| |
| |||||||
Log-Analyse und Auswertung: Desktop.iniWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.09.2011, 18:10
| #1 |
 |  Desktop.ini Hallo zusammen, bei mir öffnet sich seit neuestem nach dem Systemstart immer eine Desktop.ini mit folgendem Inhalt: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787 Habe sie schon aus dem Autostart-Ordner gelöscht, sie kommt jedoch immer wieder. Avira hatte beim letzten Suchlauf 2 Viren gefunden und entfernt. Der Report sah so aus: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 26. September 2011 08:43 Es wird nach 3412251 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : STEFAN-PC Versionsinformationen: BUILD.DAT : 10.2.0.700 35934 Bytes 21.07.2011 16:49:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 21.07.2011 10:08:11 AVSCAN.DLL : 10.0.5.0 57192 Bytes 21.07.2011 10:10:57 LUKE.DLL : 10.3.0.5 45416 Bytes 21.07.2011 10:09:32 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21.07.2011 10:08:11 AVREG.DLL : 10.3.0.9 90472 Bytes 21.07.2011 10:08:05 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 05:52:59 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 05:53:00 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 10:10:02 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:10:06 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 10:10:07 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 18:02:09 VBASE007.VDF : 7.11.13.61 2048 Bytes 16.08.2011 18:02:09 VBASE008.VDF : 7.11.13.62 2048 Bytes 16.08.2011 18:02:10 VBASE009.VDF : 7.11.13.63 2048 Bytes 16.08.2011 18:02:11 VBASE010.VDF : 7.11.13.64 2048 Bytes 16.08.2011 18:02:12 VBASE011.VDF : 7.11.13.65 2048 Bytes 16.08.2011 18:02:12 VBASE012.VDF : 7.11.13.66 2048 Bytes 16.08.2011 18:02:12 VBASE013.VDF : 7.11.13.95 166400 Bytes 17.08.2011 18:02:19 VBASE014.VDF : 7.11.13.125 209920 Bytes 18.08.2011 18:02:26 VBASE015.VDF : 7.11.13.157 184832 Bytes 22.08.2011 18:02:30 VBASE016.VDF : 7.11.13.201 128000 Bytes 24.08.2011 18:02:40 VBASE017.VDF : 7.11.13.234 160768 Bytes 25.08.2011 18:02:45 VBASE018.VDF : 7.11.14.16 141312 Bytes 30.08.2011 20:38:05 VBASE019.VDF : 7.11.14.48 133120 Bytes 31.08.2011 20:38:06 VBASE020.VDF : 7.11.14.78 156160 Bytes 02.09.2011 18:05:07 VBASE021.VDF : 7.11.14.109 126976 Bytes 06.09.2011 18:05:07 VBASE022.VDF : 7.11.14.137 131584 Bytes 08.09.2011 18:05:08 VBASE023.VDF : 7.11.14.166 196096 Bytes 12.09.2011 21:02:53 VBASE024.VDF : 7.11.14.193 184832 Bytes 14.09.2011 21:02:53 VBASE025.VDF : 7.11.14.215 125952 Bytes 16.09.2011 21:02:53 VBASE026.VDF : 7.11.14.239 231936 Bytes 20.09.2011 09:13:34 VBASE027.VDF : 7.11.15.22 203776 Bytes 23.09.2011 09:13:34 VBASE028.VDF : 7.11.15.23 2048 Bytes 23.09.2011 09:13:34 VBASE029.VDF : 7.11.15.24 2048 Bytes 23.09.2011 09:13:34 VBASE030.VDF : 7.11.15.25 2048 Bytes 23.09.2011 09:13:34 VBASE031.VDF : 7.11.15.29 35840 Bytes 23.09.2011 09:13:35 Engineversion : 8.2.6.68 AEVDF.DLL : 8.1.2.1 106868 Bytes 21.04.2011 05:52:30 AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 26.08.2011 18:04:34 AESCN.DLL : 8.1.7.2 127349 Bytes 21.04.2011 05:52:28 AESBX.DLL : 8.2.1.34 323957 Bytes 21.07.2011 10:07:25 AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 18:05:18 AEPACK.DLL : 8.2.10.11 684408 Bytes 24.09.2011 09:13:41 AEOFFICE.DLL : 8.1.2.15 201083 Bytes 16.09.2011 21:02:57 AEHEUR.DLL : 8.1.2.172 3711352 Bytes 24.09.2011 09:13:40 AEHELP.DLL : 8.1.17.7 254327 Bytes 26.08.2011 18:03:06 AEGEN.DLL : 8.1.5.9 401780 Bytes 26.08.2011 18:03:03 AEEMU.DLL : 8.1.3.0 393589 Bytes 21.04.2011 05:52:17 AECORE.DLL : 8.1.23.0 196983 Bytes 26.08.2011 18:02:57 AEBB.DLL : 8.1.1.0 53618 Bytes 21.04.2011 05:52:16 AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39 AVPREF.DLL : 10.0.3.2 44904 Bytes 21.07.2011 10:08:05 AVREP.DLL : 10.0.0.10 174120 Bytes 21.07.2011 10:08:06 AVARKT.DLL : 10.0.26.1 255336 Bytes 21.07.2011 10:07:41 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21.07.2011 10:07:59 SQLITE3.DLL : 3.6.19.0 355688 Bytes 21.07.2011 13:12:30 AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 05:52:38 NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 05:52:50 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21.07.2011 10:11:03 RCTEXT.DLL : 10.0.64.0 98664 Bytes 21.07.2011 10:11:03 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, E:, F:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Montag, 26. September 2011 08:43 Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0015\Linkage\upperbind [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\bind [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\route [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\export [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'reader_sl.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'nusb3mon.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'NMSAccessU.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'F:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '141' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <System> Beginne mit der Suche in 'E:\' <OS> E:\hiberfil.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! E:\Users\Stefan Schäfer\AppData\Local\Mozilla\Firefox\Profiles\gru48oqn.default\Cache\8\42\C1A8Bd01 [0] Archivtyp: GZ --> unkwn [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Maatboo.A E:\Users\Stefan Schäfer\AppData\Local\Mozilla\Firefox\Profiles\gru48oqn.default\Cache\8\5B\5F6ADd01 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.psaj Beginne mit der Suche in 'F:\' <RECOVERY> Beginne mit der Desinfektion: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA E:\Users\Stefan Schäfer\AppData\Local\Mozilla\Firefox\Profiles\gru48oqn.default\Cache\8\5B\5F6ADd01 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.psaj [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48679d8e.qua' verschoben! E:\Users\Stefan Schäfer\AppData\Local\Mozilla\Firefox\Profiles\gru48oqn.default\Cache\8\42\C1A8Bd01 [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Maatboo.A [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5087b21c.qua' verschoben! Ende des Suchlaufs: Montag, 26. September 2011 10:55 Benötigte Zeit: 1:48:34 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 62026 Verzeichnisse wurden überprüft 1203986 Dateien wurden geprüft 2 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 1 Dateien konnten nicht durchsucht werden 1203983 Dateien ohne Befall 9577 Archive wurden durchsucht 1 Warnungen 6 Hinweise 430040 Objekte wurden beim Rootkitscan durchsucht 4 Versteckte Objekte wurden gefunden Mein Logfile mit HijackThis gibt folgendes wieder: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:02:16, on 26.09.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe E:\Stefans Dateien\Divers\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pcspezialist.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: dldt_device - Unknown owner - C:\Windows\system32\dldtcoms.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8020 bytes Wäre super, wenn sich das mal einer anschauen könnte. Ich befürchte, dass immer noch ein Virus oder Trojaner im System hängt! Gruß Schludde |
|
26.09.2011, 20:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Desktop.ini Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
27.09.2011, 07:40
| #3 |
| | Desktop.ini Hallo Cosinus,
__________________alles gemacht: Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=5a17fdd59795eb4399e3ca7c5e51ac8e # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-27 01:40:28 # local_time=2011-09-27 03:40:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 48636 53599813 118862 0 # compatibility_mode=5893 16776573 100 94 11220 68697800 0 0 # compatibility_mode=8192 67108863 100 0 118 118 0 0 # scanned=474134 # found=0 # cleaned=0 # scan_time=19678 Danke fürs anschauen! Gruß Schludde |
|
27.09.2011, 11:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop.ini Unvollständige Logs sind völlig sinnfrei. Poste alle Logs bitte NUR VOLLSTÄNDIG.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2011, 11:35
| #5 |
| | Desktop.ini Sorry, neuer Versuch: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7802 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 27.09.2011 00:52:18 mbam-log-2011-09-27 (00-52-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Durchsuchte Objekte: 656305 Laufzeit: 2 Stunde(n), 15 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=5a17fdd59795eb4399e3ca7c5e51ac8e # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-27 01:40:28 # local_time=2011-09-27 03:40:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 48636 53599813 118862 0 # compatibility_mode=5893 16776573 100 94 11220 68697800 0 0 # compatibility_mode=8192 67108863 100 0 118 118 0 0 # scanned=474134 # found=0 # cleaned=0 # scan_time=19678 Hoffe, es ist alles da! Gruß Stefan |
|
27.09.2011, 11:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop.ini CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Desktop.ini |
|
27.09.2011, 13:44
| #7 |
| | Desktop.ini Et voilá!OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.09.2011 14:16:25 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Stefan\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,71% Memory free 15,95 Gb Paging File | 14,24 Gb Available in Paging File | 89,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 4,30 Gb Free Space | 7,71% Space Free | Partition Type: NTFS Drive E: | 581,09 Gb Total Space | 137,93 Gb Free Space | 23,74% Space Free | Partition Type: NTFS Drive F: | 15,00 Gb Total Space | 8,87 Gb Free Space | 59,11% Space Free | Partition Type: NTFS Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.27 14:14:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe PRC - [2011.09.26 08:42:01 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.26 20:24:50 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ========== Modules (No Company Name) ========== MOD - [2011.09.26 08:42:01 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2011.09.26 08:42:01 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2011.09.26 08:42:01 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2011.09.26 08:42:01 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2011.09.26 08:42:01 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.09 18:48:34 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldtcoms.exe -- (dldt_device) SRV - [2011.09.26 08:42:01 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.27 17:17:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.08.27 17:17:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.17 01:10:20 | 000,310,576 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2011.06.10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.05.10 11:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.10.26 05:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pcspezialist.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 43 86 71 48 63 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.11 09:42:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.26 19:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2011.08.26 20:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\bj7vjznd.default\extensions [2011.08.26 19:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.09.11 09:42:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3BF5A73-166B-4905-90D0-61C777ED132D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.27 14:14:45 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2011.09.27 08:43:37 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2011.09.26 22:06:09 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2011.09.26 22:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.26 22:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.26 22:06:01 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.26 17:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.09.25 09:08:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\My Games [2011.09.25 09:04:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2011.09.25 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011.09.25 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games [2011.09.17 09:09:47 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Kalypso Media [2011.09.02 21:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.09.02 21:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.08.31 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\ANNO 1404 Venedig [2011.08.28 21:53:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games ========== Files - Modified Within 30 Days ========== [2011.09.27 14:14:46 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2011.09.27 12:30:16 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2011.09.27 08:50:32 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.27 08:50:32 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.27 08:50:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.27 08:50:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.27 08:50:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.27 08:50:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.27 08:50:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.27 08:43:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.27 08:43:20 | 2129,297,407 | -HS- | M] () -- C:\hiberfil.sys [2011.09.26 22:06:04 | 000,000,620 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.26 19:01:26 | 000,001,152 | ---- | M] () -- C:\Users\Stefan\Desktop\HiJackThis204.exe - Verknüpfung.lnk [2011.09.26 18:59:40 | 000,000,730 | ---- | M] () -- C:\Users\Stefan\Desktop\Stefans Dateien - Verknüpfung.lnk [2011.09.26 17:52:04 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.09.16 23:02:15 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011.09.26 22:06:04 | 000,000,620 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.26 19:01:35 | 000,001,152 | ---- | C] () -- C:\Users\Stefan\Desktop\HiJackThis204.exe - Verknüpfung.lnk [2011.09.26 17:52:04 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.09.02 21:40:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.09.02 21:40:25 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.08.26 11:39:05 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.08.25 15:38:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.08.25 15:38:31 | 000,025,549 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2009.07.23 16:41:04 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\dldtdrs.dll [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.05.14 13:57:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dldtcaps.dll [2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2008.01.22 02:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldtcfg.dll [2007.11.13 19:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\dldtcnv4.dll ========== LOP Check ========== [2011.09.26 17:53:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Download Manager [2011.08.27 19:56:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Kalypso Media [2011.09.27 11:27:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Tropico 4 [2011.08.27 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Ubisoft [2009.07.14 07:08:49 | 000,010,962 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.26 20:36:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe [2011.08.26 23:50:18 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Avira [2011.09.26 17:53:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Download Manager [2011.08.25 15:17:20 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities [2011.08.27 19:56:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Kalypso Media [2011.08.25 16:21:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia [2011.09.26 22:06:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs [2011.08.26 20:44:19 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft [2011.08.26 19:12:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Mozilla [2011.09.27 11:27:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Tropico 4 [2011.08.27 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Ubisoft [2011.08.27 18:05:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Bin echt gespannt! Gruß Stefan |
|
27.09.2011, 14:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop.ini Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2011, 15:21
| #9 |
| | Desktop.ini Hi, hier erst mal das TDSS-Log: 16:16:53.0278 4356 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43 16:16:53.0451 4356 ============================================================ 16:16:53.0451 4356 Current date / time: 2011/09/27 16:16:53.0451 16:16:53.0451 4356 SystemInfo: 16:16:53.0451 4356 16:16:53.0451 4356 OS Version: 6.1.7601 ServicePack: 1.0 16:16:53.0451 4356 Product type: Workstation 16:16:53.0451 4356 ComputerName: STEFAN-PC 16:16:53.0451 4356 UserName: Stefan 16:16:53.0451 4356 Windows directory: C:\Windows 16:16:53.0451 4356 System windows directory: C:\Windows 16:16:53.0451 4356 Running under WOW64 16:16:53.0451 4356 Processor architecture: Intel x64 16:16:53.0451 4356 Number of processors: 8 16:16:53.0451 4356 Page size: 0x1000 16:16:53.0451 4356 Boot type: Normal boot 16:16:53.0451 4356 ============================================================ 16:16:53.0833 4356 Initialize success 16:16:59.0654 4688 ============================================================ 16:16:59.0654 4688 Scan started 16:16:59.0654 4688 Mode: Manual; 16:16:59.0654 4688 ============================================================ 16:16:59.0791 4688 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys 16:16:59.0792 4688 1394ohci - ok 16:16:59.0813 4688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:16:59.0817 4688 ACPI - ok 16:16:59.0833 4688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:16:59.0835 4688 AcpiPmi - ok 16:16:59.0859 4688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 16:16:59.0868 4688 adp94xx - ok 16:16:59.0889 4688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 16:16:59.0895 4688 adpahci - ok 16:16:59.0915 4688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 16:16:59.0921 4688 adpu320 - ok 16:16:59.0943 4688 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 16:16:59.0953 4688 AFD - ok 16:16:59.0970 4688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:16:59.0973 4688 agp440 - ok 16:16:59.0991 4688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:16:59.0993 4688 aliide - ok 16:17:00.0008 4688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:17:00.0009 4688 amdide - ok 16:17:00.0025 4688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 16:17:00.0028 4688 AmdK8 - ok 16:17:00.0043 4688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 16:17:00.0046 4688 AmdPPM - ok 16:17:00.0061 4688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:17:00.0064 4688 amdsata - ok 16:17:00.0081 4688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 16:17:00.0086 4688 amdsbs - ok 16:17:00.0101 4688 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:17:00.0102 4688 amdxata - ok 16:17:00.0120 4688 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:17:00.0123 4688 AppID - ok 16:17:00.0140 4688 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 16:17:00.0143 4688 arc - ok 16:17:00.0159 4688 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 16:17:00.0163 4688 arcsas - ok 16:17:00.0178 4688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:17:00.0178 4688 AsyncMac - ok 16:17:00.0192 4688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:17:00.0192 4688 atapi - ok 16:17:00.0208 4688 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys 16:17:00.0209 4688 AthBTPort - ok 16:17:00.0224 4688 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys 16:17:00.0227 4688 ATHDFU - ok 16:17:00.0246 4688 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys 16:17:00.0250 4688 atksgt - ok 16:17:00.0266 4688 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 16:17:00.0268 4688 avgntflt - ok 16:17:00.0283 4688 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 16:17:00.0286 4688 avipbb - ok 16:17:00.0307 4688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 16:17:00.0315 4688 b06bdrv - ok 16:17:00.0334 4688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:17:00.0341 4688 b57nd60a - ok 16:17:00.0358 4688 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:17:00.0359 4688 Beep - ok 16:17:00.0376 4688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:17:00.0378 4688 blbdrive - ok 16:17:00.0393 4688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:17:00.0396 4688 bowser - ok 16:17:00.0411 4688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 16:17:00.0412 4688 BrFiltLo - ok 16:17:00.0426 4688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 16:17:00.0428 4688 BrFiltUp - ok 16:17:00.0446 4688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:17:00.0452 4688 Brserid - ok 16:17:00.0467 4688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:17:00.0469 4688 BrSerWdm - ok 16:17:00.0481 4688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:17:00.0483 4688 BrUsbMdm - ok 16:17:00.0494 4688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:17:00.0496 4688 BrUsbSer - ok 16:17:00.0509 4688 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys 16:17:00.0513 4688 BTATH_A2DP - ok 16:17:00.0527 4688 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys 16:17:00.0528 4688 BTATH_BUS - ok 16:17:00.0544 4688 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys 16:17:00.0546 4688 BTATH_HCRP - ok 16:17:00.0561 4688 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys 16:17:00.0563 4688 BTATH_LWFLT - ok 16:17:00.0578 4688 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys 16:17:00.0580 4688 BTATH_RCP - ok 16:17:00.0598 4688 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys 16:17:00.0599 4688 BtFilter - ok 16:17:00.0614 4688 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 16:17:00.0617 4688 BthEnum - ok 16:17:00.0633 4688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 16:17:00.0637 4688 BTHMODEM - ok 16:17:00.0653 4688 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 16:17:00.0653 4688 BthPan - ok 16:17:00.0673 4688 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 16:17:00.0681 4688 BTHPORT - ok 16:17:00.0697 4688 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 16:17:00.0700 4688 BTHUSB - ok 16:17:00.0715 4688 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:17:00.0719 4688 cdfs - ok 16:17:00.0734 4688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 16:17:00.0738 4688 cdrom - ok 16:17:00.0755 4688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 16:17:00.0758 4688 circlass - ok 16:17:00.0773 4688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:17:00.0779 4688 CLFS - ok 16:17:00.0799 4688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 16:17:00.0801 4688 CmBatt - ok 16:17:00.0815 4688 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:17:00.0817 4688 cmdide - ok 16:17:00.0838 4688 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 16:17:00.0848 4688 CNG - ok 16:17:00.0862 4688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 16:17:00.0865 4688 Compbatt - ok 16:17:00.0879 4688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:17:00.0882 4688 CompositeBus - ok 16:17:00.0897 4688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 16:17:00.0900 4688 crcdisk - ok 16:17:00.0919 4688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:17:00.0923 4688 DfsC - ok 16:17:00.0938 4688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:17:00.0940 4688 discache - ok 16:17:00.0956 4688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 16:17:00.0959 4688 Disk - ok 16:17:00.0975 4688 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:17:00.0977 4688 drmkaud - ok 16:17:01.0015 4688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:17:01.0022 4688 DXGKrnl - ok 16:17:01.0077 4688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 16:17:01.0115 4688 ebdrv - ok 16:17:01.0139 4688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 16:17:01.0147 4688 elxstor - ok 16:17:01.0161 4688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:17:01.0163 4688 ErrDev - ok 16:17:01.0180 4688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:17:01.0184 4688 exfat - ok 16:17:01.0200 4688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:17:01.0207 4688 fastfat - ok 16:17:01.0225 4688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 16:17:01.0226 4688 fdc - ok 16:17:01.0240 4688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:17:01.0243 4688 FileInfo - ok 16:17:01.0254 4688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:17:01.0257 4688 Filetrace - ok 16:17:01.0268 4688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 16:17:01.0270 4688 flpydisk - ok 16:17:01.0286 4688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:17:01.0293 4688 FltMgr - ok 16:17:01.0306 4688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:17:01.0309 4688 FsDepends - ok 16:17:01.0320 4688 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 16:17:01.0322 4688 Fs_Rec - ok 16:17:01.0336 4688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:17:01.0343 4688 fvevol - ok 16:17:01.0355 4688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 16:17:01.0358 4688 gagp30kx - ok 16:17:01.0374 4688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:17:01.0376 4688 hcw85cir - ok 16:17:01.0394 4688 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 16:17:01.0400 4688 HdAudAddService - ok 16:17:01.0417 4688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:17:01.0417 4688 HDAudBus - ok 16:17:01.0432 4688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 16:17:01.0434 4688 HidBatt - ok 16:17:01.0449 4688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 16:17:01.0452 4688 HidBth - ok 16:17:01.0468 4688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 16:17:01.0470 4688 HidIr - ok 16:17:01.0486 4688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 16:17:01.0488 4688 HidUsb - ok 16:17:01.0505 4688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:17:01.0508 4688 HpSAMD - ok 16:17:01.0532 4688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:17:01.0547 4688 HTTP - ok 16:17:01.0562 4688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:17:01.0563 4688 hwpolicy - ok 16:17:01.0579 4688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 16:17:01.0583 4688 i8042prt - ok 16:17:01.0601 4688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:17:01.0608 4688 iaStorV - ok 16:17:01.0624 4688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 16:17:01.0626 4688 iirsp - ok 16:17:01.0666 4688 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys 16:17:01.0678 4688 IntcAzAudAddService - ok 16:17:01.0693 4688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:17:01.0695 4688 intelide - ok 16:17:01.0710 4688 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:17:01.0710 4688 intelppm - ok 16:17:01.0725 4688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:17:01.0728 4688 IpFilterDriver - ok 16:17:01.0747 4688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:17:01.0751 4688 IPMIDRV - ok 16:17:01.0768 4688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:17:01.0772 4688 IPNAT - ok 16:17:01.0787 4688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:17:01.0789 4688 IRENUM - ok 16:17:01.0803 4688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:17:01.0805 4688 isapnp - ok 16:17:01.0822 4688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:17:01.0828 4688 iScsiPrt - ok 16:17:01.0843 4688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:17:01.0845 4688 kbdclass - ok 16:17:01.0861 4688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 16:17:01.0863 4688 kbdhid - ok 16:17:01.0879 4688 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 16:17:01.0882 4688 KSecDD - ok 16:17:01.0899 4688 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 16:17:01.0904 4688 KSecPkg - ok 16:17:01.0919 4688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:17:01.0920 4688 ksthunk - ok 16:17:01.0940 4688 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys 16:17:01.0941 4688 lirsgt - ok 16:17:01.0957 4688 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:17:01.0960 4688 lltdio - ok 16:17:01.0977 4688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 16:17:01.0980 4688 LSI_FC - ok 16:17:01.0997 4688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 16:17:01.0999 4688 LSI_SAS - ok 16:17:02.0015 4688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 16:17:02.0018 4688 LSI_SAS2 - ok 16:17:02.0035 4688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 16:17:02.0038 4688 LSI_SCSI - ok 16:17:02.0055 4688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:17:02.0058 4688 luafv - ok 16:17:02.0075 4688 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys 16:17:02.0076 4688 MBAMProtector - ok 16:17:02.0093 4688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 16:17:02.0095 4688 megasas - ok 16:17:02.0113 4688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 16:17:02.0119 4688 MegaSR - ok 16:17:02.0134 4688 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:17:02.0136 4688 Modem - ok 16:17:02.0151 4688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:17:02.0151 4688 monitor - ok 16:17:02.0163 4688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:17:02.0165 4688 mouclass - ok 16:17:02.0177 4688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:17:02.0179 4688 mouhid - ok 16:17:02.0196 4688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:17:02.0200 4688 mountmgr - ok 16:17:02.0216 4688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:17:02.0221 4688 mpio - ok 16:17:02.0236 4688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:17:02.0238 4688 mpsdrv - ok 16:17:02.0255 4688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:17:02.0259 4688 MRxDAV - ok 16:17:02.0275 4688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:17:02.0279 4688 mrxsmb - ok 16:17:02.0296 4688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:17:02.0301 4688 mrxsmb10 - ok 16:17:02.0316 4688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:17:02.0319 4688 mrxsmb20 - ok 16:17:02.0334 4688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:17:02.0336 4688 msahci - ok 16:17:02.0351 4688 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:17:02.0355 4688 msdsm - ok 16:17:02.0372 4688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:17:02.0374 4688 Msfs - ok 16:17:02.0389 4688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:17:02.0390 4688 mshidkmdf - ok 16:17:02.0404 4688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:17:02.0406 4688 msisadrv - ok 16:17:02.0423 4688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:17:02.0424 4688 MSKSSRV - ok 16:17:02.0439 4688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:17:02.0440 4688 MSPCLOCK - ok 16:17:02.0455 4688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:17:02.0456 4688 MSPQM - ok 16:17:02.0475 4688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:17:02.0482 4688 MsRPC - ok 16:17:02.0497 4688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 16:17:02.0497 4688 mssmbios - ok 16:17:02.0512 4688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:17:02.0514 4688 MSTEE - ok 16:17:02.0528 4688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 16:17:02.0530 4688 MTConfig - ok 16:17:02.0545 4688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:17:02.0547 4688 Mup - ok 16:17:02.0566 4688 mv91xx (611ebe534df049ad9413552fa81ecf75) C:\Windows\system32\DRIVERS\mv91xx.sys 16:17:02.0571 4688 mv91xx - ok 16:17:02.0590 4688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:17:02.0597 4688 NativeWifiP - ok 16:17:02.0626 4688 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 16:17:02.0635 4688 NDIS - ok 16:17:02.0650 4688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:17:02.0652 4688 NdisCap - ok 16:17:02.0666 4688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:17:02.0668 4688 NdisTapi - ok 16:17:02.0683 4688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:17:02.0685 4688 Ndisuio - ok 16:17:02.0701 4688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:17:02.0705 4688 NdisWan - ok 16:17:02.0720 4688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:17:02.0723 4688 NDProxy - ok 16:17:02.0738 4688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:17:02.0740 4688 NetBIOS - ok 16:17:02.0758 4688 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:17:02.0765 4688 NetBT - ok 16:17:02.0783 4688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 16:17:02.0786 4688 nfrd960 - ok 16:17:02.0804 4688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:17:02.0807 4688 Npfs - ok 16:17:02.0822 4688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:17:02.0824 4688 nsiproxy - ok 16:17:02.0855 4688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:17:02.0873 4688 Ntfs - ok 16:17:02.0888 4688 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:17:02.0889 4688 Null - ok 16:17:02.0905 4688 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys 16:17:02.0908 4688 nusb3hub - ok 16:17:02.0924 4688 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys 16:17:02.0929 4688 nusb3xhc - ok 16:17:02.0945 4688 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys 16:17:02.0948 4688 NVHDA - ok 16:17:03.0081 4688 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:17:03.0128 4688 nvlddmkm - ok 16:17:03.0144 4688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:17:03.0148 4688 nvraid - ok 16:17:03.0160 4688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:17:03.0164 4688 nvstor - ok 16:17:03.0179 4688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:17:03.0183 4688 nv_agp - ok 16:17:03.0199 4688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:17:03.0202 4688 ohci1394 - ok 16:17:03.0222 4688 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 16:17:03.0225 4688 Parport - ok 16:17:03.0240 4688 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 16:17:03.0243 4688 partmgr - ok 16:17:03.0260 4688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:17:03.0265 4688 pci - ok 16:17:03.0279 4688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:17:03.0281 4688 pciide - ok 16:17:03.0297 4688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 16:17:03.0302 4688 pcmcia - ok 16:17:03.0316 4688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:17:03.0318 4688 pcw - ok 16:17:03.0340 4688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:17:03.0353 4688 PEAUTH - ok 16:17:03.0379 4688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:17:03.0382 4688 PptpMiniport - ok 16:17:03.0397 4688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 16:17:03.0401 4688 Processor - ok 16:17:03.0420 4688 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:17:03.0424 4688 Psched - ok 16:17:03.0456 4688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 16:17:03.0475 4688 ql2300 - ok 16:17:03.0491 4688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 16:17:03.0495 4688 ql40xx - ok 16:17:03.0511 4688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:17:03.0513 4688 QWAVEdrv - ok 16:17:03.0528 4688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:17:03.0529 4688 RasAcd - ok 16:17:03.0545 4688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:17:03.0547 4688 RasAgileVpn - ok 16:17:03.0564 4688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:17:03.0567 4688 Rasl2tp - ok 16:17:03.0583 4688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:17:03.0586 4688 RasPppoe - ok 16:17:03.0600 4688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:17:03.0603 4688 RasSstp - ok 16:17:03.0620 4688 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:17:03.0626 4688 rdbss - ok 16:17:03.0641 4688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 16:17:03.0643 4688 rdpbus - ok 16:17:03.0657 4688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:17:03.0658 4688 RDPCDD - ok 16:17:03.0674 4688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:17:03.0675 4688 RDPENCDD - ok 16:17:03.0691 4688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:17:03.0692 4688 RDPREFMP - ok 16:17:03.0708 4688 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 16:17:03.0712 4688 RDPWD - ok 16:17:03.0728 4688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:17:03.0733 4688 rdyboost - ok 16:17:03.0751 4688 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 16:17:03.0754 4688 RFCOMM - ok 16:17:03.0772 4688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:17:03.0775 4688 rspndr - ok 16:17:03.0794 4688 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys 16:17:03.0797 4688 RTL8167 - ok 16:17:03.0813 4688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:17:03.0816 4688 sbp2port - ok 16:17:03.0832 4688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:17:03.0834 4688 scfilter - ok 16:17:03.0851 4688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:17:03.0853 4688 secdrv - ok 16:17:03.0870 4688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:17:03.0872 4688 Serenum - ok 16:17:03.0887 4688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:17:03.0890 4688 Serial - ok 16:17:03.0904 4688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 16:17:03.0906 4688 sermouse - ok 16:17:03.0924 4688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:17:03.0926 4688 sffdisk - ok 16:17:03.0940 4688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:17:03.0942 4688 sffp_mmc - ok 16:17:03.0957 4688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:17:03.0958 4688 sffp_sd - ok 16:17:03.0973 4688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 16:17:03.0975 4688 sfloppy - ok 16:17:03.0991 4688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 16:17:03.0994 4688 SiSRaid2 - ok 16:17:04.0009 4688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 16:17:04.0012 4688 SiSRaid4 - ok 16:17:04.0027 4688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:17:04.0030 4688 Smb - ok 16:17:04.0048 4688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:17:04.0050 4688 spldr - ok 16:17:04.0071 4688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:17:04.0078 4688 srv - ok 16:17:04.0096 4688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:17:04.0104 4688 srv2 - ok 16:17:04.0120 4688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:17:04.0124 4688 srvnet - ok 16:17:04.0141 4688 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys 16:17:04.0143 4688 StarOpen - ok 16:17:04.0159 4688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 16:17:04.0162 4688 stexstor - ok 16:17:04.0177 4688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 16:17:04.0179 4688 swenum - ok 16:17:04.0215 4688 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys 16:17:04.0238 4688 Tcpip - ok 16:17:04.0269 4688 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys 16:17:04.0276 4688 TCPIP6 - ok 16:17:04.0291 4688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 16:17:04.0294 4688 tcpipreg - ok 16:17:04.0309 4688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:17:04.0311 4688 TDPIPE - ok 16:17:04.0325 4688 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 16:17:04.0327 4688 TDTCP - ok 16:17:04.0343 4688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 16:17:04.0345 4688 tdx - ok 16:17:04.0360 4688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 16:17:04.0363 4688 TermDD - ok 16:17:04.0382 4688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:17:04.0384 4688 tssecsrv - ok 16:17:04.0400 4688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 16:17:04.0403 4688 TsUsbFlt - ok 16:17:04.0417 4688 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 16:17:04.0420 4688 TsUsbGD - ok 16:17:04.0435 4688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 16:17:04.0439 4688 tunnel - ok 16:17:04.0454 4688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 16:17:04.0457 4688 uagp35 - ok 16:17:04.0474 4688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 16:17:04.0480 4688 udfs - ok 16:17:04.0498 4688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 16:17:04.0501 4688 uliagpkx - ok 16:17:04.0516 4688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 16:17:04.0519 4688 umbus - ok 16:17:04.0534 4688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 16:17:04.0535 4688 UmPass - ok 16:17:04.0552 4688 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 16:17:04.0555 4688 usbccgp - ok 16:17:04.0570 4688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 16:17:04.0574 4688 usbcir - ok 16:17:04.0591 4688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 16:17:04.0593 4688 usbehci - ok 16:17:04.0611 4688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 16:17:04.0617 4688 usbhub - ok 16:17:04.0632 4688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 16:17:04.0634 4688 usbohci - ok 16:17:04.0649 4688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:17:04.0652 4688 usbprint - ok 16:17:04.0666 4688 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 16:17:04.0669 4688 usbscan - ok 16:17:04.0684 4688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:17:04.0687 4688 USBSTOR - ok 16:17:04.0702 4688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 16:17:04.0704 4688 usbuhci - ok 16:17:04.0721 4688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 16:17:04.0723 4688 vdrvroot - ok 16:17:04.0739 4688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:17:04.0741 4688 vga - ok 16:17:04.0756 4688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:17:04.0757 4688 VgaSave - ok 16:17:04.0774 4688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 16:17:04.0779 4688 vhdmp - ok 16:17:04.0794 4688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 16:17:04.0795 4688 viaide - ok 16:17:04.0811 4688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 16:17:04.0813 4688 volmgr - ok 16:17:04.0831 4688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 16:17:04.0838 4688 volmgrx - ok 16:17:04.0855 4688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 16:17:04.0861 4688 volsnap - ok 16:17:04.0877 4688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 16:17:04.0881 4688 vsmraid - ok 16:17:04.0897 4688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 16:17:04.0899 4688 vwifibus - ok 16:17:04.0915 4688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 16:17:04.0917 4688 WacomPen - ok 16:17:04.0934 4688 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:17:04.0937 4688 WANARP - ok 16:17:04.0939 4688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:17:04.0940 4688 Wanarpv6 - ok 16:17:04.0958 4688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 16:17:04.0960 4688 Wd - ok 16:17:04.0980 4688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:17:04.0988 4688 Wdf01000 - ok 16:17:05.0009 4688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:17:05.0010 4688 WfpLwf - ok 16:17:05.0026 4688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:17:05.0028 4688 WIMMount - ok 16:17:05.0049 4688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:17:05.0049 4688 WmiAcpi - ok 16:17:05.0068 4688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:17:05.0070 4688 ws2ifsl - ok 16:17:05.0089 4688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 16:17:05.0092 4688 WudfPf - ok 16:17:05.0109 4688 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:17:05.0112 4688 WUDFRd - ok 16:17:05.0118 4688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 16:17:05.0120 4688 \Device\Harddisk1\DR1 - ok 16:17:05.0122 4688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 16:17:05.0124 4688 \Device\Harddisk0\DR0 - ok 16:17:05.0125 4688 Boot (0x1200) (0ea7dcad1aa48d7a1f3b8d0fea36c1ca) \Device\Harddisk1\DR1\Partition0 16:17:05.0126 4688 \Device\Harddisk1\DR1\Partition0 - ok 16:17:05.0127 4688 Boot (0x1200) (aa6cbc7d91d2ffd00b51d174ee57f5f5) \Device\Harddisk1\DR1\Partition1 16:17:05.0128 4688 \Device\Harddisk1\DR1\Partition1 - ok 16:17:05.0129 4688 Boot (0x1200) (2e80a443ac3365df4acaaa3a9a2b4abc) \Device\Harddisk0\DR0\Partition0 16:17:05.0129 4688 \Device\Harddisk0\DR0\Partition0 - ok 16:17:05.0131 4688 Boot (0x1200) (4100d6caee6846a31ca9477a05cfaec1) \Device\Harddisk0\DR0\Partition1 16:17:05.0131 4688 \Device\Harddisk0\DR0\Partition1 - ok 16:17:05.0131 4688 ============================================================ 16:17:05.0131 4688 Scan finished 16:17:05.0131 4688 ============================================================ 16:17:05.0136 4680 Detected object count: 0 16:17:05.0136 4680 Actual detected object count: 0 Das mit dem Unhide klappt übrigens nicht (als Admin ausgeführt)! Mir war noch gar nicht aufgefallen, dass ich auf die eigenen Dateien nicht draufkomme,weil ich den Ornder nie nutze. Er heist auf einmal Documents, statt Dokumente und alle Unterordner sind gesperrt, bis auf einen der Atheros heißt. Meinen eigenen Ordner sehe ich im Explorer auch nicht mehr, er ist aber da. Ich kann über die Desktop-Verknüpfung drauf zugreifen. Gruß Stefan |
|
27.09.2011, 15:22
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop.ini Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2011, 16:51
| #11 |
| | Desktop.ini Hier das ComboFix-Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-09-27.01 - Stefan 27.09.2011 17:47:37.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8169.6564 [GMT 2:00]
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-08-27 bis 2011-09-27 ))))))))))))))))))))))))))))))
.
.
2011-09-27 15:49 . 2011-09-27 15:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-09-27 15:49 . 2011-09-27 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-27 13:32 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8CBE99E-340F-478F-BB0F-53E186CE2F6B}\mpengine.dll
2011-09-26 20:06 . 2011-09-26 20:06 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes
2011-09-26 20:06 . 2011-09-26 20:06 -------- d-----w- c:\programdata\Malwarebytes
2011-09-26 20:06 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-26 15:52 . 2011-09-26 15:52 -------- d-----w- c:\program files\CCleaner
2011-09-25 07:04 . 2011-09-25 07:04 -------- d-----w- c:\programdata\Trymedia
2011-09-25 06:59 . 2011-09-25 06:59 -------- d-----w- c:\programdata\InstallShield
2011-09-25 06:57 . 2006-03-20 14:34 86960 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2011-09-25 06:57 . 2006-03-20 14:34 213936 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2011-09-25 06:57 . 2006-03-20 14:34 283568 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2011-09-25 06:57 . 2006-03-20 14:34 865200 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2011-09-25 06:57 . 2006-03-20 14:34 393216 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2011-09-25 06:57 . 2006-03-20 14:34 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2011-09-25 06:57 . 2006-03-20 14:33 73728 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2011-09-17 07:09 . 2011-09-17 07:09 -------- d-----w- c:\users\Stefan\AppData\Local\Kalypso Media
2011-09-02 19:40 . 2011-09-02 19:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 06:42 . 2011-08-25 14:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-27 15:17 . 2011-08-27 15:17 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-08-27 15:17 . 2011-08-27 15:17 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-26 09:57 . 2011-08-26 09:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-26 09:57 . 2011-08-26 09:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-26 09:57 . 2011-08-26 09:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-26 09:57 . 2011-08-26 09:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-26 09:57 . 2011-08-26 09:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-26 09:57 . 2011-08-26 09:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-26 09:57 . 2011-08-26 09:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-26 09:57 . 2011-08-26 09:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-26 09:57 . 2011-08-26 09:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-26 09:57 . 2011-08-26 09:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-26 09:57 . 2011-08-26 09:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-26 09:57 . 2011-08-26 09:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-26 09:57 . 2011-08-26 09:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-26 09:57 . 2011-08-26 09:57 448512 ----a-w- c:\windows\system32\html.iec
2011-08-26 09:57 . 2011-08-26 09:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-26 09:57 . 2011-08-26 09:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-26 09:57 . 2011-08-26 09:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-26 09:57 . 2011-08-26 09:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-26 09:57 . 2011-08-26 09:57 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-26 09:57 . 2011-08-26 09:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-26 09:57 . 2011-08-26 09:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-26 09:57 . 2011-08-26 09:57 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-08-26 09:57 . 2011-08-26 09:57 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-26 09:57 . 2011-08-26 09:57 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-08-26 09:57 . 2011-08-26 09:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-26 09:57 . 2011-08-26 09:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-26 09:57 . 2011-08-26 09:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-26 09:57 . 2011-08-26 09:57 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-26 09:57 . 2011-08-26 09:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-26 09:57 . 2011-08-26 09:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-26 09:57 . 2011-08-26 09:57 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-26 09:57 . 2011-08-26 09:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-26 09:57 . 2011-08-26 09:57 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-26 09:57 . 2011-08-26 09:57 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-26 09:57 . 2011-08-26 09:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-26 09:57 . 2011-08-26 09:57 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-26 09:57 . 2011-08-26 09:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-26 09:57 . 2011-08-26 09:57 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-26 09:57 . 2011-08-26 09:57 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-26 09:57 . 2011-08-26 09:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-26 09:57 . 2011-08-26 09:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-26 09:57 . 2011-08-26 09:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-26 09:39 . 2011-08-26 09:39 468480 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-25 13:40 . 2011-08-25 13:40 16896 ----a-w- c:\windows\AsTaskSched.dll
2011-08-03 11:50 . 2011-08-25 14:37 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-08-25 14:37 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-08-25 14:37 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-08-25 14:37 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-08-25 14:37 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-08-25 14:37 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-08-25 14:37 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-08-25 14:37 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2011-08-25 14:37 7254632 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-25 14:37 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-25 14:37 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-25 14:37 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-03 11:50 . 2011-08-25 14:37 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-08-03 11:50 . 2011-08-25 14:37 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-08-25 14:37 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-25 14:37 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-25 14:37 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2011-08-25 14:37 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-08-03 11:50 . 2011-08-25 14:37 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
2011-08-03 11:50 . 2011-08-25 14:37 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-25 14:37 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-25 14:37 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-08-03 11:50 . 2011-08-25 14:37 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-08-03 11:50 . 2011-08-25 14:37 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
2011-08-03 11:50 . 2011-08-25 14:37 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-08-03 11:50 . 2011-08-25 14:37 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
2011-08-03 11:50 . 2011-08-25 14:37 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-08-03 11:50 . 2011-08-25 14:37 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-21 10:11 . 2011-08-26 17:57 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-21 10:11 . 2011-08-26 17:57 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-16 05:41 . 2011-08-25 14:49 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-25 14:49 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-25 14:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-25 14:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-25 14:49 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-25 14:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-25 14:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-27_15.34.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 05:10 . 2011-09-27 14:16 37640 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-27 15:42 37640 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-25 14:00 . 2011-09-27 15:42 3908 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3091026875-3271901594-52335093-1000_UserData.bin
- 2011-08-25 14:00 . 2011-09-27 14:16 3908 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3091026875-3271901594-52335093-1000_UserData.bin
- 2011-09-27 14:14 . 2011-09-27 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-27 15:41 . 2011-09-27 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-27 14:14 . 2011-09-27 14:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-27 15:41 . 2011-09-27 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-09-27 14:18 615810 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-09-27 15:46 615810 c:\windows\system32\perfh009.dat
- 2011-04-12 07:43 . 2011-09-27 14:18 653928 c:\windows\system32\perfh007.dat
+ 2011-04-12 07:43 . 2011-09-27 15:46 653928 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-09-27 15:46 106190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-09-27 14:18 106190 c:\windows\system32\perfc009.dat
+ 2011-04-12 07:43 . 2011-09-27 15:46 129800 c:\windows\system32\perfc007.dat
- 2011-04-12 07:43 . 2011-09-27 14:18 129800 c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2011-09-27 14:14 322768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-27 15:40 322768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-26 18:23 . 2011-09-27 15:40 12823397 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3091026875-3271901594-52335093-1000-8192.dat
- 2011-08-26 18:23 . 2011-09-27 14:14 12823397 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3091026875-3271901594-52335093-1000-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-26 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="e:\malwarebytes' anti-malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [x]
S2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pcspezialist.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\bj7vjznd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-09-27 17:49:51
ComboFix-quarantined-files.txt 2011-09-27 15:49
ComboFix2.txt 2011-09-27 15:35
.
Vor Suchlauf: 4.384.931.840 Bytes frei
Nach Suchlauf: 4.330.831.872 Bytes frei
.
- - End Of File - - 335029D74ABEA48D27D08A253FD375C3
Gruß Stefan |
|
27.09.2011, 18:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop.ini Was ist denn so zwischenzeitlich mal gefragt mit der desktop.ini?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2011, 21:59
| #13 |
| | Desktop.ini Leider nix neues. Die kommt immer noch beim Neustart!  |
|
27.09.2011, 22:32
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop.ini Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2011, 22:44
| #15 |
| | Desktop.ini aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-09-27 23:40:29 ----------------------------- 23:40:29.146 OS Version: Windows x64 6.1.7601 Service Pack 1 23:40:29.146 Number of processors: 8 586 0x2A07 23:40:29.146 ComputerName: STEFAN-PC UserName: Stefan 23:40:29.281 Initialize success 23:41:45.884 AVAST engine defs: 11092701 23:41:59.971 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 23:41:59.972 Disk 0 Vendor: OCZ-VERTEX2 1.33 Size: 57241MB BusType: 11 23:41:59.974 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 23:41:59.975 Disk 1 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610480MB BusType: 11 23:42:01.977 Disk 0 MBR read successfully 23:42:01.979 Disk 0 MBR scan 23:42:01.982 Disk 0 Windows 7 default MBR code 23:42:01.985 Service scanning 23:42:03.279 Modules scanning 23:42:03.281 Disk 0 trace - called modules: 23:42:03.285 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 23:42:03.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800743c790] 23:42:03.289 3 CLASSPNP.SYS[fffff88001bab43f] -> nt!IofCallDriver -> [0xfffffa8006a6d4e0] 23:42:03.292 5 ACPI.sys[fffff88000ed07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006a6a060] 23:42:03.478 AVAST engine scan C:\Windows 23:42:04.984 AVAST engine scan C:\Windows\system32 23:42:43.899 AVAST engine scan C:\Windows\system32\drivers 23:42:46.710 AVAST engine scan C:\Users\Stefan 23:42:51.255 AVAST engine scan C:\ProgramData 23:42:52.602 Scan finished successfully 23:43:01.290 Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat" 23:43:01.293 The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt" Langsam frage ich mich, ob ich nicht einfach zu blöd bin, die Desktop.ini an der richtigen Stelle zu löschen?  |
|
| Themen zu Desktop.ini |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivir, antivir guard, avg, bho, cdburnerxp, desktop.ini, explorer, firefox, free download, hijack, hijackthis, hängt, internet, internet explorer, logfile, mozilla, nt.dll, nvidia update, object, programm, prozesse, registry, sched.exe, senden, shell32.dll, software, super, system hängt, trojaner, usb, usb 3.0, verweise, viren, virus gefunden, warnung, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
