:18:38 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.06.09 16:18:38 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.06.09 11:40:17 | 000,000,000 | ---D | C] -- C:\Users\chi\Desktop\Sprachverarbeitung [2011.06.08 14:34:55 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.4 [2011.06.08 14:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.4 [2011.06.08 14:13:18 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011.06.07 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\2DBoy [2011.06.07 20:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy [2011.06.07 19:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2011.06.07 19:16:55 | 000,000,000 | ---D | C] -- C:\Programme\VirtualBox [2011.06.04 01:21:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Xbox 360 Accessories [2011.06.04 01:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [2011.05.31 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CCP [2011.05.31 18:06:05 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\CCP [2011.05.31 00:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2011.05.31 00:28:38 | 000,000,000 | ---D | C] -- C:\Users\chi\SystemRequirementsLab [2011.05.31 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\chi\Documents\Witcher 2 [2011.05.31 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Local\The Witcher 2 [2011.05.31 00:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 [2011.05.30 20:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.05.29 23:14:42 | 000,000,000 | ---D | C] -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.15 22:08:58 | 000,000,000 | ---- | M] () -- C:\Users\chi\defogger_reenable [2011.06.15 22:06:40 | 000,050,477 | ---- | M] () -- C:\Users\chi\Desktop\Defogger.exe [2011.06.15 22:05:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000UA.job [2011.06.15 21:21:02 | 000,015,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.15 21:21:02 | 000,015,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.15 21:18:10 | 001,649,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.15 21:18:10 | 000,709,520 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.15 21:18:10 | 000,663,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.15 21:18:10 | 000,154,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.15 21:18:10 | 000,126,228 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.15 21:13:58 | 000,000,300 | -HS- | M] () -- C:\Windows\tasks\ZGCKQH.job [2011.06.15 21:13:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.15 21:13:52 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys [2011.06.15 17:23:06 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2011.06.15 17:22:51 | 001,670,878 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.15 16:49:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\chi\Desktop\OTL.exe [2011.06.15 15:05:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000Core.job [2011.06.14 22:07:54 | 000,299,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.14 13:33:25 | 000,112,128 | RHS- | M] () -- C:\Windows\SysWow64\fingers.dll [2011.06.02 20:36:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2011.06.01 16:41:52 | 000,000,158 | ---- | M] () -- C:\Windows\matlab.ini [2011.05.30 16:20:02 | 000,000,959 | ---- | M] () -- C:\Users\chi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.25 09:25:27 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.05.25 09:25:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.05.25 09:25:23 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.15 22:08:58 | 000,000,000 | ---- | C] () -- C:\Users\chi\defogger_reenable [2011.06.15 22:06:40 | 000,050,477 | ---- | C] () -- C:\Users\chi\Desktop\Defogger.exe [2011.06.15 17:22:45 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2011.06.14 13:33:25 | 000,112,128 | RHS- | C] () -- C:\Windows\SysWow64\fingers.dll [2011.06.14 13:33:25 | 000,000,300 | -HS- | C] () -- C:\Windows\tasks\ZGCKQH.job [2011.06.02 20:36:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2011.04.12 19:40:31 | 000,000,337 | ---- | C] () -- C:\Users\chi\AppData\Local\Perfmon.PerfmonCfg [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.21 13:46:52 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2011.01.14 21:05:37 | 000,099,548 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.07 00:16:03 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.11.11 01:06:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.11.03 10:47:52 | 000,000,091 | ---- | C] () -- C:\Users\chi\AppData\Local\fusioncache.dat [2010.10.16 19:20:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.14 07:59:20 | 001,670,878 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.03 16:34:06 | 000,007,605 | ---- | C] () -- C:\Users\chi\AppData\Local\Resmon.ResmonCfg [2010.10.02 15:06:08 | 000,000,158 | ---- | C] () -- C:\Windows\matlab.ini [2010.10.02 13:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.02.09 22:57:02 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\.kde [2011.04.15 00:01:50 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\.minecraft [2011.03.18 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\.purple [2010.10.31 14:43:48 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\benibela [2011.04.03 22:26:47 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\calibre [2011.02.13 00:48:34 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\CDisplayEx [2011.06.15 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Dropbox [2011.06.14 20:45:00 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\FFSJ [2011.06.08 13:23:04 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\foobar2000 [2010.10.15 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\InfraRecorder [2011.02.09 22:30:32 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\KDE [2011.06.08 14:37:32 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\LibreOffice [2010.10.04 12:23:56 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Miranda [2011.02.22 00:11:57 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Mp3tag [2010.12.22 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Notepad++ [2010.10.02 19:35:38 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\SumatraPDF [2011.06.15 22:10:41 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\TeraCopy [2010.10.24 19:55:48 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\TerraTec [2010.10.02 16:38:48 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Thunderbird [2011.04.10 12:07:27 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\Unity [2011.06.15 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\VSRevoGroup [2011.03.13 19:00:40 | 000,000,000 | ---D | M] -- C:\Users\chi\AppData\Roaming\xm1 [2011.02.06 11:54:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.15 21:13:58 | 000,000,300 | -HS- | M] () -- C:\Windows\Tasks\ZGCKQH.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.06.15 13:53:40 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.06.15 21:13:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.02 13:59:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.06.15 17:22:43 | 000,000,000 | R--D | M] -- C:\Programme [2011.06.15 21:06:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.15 20:16:46 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.02 13:59:03 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.02 13:59:03 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.06.15 13:12:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.06.15 21:20:17 | 000,000,000 | R--D | M] -- C:\Users [2011.06.15 21:13:55 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
16.06.2011, 11:06
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Poste bitte alle Logs von Malwarebytes. Evtl. war mit Malwarebytes kein "effektiver" Scan durchgeführt worden
__________________
__________________ |
|
16.06.2011, 14:28
| #3 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Anbei das log-file.
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6862
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
15.06.2011 17:39:47
mbam-log-2011-06-15 (17-39-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|Y:\|)
Durchsuchte Objekte: 883462
Laufzeit: 1 Stunde(n), 3 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
16.06.2011, 14:59
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Hast du nur einen oder mehrere Scans mit Malwarebytes gemacht?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.06.2011, 15:01
| #5 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Ich habe heute Nachmittag noch einen gemacht, der ist aber bis auf Datum und Uhrzeit identisch. |
|
16.06.2011, 15:05
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell - "" = AutoRun
O33 - MountPoints2\{c86ee0ac-cf8d-11df-add0-00218519f580}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011.06.14 13:33:25 | 000,112,128 | RHS- | C] () -- C:\Windows\SysWow64\fingers.dll
[2011.06.14 13:33:25 | 000,000,300 | -HS- | C] () -- C:\Windows\tasks\ZGCKQH.job
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Stell uns bitte danach den Quarantäneordner von OTL zur Verfügung. Bitte dabei so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht behindern! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ --> Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren |
|
16.06.2011, 15:13
| #7 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Danke, aber was genau macht der OTL-Fix bzw. wo finde ich Informationen dazu? |
|
16.06.2011, 15:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Die dort aufgeführten Einträge werden gefixt/gelöscht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 16:01
| #9 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Prima, nach dem Fix und einem Neustart scheint alles zu laufen. Sowohl MSE als auch der Sicherheitscenterdienst lassen sich starten. Die Daten sind hochgeladen. Aber was war der Auslöser für das Problem? |
|
16.06.2011, 19:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Ja was war wohl der Auslöser   Auswertung der Datei C:\Windows\SysWow64\fingers.dll => VirusTotal - Free Online Virus, Malware and URL Scanner Scheint wohl neue recht unbekannte Malware zu sein. Hab allen uns bekannten Scannerherstellern die Datei mal zukommen lassen, damit die schnell passende Signaturen dafür entwickeln. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 20:06
| #11 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivierenCode:
ATTFilter 2011/06/16 21:02:36.0531 2156 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/16 21:02:36.0797 2156 ================================================================================
2011/06/16 21:02:36.0797 2156 SystemInfo:
2011/06/16 21:02:36.0797 2156
2011/06/16 21:02:36.0797 2156 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/16 21:02:36.0797 2156 Product type: Workstation
2011/06/16 21:02:36.0797 2156 ComputerName: STATIC
2011/06/16 21:02:36.0797 2156 UserName: chi
2011/06/16 21:02:36.0797 2156 Windows directory: C:\Windows
2011/06/16 21:02:36.0797 2156 System windows directory: C:\Windows
2011/06/16 21:02:36.0797 2156 Running under WOW64
2011/06/16 21:02:36.0797 2156 Processor architecture: Intel x64
2011/06/16 21:02:36.0797 2156 Number of processors: 2
2011/06/16 21:02:36.0797 2156 Page size: 0x1000
2011/06/16 21:02:36.0797 2156 Boot type: Normal boot
2011/06/16 21:02:36.0797 2156 ================================================================================
2011/06/16 21:02:37.0928 2156 Initialize success
2011/06/16 21:03:20.0134 0336 ================================================================================
2011/06/16 21:03:20.0134 0336 Scan started
2011/06/16 21:03:20.0134 0336 Mode: Manual;
2011/06/16 21:03:20.0134 0336 ================================================================================
2011/06/16 21:03:21.0211 0336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/16 21:03:21.0242 0336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/16 21:03:21.0258 0336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/16 21:03:21.0320 0336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/16 21:03:21.0351 0336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/16 21:03:21.0382 0336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/16 21:03:21.0429 0336 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/06/16 21:03:21.0460 0336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/16 21:03:21.0492 0336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/16 21:03:21.0507 0336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/16 21:03:21.0523 0336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/16 21:03:21.0554 0336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/16 21:03:21.0585 0336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/16 21:03:21.0601 0336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/16 21:03:21.0632 0336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/16 21:03:21.0663 0336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/16 21:03:21.0710 0336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/16 21:03:21.0726 0336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/16 21:03:21.0772 0336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 21:03:21.0804 0336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/16 21:03:22.0038 0336 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/16 21:03:22.0147 0336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/16 21:03:22.0178 0336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/16 21:03:22.0225 0336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/16 21:03:22.0256 0336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/16 21:03:22.0303 0336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 21:03:22.0318 0336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/16 21:03:22.0350 0336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/16 21:03:22.0396 0336 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2011/06/16 21:03:22.0428 0336 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2011/06/16 21:03:22.0459 0336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/16 21:03:22.0474 0336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/16 21:03:22.0506 0336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/16 21:03:22.0521 0336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/16 21:03:22.0537 0336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/16 21:03:22.0568 0336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 21:03:22.0615 0336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/06/16 21:03:22.0646 0336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/16 21:03:22.0677 0336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/16 21:03:22.0724 0336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 21:03:22.0755 0336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/16 21:03:22.0802 0336 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/16 21:03:22.0818 0336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 21:03:22.0849 0336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/16 21:03:22.0880 0336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/16 21:03:22.0927 0336 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/06/16 21:03:22.0974 0336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 21:03:22.0989 0336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/16 21:03:23.0005 0336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/16 21:03:23.0067 0336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 21:03:23.0098 0336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 21:03:23.0176 0336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/16 21:03:23.0254 0336 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/06/16 21:03:23.0270 0336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/16 21:03:23.0301 0336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/16 21:03:23.0332 0336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/16 21:03:23.0348 0336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 21:03:23.0379 0336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 21:03:23.0410 0336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 21:03:23.0426 0336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 21:03:23.0457 0336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 21:03:23.0504 0336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 21:03:23.0535 0336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/16 21:03:23.0551 0336 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 21:03:23.0598 0336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/16 21:03:23.0629 0336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/16 21:03:23.0660 0336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/16 21:03:23.0691 0336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/16 21:03:23.0738 0336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/16 21:03:23.0785 0336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/16 21:03:23.0800 0336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/16 21:03:23.0832 0336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/16 21:03:23.0847 0336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/16 21:03:23.0878 0336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/06/16 21:03:23.0910 0336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/16 21:03:23.0956 0336 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/06/16 21:03:23.0988 0336 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/06/16 21:03:24.0019 0336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 21:03:24.0066 0336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/16 21:03:24.0081 0336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/16 21:03:24.0128 0336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/16 21:03:24.0159 0336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/16 21:03:24.0237 0336 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/16 21:03:24.0284 0336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/16 21:03:24.0315 0336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 21:03:24.0346 0336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/16 21:03:24.0362 0336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/16 21:03:24.0393 0336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/16 21:03:24.0440 0336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/16 21:03:24.0456 0336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/16 21:03:24.0471 0336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/16 21:03:24.0502 0336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/16 21:03:24.0534 0336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/16 21:03:24.0565 0336 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 21:03:24.0596 0336 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/16 21:03:24.0627 0336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/16 21:03:24.0674 0336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/16 21:03:24.0705 0336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/16 21:03:24.0721 0336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/16 21:03:24.0736 0336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/16 21:03:24.0768 0336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/16 21:03:24.0799 0336 Lycosa (aecc49af0ac3368027573a5d2f9de351) C:\Windows\system32\drivers\Lycosa.sys
2011/06/16 21:03:24.0830 0336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/16 21:03:24.0861 0336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/16 21:03:24.0877 0336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/16 21:03:24.0908 0336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 21:03:24.0924 0336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/06/16 21:03:24.0955 0336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 21:03:25.0002 0336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 21:03:25.0033 0336 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/16 21:03:25.0048 0336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/16 21:03:25.0111 0336 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/16 21:03:25.0126 0336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 21:03:25.0158 0336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 21:03:25.0204 0336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 21:03:25.0220 0336 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 21:03:25.0236 0336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 21:03:25.0282 0336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/16 21:03:25.0298 0336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/16 21:03:25.0345 0336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 21:03:25.0360 0336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/16 21:03:25.0376 0336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/16 21:03:25.0407 0336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 21:03:25.0438 0336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 21:03:25.0454 0336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 21:03:25.0485 0336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 21:03:25.0516 0336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/16 21:03:25.0532 0336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 21:03:25.0548 0336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/16 21:03:25.0579 0336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/16 21:03:25.0610 0336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 21:03:25.0657 0336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/16 21:03:25.0688 0336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/16 21:03:25.0719 0336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 21:03:25.0750 0336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 21:03:25.0782 0336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 21:03:25.0813 0336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 21:03:25.0828 0336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 21:03:25.0875 0336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 21:03:25.0938 0336 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/06/16 21:03:26.0000 0336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/16 21:03:26.0016 0336 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/16 21:03:26.0047 0336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 21:03:26.0062 0336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 21:03:26.0125 0336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 21:03:26.0156 0336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/16 21:03:26.0374 0336 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/16 21:03:26.0515 0336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 21:03:26.0546 0336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 21:03:26.0608 0336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/16 21:03:26.0624 0336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/16 21:03:26.0671 0336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/16 21:03:26.0718 0336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 21:03:26.0749 0336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/16 21:03:26.0764 0336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/16 21:03:26.0796 0336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/16 21:03:26.0811 0336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/16 21:03:26.0858 0336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/16 21:03:26.0936 0336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 21:03:26.0967 0336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/16 21:03:27.0045 0336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/16 21:03:27.0076 0336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/16 21:03:27.0092 0336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 21:03:27.0123 0336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 21:03:27.0139 0336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/16 21:03:27.0186 0336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 21:03:27.0201 0336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 21:03:27.0217 0336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/16 21:03:27.0264 0336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 21:03:27.0279 0336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/16 21:03:27.0310 0336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 21:03:27.0342 0336 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/06/16 21:03:27.0357 0336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 21:03:27.0388 0336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/16 21:03:27.0420 0336 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 21:03:27.0451 0336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/16 21:03:27.0513 0336 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/16 21:03:27.0544 0336 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/06/16 21:03:27.0576 0336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/16 21:03:27.0607 0336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/16 21:03:27.0638 0336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 21:03:27.0669 0336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/16 21:03:27.0685 0336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/16 21:03:27.0716 0336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/16 21:03:27.0763 0336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/16 21:03:27.0778 0336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/16 21:03:27.0794 0336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/16 21:03:27.0810 0336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/16 21:03:27.0841 0336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/16 21:03:27.0872 0336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/16 21:03:27.0903 0336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 21:03:27.0934 0336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/16 21:03:27.0997 0336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 21:03:28.0028 0336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 21:03:28.0044 0336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 21:03:28.0075 0336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/16 21:03:28.0106 0336 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/06/16 21:03:28.0122 0336 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/06/16 21:03:28.0153 0336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/16 21:03:28.0231 0336 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 21:03:28.0278 0336 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 21:03:28.0324 0336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 21:03:28.0340 0336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 21:03:28.0371 0336 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 21:03:28.0402 0336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 21:03:28.0418 0336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/16 21:03:28.0480 0336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 21:03:28.0512 0336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/16 21:03:28.0543 0336 TTHID (6b37a3b3814d9ffd3c1fa436d714028f) C:\Windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys
2011/06/16 21:03:28.0605 0336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 21:03:28.0636 0336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/16 21:03:28.0683 0336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 21:03:28.0730 0336 UDXTTM6010 (71a1eddb87ad8c691444aa3debed302c) C:\Windows\system32\DRIVERS\UDXTTM6010.sys
2011/06/16 21:03:28.0792 0336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/16 21:03:28.0824 0336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/06/16 21:03:28.0839 0336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/16 21:03:28.0886 0336 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/16 21:03:28.0917 0336 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/06/16 21:03:28.0933 0336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/16 21:03:28.0964 0336 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/16 21:03:28.0995 0336 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/06/16 21:03:29.0011 0336 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/16 21:03:29.0042 0336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/16 21:03:29.0058 0336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/16 21:03:29.0104 0336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/16 21:03:29.0136 0336 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/16 21:03:29.0182 0336 VBoxDrv (f6b266fda43a39924e40b1a42b91c983) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/06/16 21:03:29.0229 0336 VBoxNetAdp (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/06/16 21:03:29.0245 0336 VBoxNetFlt (a10eb38d1395f5fce91e07608e0185b6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/06/16 21:03:29.0276 0336 VBoxUSBMon (6dd88ea539217a9cfeff4ef888c9d101) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/06/16 21:03:29.0292 0336 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/06/16 21:03:29.0323 0336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/16 21:03:29.0338 0336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 21:03:29.0370 0336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/16 21:03:29.0385 0336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/16 21:03:29.0432 0336 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys
2011/06/16 21:03:29.0448 0336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/16 21:03:29.0463 0336 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/06/16 21:03:29.0494 0336 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/06/16 21:03:29.0510 0336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/16 21:03:29.0557 0336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 21:03:29.0572 0336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/16 21:03:29.0619 0336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/16 21:03:29.0635 0336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/16 21:03:29.0666 0336 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/16 21:03:29.0697 0336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/16 21:03:29.0728 0336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 21:03:29.0744 0336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 21:03:29.0791 0336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/16 21:03:29.0806 0336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 21:03:29.0869 0336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/16 21:03:29.0884 0336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/16 21:03:30.0040 0336 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
2011/06/16 21:03:30.0087 0336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/16 21:03:30.0134 0336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/16 21:03:30.0165 0336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 21:03:30.0212 0336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/16 21:03:30.0243 0336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 21:03:30.0290 0336 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/06/16 21:03:30.0321 0336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/16 21:03:30.0337 0336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/06/16 21:03:30.0337 0336 ================================================================================
2011/06/16 21:03:30.0337 0336 Scan finished
2011/06/16 21:03:30.0337 0336 ================================================================================
2011/06/16 21:03:30.0352 1324 Detected object count: 0
2011/06/16 21:03:30.0352 1324 Actual detected object count: 0
|
|
16.06.2011, 20:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 20:34
| #13 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Combofix Logfile: Code:
ATTFilter ComboFix 11-06-15.04 - chi 16.06.2011 21:19:37.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6143.3593 [GMT 2:00]
ausgeführt von:: c:\users\chi\Desktop\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-16 bis 2011-06-16 ))))))))))))))))))))))))))))))
.
.
2011-06-16 23:39 . 2011-06-16 23:39 -------- d-----w- c:\windows\Standalone System Sweeper
2011-06-16 19:18 . 2011-06-16 19:18 -------- d-----w- C:\cofi
2011-06-16 14:49 . 2011-06-16 14:53 -------- d-----w- C:\_OTL
2011-06-15 18:56 . 2011-06-15 18:56 -------- d-----w- c:\program files (x86)\Driver Cleaner Pro
2011-06-15 15:22 . 2011-06-15 15:23 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-06-15 15:22 . 2011-06-15 15:23 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-15 14:33 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-15 14:33 . 2011-06-15 14:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-14 22:40 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-14 19:43 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 19:43 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-12 21:18 . 2011-06-16 19:03 -------- d-----w- c:\program files (x86)\JDownloader_nightly
2011-06-10 15:08 . 2011-06-10 15:08 -------- d-----w- c:\program files\Microsoft SQL Server
2011-06-10 15:08 . 2011-06-10 15:08 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2011-06-10 15:08 . 2011-06-10 15:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2011-06-10 14:56 . 2011-06-10 14:56 -------- d-----w- c:\windows\system32\1031
2011-06-10 14:56 . 2011-06-10 15:08 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-06-08 12:34 . 2011-06-08 12:34 -------- d-----w- c:\program files (x86)\LibreOffice 3.4
2011-06-07 17:17 . 2011-05-16 16:35 231600 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-06-07 17:16 . 2011-05-16 16:35 56752 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-06-07 17:16 . 2011-06-07 17:17 -------- d-----w- c:\program files\VirtualBox
2011-06-03 23:21 . 2011-06-03 23:21 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2011-05-30 22:30 . 2011-05-30 22:30 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-05-30 18:48 . 2011-06-09 14:19 -------- d-----w- c:\users\UpdatusUser
2011-05-30 18:48 . 2011-06-09 14:19 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-05-30 18:46 . 2011-04-08 05:14 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-05-30 18:46 . 2011-04-08 05:14 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-05-29 20:54 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-29 20:51 . 2011-06-11 05:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-19 06:31 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 06:31 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-15 13:21 . 2010-10-02 13:17 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 07:25 . 2011-04-07 21:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-25 07:25 . 2011-04-07 21:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-25 07:25 . 2011-04-07 21:18 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-25 07:25 . 2010-10-16 12:13 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-25 07:25 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-25 07:25 . 2011-04-07 21:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-25 07:25 . 2011-04-07 21:19 739432 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-05-25 07:25 . 2009-07-13 21:59 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-25 07:25 . 2009-07-13 21:59 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-25 07:25 . 2010-11-27 12:38 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-25 07:25 . 2010-11-27 12:37 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-16 16:35 . 2011-05-16 16:35 176560 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-05-16 16:35 . 2011-05-16 16:35 156912 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-05-16 16:35 . 2011-05-16 16:35 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-04-22 11:03 . 2011-04-22 11:03 9032016 ----a-w- c:\windows\system32\mfc100ud.dll
2011-04-22 11:03 . 2011-04-22 11:03 8955728 ----a-w- c:\windows\system32\mfc100d.dll
2011-04-22 11:03 . 2011-04-22 11:03 120144 ----a-w- c:\windows\system32\mfcm100ud.dll
2011-04-22 11:03 . 2011-04-22 11:03 118608 ----a-w- c:\windows\system32\mfcm100d.dll
2011-04-22 10:58 . 2011-04-22 10:58 106832 ----a-w- c:\windows\system32\vcomp100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 87888 ----a-w- c:\windows\SysWow64\vcomp100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 80720 ----a-w- c:\windows\SysWow64\mfcm100u.dll
2011-04-22 10:15 . 2011-04-22 10:15 80208 ----a-w- c:\windows\SysWow64\mfcm100.dll
2011-04-22 10:15 . 2011-04-22 10:15 6994256 ----a-w- c:\windows\SysWow64\mfc100ud.dll
2011-04-22 10:15 . 2011-04-22 10:15 6926672 ----a-w- c:\windows\SysWow64\mfc100d.dll
2011-04-22 10:15 . 2011-04-22 10:15 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
2011-04-22 10:15 . 2011-04-22 10:15 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll
2011-04-22 10:15 . 2011-04-22 10:15 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
2011-04-22 10:15 . 2011-04-22 10:15 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
2011-04-22 10:15 . 2011-04-22 10:15 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
2011-04-22 10:15 . 2011-04-22 10:15 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
2011-04-22 10:15 . 2011-04-22 10:15 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
2011-04-22 10:15 . 2011-04-22 10:15 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
2011-04-22 10:15 . 2011-04-22 10:15 4368720 ----a-w- c:\windows\SysWow64\mfc100u.dll
2011-04-22 10:15 . 2011-04-22 10:15 4342600 ----a-w- c:\windows\SysWow64\mfc100.dll
2011-04-22 10:15 . 2011-04-22 10:15 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
2011-04-22 10:15 . 2011-04-22 10:15 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
2011-04-22 10:15 . 2011-04-22 10:15 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
2011-04-22 10:15 . 2011-04-22 10:15 104784 ----a-w- c:\windows\SysWow64\mfcm100ud.dll
2011-04-22 10:15 . 2011-04-22 10:15 103248 ----a-w- c:\windows\SysWow64\mfcm100d.dll
2011-04-22 08:43 . 2011-04-22 08:43 91472 ----a-w- c:\windows\system32\mfcm100u.dll
2011-04-22 08:43 . 2011-04-22 08:43 91472 ----a-w- c:\windows\system32\mfcm100.dll
2011-04-22 08:43 . 2011-04-22 08:43 64336 ----a-w- c:\windows\system32\mfc100fra.dll
2011-04-22 08:43 . 2011-04-22 08:43 64336 ----a-w- c:\windows\system32\mfc100deu.dll
2011-04-22 08:43 . 2011-04-22 08:43 63824 ----a-w- c:\windows\system32\mfc100esn.dll
2011-04-22 08:43 . 2011-04-22 08:43 62288 ----a-w- c:\windows\system32\mfc100ita.dll
2011-04-22 08:43 . 2011-04-22 08:43 60752 ----a-w- c:\windows\system32\mfc100rus.dll
2011-04-22 08:43 . 2011-04-22 08:43 57168 ----a-w- c:\windows\system32\vcomp100.dll
2011-04-22 08:43 . 2011-04-22 08:43 5523280 ----a-w- c:\windows\system32\mfc100u.dll
2011-04-22 08:43 . 2011-04-22 08:43 55120 ----a-w- c:\windows\system32\mfc100enu.dll
2011-04-22 08:43 . 2011-04-22 08:43 5493576 ----a-w- c:\windows\system32\mfc100.dll
2011-04-22 08:43 . 2011-04-22 08:43 43856 ----a-w- c:\windows\system32\mfc100jpn.dll
2011-04-22 08:43 . 2011-04-22 08:43 43344 ----a-w- c:\windows\system32\mfc100kor.dll
2011-04-22 08:43 . 2011-04-22 08:43 36176 ----a-w- c:\windows\system32\mfc100cht.dll
2011-04-22 08:43 . 2011-04-22 08:43 36176 ----a-w- c:\windows\system32\mfc100chs.dll
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-09 07:02 . 2011-05-11 05:43 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:02 . 2011-05-11 05:43 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 05:43 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-01 10:42 . 2011-04-01 10:42 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TTHID;Cinergy Hybrid-Stick HID service;c:\windows\system32\DRIVERS\Cinergy_Hybrid-Stick_HID.sys [x]
R3 UDXTTM6010;Cinergy Hybrid-Stick BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-12-05 14544]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000Core.job
- c:\users\chi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 12:35]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-902355652-2286816670-1636548934-1000UA.job
- c:\users\chi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 12:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\chi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.2
FF - ProfilePath - c:\users\chi\AppData\Roaming\Mozilla\Firefox\Profiles\jn1rmkw8.default\
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-16 21:29:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-16 19:29
.
Vor Suchlauf: 7 Verzeichnis(se), 22.161.883.136 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 22.699.429.888 Bytes frei
.
- - End Of File - - 37B6680C12496AA110464223F98CA1A2
|
|
16.06.2011, 21:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 21:33
| #15 |
| | Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivierenCode:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7519
Logical Drives Mask: 0x01000f7c
Kernel Drivers (total 191):
0x02E05000 \SystemRoot\system32\ntoskrnl.exe
0x033EE000 \SystemRoot\system32\hal.dll
0x00BC7000 \SystemRoot\system32\kdcom.dll
0x00C4F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C9E000 \SystemRoot\system32\PSHED.dll
0x00CB2000 \SystemRoot\system32\CLFS.SYS
0x00D10000 \SystemRoot\system32\CI.dll
0x00E48000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EEC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EFB000 \SystemRoot\system32\drivers\ACPI.sys
0x00F52000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F5B000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F65000 \SystemRoot\system32\drivers\pci.sys
0x00F98000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FA5000 \SystemRoot\System32\drivers\partmgr.sys
0x00FBA000 \SystemRoot\system32\drivers\volmgr.sys
0x010B2000 \SystemRoot\System32\drivers\volmgrx.sys
0x0110E000 \SystemRoot\system32\drivers\pciide.sys
0x01115000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x01125000 \SystemRoot\System32\drivers\mountmgr.sys
0x0113F000 \SystemRoot\system32\drivers\vmbus.sys
0x0117B000 \SystemRoot\system32\drivers\winhv.sys
0x0118F000 \SystemRoot\system32\drivers\atapi.sys
0x01198000 \SystemRoot\system32\drivers\ataport.SYS
0x011C2000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01496000 \SystemRoot\System32\Drivers\msrpc.sys
0x014F4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0150F000 \SystemRoot\System32\Drivers\cng.sys
0x01581000 \SystemRoot\System32\drivers\pcw.sys
0x01592000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01679000 \SystemRoot\system32\drivers\ndis.sys
0x0176C000 \SystemRoot\system32\drivers\NETIO.SYS
0x017CC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018EB000 \SystemRoot\System32\drivers\tcpip.sys
0x01AEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01B39000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B49000 \SystemRoot\system32\drivers\volsnap.sys
0x01B95000 \SystemRoot\System32\Drivers\spldr.sys
0x01B9D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01BD7000 \SystemRoot\System32\Drivers\mup.sys
0x01BE9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01800000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0183A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01850000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01880000 \SystemRoot\system32\drivers\cdrom.sys
0x018AA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x018DB000 \SystemRoot\System32\Drivers\Null.SYS
0x018E4000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BF2000 \SystemRoot\System32\drivers\vga.sys
0x01600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01625000 \SystemRoot\System32\drivers\watchdog.sys
0x01635000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0163E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01647000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01650000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0165B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0159C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0166C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x013AC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x017F7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x015BE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x015D4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x015E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01489000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x01060000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x01097000 \SystemRoot\system32\drivers\termdd.sys
0x02EAD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02EFE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02F0A000 \SystemRoot\system32\drivers\mssmbios.sys
0x02F15000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x02F20000 \SystemRoot\System32\drivers\discache.sys
0x02F2F000 \SystemRoot\system32\drivers\csc.sys
0x02FB2000 \SystemRoot\System32\Drivers\dfsc.sys
0x02FD0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02E26000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F2F0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FF9E000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x03CA3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03D97000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03DDD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C67000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0FFA3000 \SystemRoot\system32\DRIVERS\parport.sys
0x03C8B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03DEA000 \SystemRoot\system32\drivers\CompositeBus.sys
0x0FFC0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0FFD6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0F200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0F20C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0F23B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F256000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0F277000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03DFA000 \SystemRoot\system32\DRIVERS\vHidDev.sys
0x0F291000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03C98000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0F2AA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0F2B5000 \SystemRoot\system32\drivers\kbdclass.sys
0x0F2C4000 \SystemRoot\system32\drivers\mouclass.sys
0x0F2D3000 \SystemRoot\system32\DRIVERS\VClone.sys
0x02E3C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x02E6B000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x03CA1000 \SystemRoot\system32\drivers\swenum.sys
0x00E00000 \SystemRoot\system32\drivers\ks.sys
0x02E95000 \SystemRoot\system32\drivers\umbus.sys
0x04288000 \SystemRoot\system32\drivers\usbhub.sys
0x042E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x042F7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04304000 \SystemRoot\system32\drivers\kbdhid.sys
0x04C39000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04E86000 \SystemRoot\system32\drivers\portcls.sys
0x04EC3000 \SystemRoot\system32\drivers\drmk.sys
0x04EE5000 \SystemRoot\system32\drivers\ksthunk.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x04EEB000 \SystemRoot\System32\drivers\Dxapi.sys
0x04EF7000 \SystemRoot\system32\drivers\usbccgp.sys
0x04F14000 \SystemRoot\system32\drivers\USBD.SYS
0x04F16000 \SystemRoot\system32\drivers\Lycosa.sys
0x04F1B000 \SystemRoot\system32\drivers\hidusb.sys
0x04F29000 \SystemRoot\system32\DRIVERS\monitor.sys
0x04312000 \SystemRoot\system32\DRIVERS\netr28ux.sys
0x04F37000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04F44000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x00510000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x04F5F000 \SystemRoot\system32\drivers\luafv.sys
0x04F82000 \SystemRoot\system32\drivers\WudfPf.sys
0x04FA3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04C00000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05829000 \SystemRoot\system32\drivers\HTTP.sys
0x058F2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05910000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05928000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05955000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x059A3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x059C7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05E74000 \SystemRoot\system32\drivers\peauth.sys
0x05F1A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05F25000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05F56000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05F68000 \??\C:\Users\chi\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
0x05F6F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x062A7000 \SystemRoot\System32\DRIVERS\srv.sys
0x0633F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x063E1000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x063EC000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x76F90000 \Windows\System32\ntdll.dll
0x47FB0000 \Windows\System32\smss.exe
0xFF2B0000 \Windows\System32\apisetschema.dll
0xFFD70000 \Windows\System32\autochk.exe
0xFF040000 \Windows\System32\iertutil.dll
0xFEF70000 \Windows\System32\usp10.dll
0xFEE40000 \Windows\System32\rpcrt4.dll
0xFEE10000 \Windows\System32\imm32.dll
0xFED90000 \Windows\System32\difxapi.dll
0xFECB0000 \Windows\System32\oleaut32.dll
0xFEC60000 \Windows\System32\ws2_32.dll
0xFEC50000 \Windows\System32\nsi.dll
0xFEAD0000 \Windows\System32\urlmon.dll
0xFEAB0000 \Windows\System32\sechost.dll
0xFEAA0000 \Windows\System32\lpk.dll
0xFE970000 \Windows\System32\wininet.dll
0x76E70000 \Windows\System32\kernel32.dll
0xFE890000 \Windows\System32\advapi32.dll
0xFE680000 \Windows\System32\ole32.dll
0xFE5E0000 \Windows\System32\comdlg32.dll
0xFE580000 \Windows\System32\Wldap32.dll
0xFE4E0000 \Windows\System32\clbcatq.dll
0xFE4C0000 \Windows\System32\imagehlp.dll
0xFE2E0000 \Windows\System32\setupapi.dll
0xFE1D0000 \Windows\System32\msctf.dll
0x76D70000 \Windows\System32\user32.dll
0xFD440000 \Windows\System32\shell32.dll
0x77160000 \Windows\System32\psapi.dll
0x77150000 \Windows\System32\normaliz.dll
0xFD3D0000 \Windows\System32\gdi32.dll
0xFD330000 \Windows\System32\msvcrt.dll
0xFD2B0000 \Windows\System32\shlwapi.dll
0xFD210000 \Windows\System32\comctl32.dll
0xFD1F0000 \Windows\System32\devobj.dll
0xFD180000 \Windows\System32\KernelBase.dll
0xFD010000 \Windows\System32\crypt32.dll
0xFCFD0000 \Windows\System32\cfgmgr32.dll
0xFCF90000 \Windows\System32\wintrust.dll
0xFCF80000 \Windows\System32\msasn1.dll
Processes (total 49):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
468 csrss.exe
536 C:\Windows\System32\wininit.exe
552 csrss.exe
588 C:\Windows\System32\services.exe
604 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\nvvsvc.exe
880 C:\Windows\System32\svchost.exe
972 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
284 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1252 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1268 C:\Windows\System32\nvvsvc.exe
1296 C:\Windows\System32\svchost.exe
1500 C:\Windows\System32\taskeng.exe
1512 C:\Windows\System32\spoolsv.exe
1556 C:\Windows\System32\svchost.exe
1588 C:\Windows\System32\rundll32.exe
1700 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1796 C:\Windows\System32\taskhost.exe
1952 C:\Windows\System32\dwm.exe
1980 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2020 C:\Windows\System32\svchost.exe
1656 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2032 C:\Windows\explorer.exe
2140 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3008 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1768 WUDFHost.exe
2096 C:\Windows\System32\svchost.exe
2596 C:\Program Files\Microsoft Security Client\msseces.exe
2656 C:\Program Files\Windows Sidebar\sidebar.exe
2716 C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
2720 C:\Program Files (x86)\Everything\Everything.exe
808 C:\Users\chi\AppData\Roaming\Dropbox\bin\Dropbox.exe
2132 C:\Program Files\Windows Media Player\wmpnetwk.exe
2264 WmiPrvSE.exe
3548 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2580 C:\Windows\System32\audiodg.exe
1536 WmiPrvSE.exe
3688 C:\Users\chi\Desktop\MBRCheck.exe
1712 C:\Windows\System32\conhost.exe
1248 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000012`4f900000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`6a000000 (NTFS)
\\.\Y: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD103SJ, Rev: 1AJ10001
PhysicalDrive1 Model Number: SAMSUNGHD103SJ, Rev: 1AJ100E4
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
| Themen zu Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren |
| adobe, bho, bonjour, c:\windows\system32\rundll32.exe, error, explorer, firefox, format, helper, home, html, jdownloader, langs, logfile, malwarebytes, microsoft, microsoft security, mozilla thunderbird, mp3, ms security essentials, nvidia, otl.txt, plug-in, programme, realtek, registry, rundll, scan, searchplugins, security, software, start menu, static, studio, syswow64, visual studio, webcheck, windows, windows-sicherheitscenter, winlogon, winlogon.exe |
Linear-Darstellung
