Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/kazy.mekml, Festplatte beschädigt, Dateien weg

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.04.2011, 17:35   #1
brote
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Hallo zusammen!
Ich habe mich hier angemeldet, weil auch mein Rechner mit dem Trojaner Kazy.mekml infiziert ist.
Seitdem fehlen Dateien auf meinem Desktop, sowie auf dem restlichen Teil meiner Festplatte.
Dei zweite Partition ist nicht betroffen!
Zudem sagt mir Windows 7 (32bit) ständig, dass meine Festplatte beschädigt ist.
Auch Avira popt immer wieder auf und sagt mir, dass eben dieser Trojaner sich auf meinem Rechner befindet. Löschen hilft auch nicht.
Außerdem hatte ich eben einen Bluescreen aufgrund eines Grafiktreiber, weiß aber nicht obs mit dem Trojaner zusammenhängt!
Ich hoffe mir kann jemand weiterhelfen!
EDIT:
Was mir auch noch aufgefallen ist, ich habe seit einer Woche noch ein zusätzliches Laufwerk Q:, auf welches ich nicht zugreifen kann!
Mit freundlichen Grüßen
Brote

Hier meine Anti-Malware Logfile:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 17:33:03
mbam-log-2011-04-21 (17-33-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175743
Laufzeit: 6 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 3792 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{5283BA48-B3A8-A4C7-4C8B-5FC46A91D3D3} (Trojan.ZbotR.Gen) -> Value: {5283BA48-B3A8-A4C7-4C8B-5FC46A91D3D3} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Benjamin\AppData\Local\Temp\0.29800580620327444.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


OTL:OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 21.04.2011 17:38:23 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,99 Gb Total Space | 0,86 Gb Free Space | 3,45% Space Free | Partition Type: NTFS
Drive D: | 273,09 Gb Total Space | 25,98 Gb Free Space | 9,51% Space Free | Partition Type: NTFS
Drive E: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BENJAMIN-NB | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
PRC - D:\Program Files\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\lxczcoms.exe ( )
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) --  File not found
SRV - (HiPatchService) -- D:\Program Files\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (WTGService) -- D:\Program Files\Verbindungsassistent\WTGService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TuneUp.Defrag) -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OMSI download service) -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (TuneUpUtilitiesDrv) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (TTCinergyT2) TerraTec Cinergy T² (BDA) -- C:\Windows\System32\drivers\TTCinergyT2BDA.sys (TerraTec Electronic GmbH)
DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS ()
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 9E 23 6E 04 34 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.mydtzone.com/startpage|hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {b9615918-d3de-44a4-ab65-76df7ea1f1c1}:0.3.13
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.04.03 15:52:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.03 15:52:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2011.03.13 15:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins [2011.01.29 18:28:33 | 000,000,000 | ---D | M]
 
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions
[2010.01.22 17:44:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.20 20:22:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions
[2011.04.20 20:22:25 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.07.27 21:08:04 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.04.14 14:35:15 | 000,000,000 | -H-D | M] (Разпознаване на устройство Logitech) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\DeviceDetection@logitech.com
[2011.02.04 13:35:08 | 000,000,000 | -H-D | M] (FoxyProxy Standard) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\os8yk4py.default\extensions\foxyproxy@eric.h.jung
[2010.05.30 18:29:00 | 000,001,819 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\bing.xml
[2011.04.08 18:28:05 | 000,002,059 | -H-- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\searchplugins\daemon-search.xml
File not found (No name found) -- 
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{B9615918-D3DE-44A4-AB65-76DF7EA1F1C1}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OS8YK4PY.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2010.02.04 01:36:43 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.01.22 18:44:51 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Camfrog] D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 [2010.10.17 16:28:41 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Read with DeskBot - D:\Program Files\BellCraft.com\DeskBot\DeskBot.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010.09.11 01:09:30 | 002,508,760 | ---- | M] ()
O33 - MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\Shell\AutoRun\command - "" = F:\Autoplay\AutoRun.exe
O33 - MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 16:51:28 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Malwarebytes
[2011.04.21 16:51:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 16:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 16:51:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 16:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.14 14:31:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 14:31:09 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 14:31:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 14:31:06 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 14:31:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 14:30:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 14:30:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 14:30:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 14:30:59 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 14:30:59 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 14:30:59 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 14:30:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.14 14:30:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.14 14:30:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 14:30:59 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.14 14:30:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.14 14:30:31 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 14:30:29 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 14:30:29 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 14:30:27 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.11 19:08:28 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2011.04.11 19:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
[2011.04.08 18:28:40 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.04.08 18:28:05 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2011.04.08 18:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.04.08 18:27:46 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2011.04.08 18:27:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.04.03 18:29:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\VirtualizedApplications
[2011.04.03 16:18:04 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\SoftGrid Client
[2011.04.03 16:17:59 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\SoftGrid Client
[2011.04.03 16:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Business (Deutsch)
[2011.04.03 16:16:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2011.04.03 16:16:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.04.03 16:16:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Application Virtualization Client
[2011.04.03 16:15:26 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\TP
[2011.03.29 19:38:20 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Ventrilo
[2011.03.29 19:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011.03.28 10:44:35 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\Documents\My Games
[2011.03.28 01:11:59 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Hi-Rez Studios
[2011.03.28 01:11:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Hi-Rez Studios
[2011.03.28 01:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2011.03.28 00:46:56 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.0
[2011.03.27 18:51:37 | 000,000,000 | -H-D | C] -- C:\Users\Benjamin\AppData\Local\CrashRpt
[2011.02.03 21:14:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2011.02.03 21:14:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2011.02.03 21:14:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2011.02.03 21:14:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2011.02.03 21:14:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2011.02.03 21:14:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2011.02.03 21:14:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2011.02.03 21:14:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2011.02.03 21:14:31 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe
[2011.02.03 21:14:31 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe
[2011.02.03 21:14:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2011.02.03 21:14:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2011.02.03 21:14:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2011.02.03 21:14:30 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2011.02.03 21:14:30 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe
[2010.07.29 17:37:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA454.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 17:33:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rpld.sys
[2011.04.21 17:33:13 | 000,000,234 | ---- | M] () -- C:\Windows\System32\pbucn
[2011.04.21 17:23:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 17:23:10 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 16:51:19 | 000,000,756 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 16:13:00 | 000,014,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 16:13:00 | 000,014,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 15:30:14 | 000,656,484 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 15:30:14 | 000,616,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 15:30:14 | 000,130,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 15:30:14 | 000,107,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.16 09:38:23 | 000,286,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.08 18:28:40 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.04.08 18:28:04 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.04.03 15:52:34 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.29 19:38:01 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.03.29 19:37:57 | 000,000,630 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011.03.28 01:11:10 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Global Agenda Launcher.lnk
[2011.03.28 00:46:56 | 000,001,002 | -H-- | M] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk
[2011.03.28 00:45:41 | 012,470,832 | -H-- | M] () -- C:\Users\Benjamin\Desktop\camfrog_5.5.exe
 
========== Files Created - No Company Name ==========
 
[2011.04.21 17:33:13 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rpld.sys
[2011.04.21 17:33:13 | 000,000,234 | ---- | C] () -- C:\Windows\System32\pbucn
[2011.04.21 16:51:19 | 000,000,756 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.08 18:28:04 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.04.03 15:52:33 | 000,000,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.29 19:37:57 | 000,000,630 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011.03.29 19:37:49 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.03.28 01:11:10 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Global Agenda Launcher.lnk
[2011.03.28 00:46:56 | 000,001,002 | -H-- | C] () -- C:\Users\Benjamin\Desktop\Camfrog Video Chat 6.0.lnk
[2011.03.28 00:45:22 | 012,470,832 | -H-- | C] () -- C:\Users\Benjamin\Desktop\camfrog_5.5.exe
[2011.02.03 21:17:27 | 000,000,094 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.02.03 21:14:32 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2011.02.03 21:14:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010.12.27 19:54:14 | 000,000,032 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\packet
[2010.11.30 22:35:18 | 000,007,605 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg
[2010.08.08 22:39:11 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2010.08.08 22:37:21 | 000,000,840 | ---- | C] () -- C:\Windows\_delis32.ini
[2010.08.08 22:36:19 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2010.07.01 17:08:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.20 13:21:39 | 000,006,656 | -H-- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.10 18:30:43 | 000,002,903 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.02.10 18:30:37 | 000,000,748 | ---- | C] () -- C:\Windows\cm106.ini
[2010.02.10 18:30:37 | 000,000,601 | ---- | C] () -- C:\Windows\cm106.ini.bak
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.14 10:47:43 | 000,656,484 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,826 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,286,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,990 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.27 13:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005.01.31 10:13:22 | 000,163,328 | ---- | C] () -- C:\Windows\System32\drivers\LV532AV.SYS
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Files - Unicode (All) ==========
[2010.05.28 18:56:11 | 000,020,480 | -H-- | M] ()(C:\Users\Benjamin\Desktop\Gesu Pr?fung.doc) -- C:\Users\Benjamin\Desktop\Gesu Pr�fung.doc
[2010.05.27 18:10:34 | 000,020,480 | -H-- | C] ()(C:\Users\Benjamin\Desktop\Gesu Pr?fung.doc) -- C:\Users\Benjamin\Desktop\Gesu Pr�fung.doc

< End of report >
         
--- --- ---

--- --- ---

OTL2:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 17:38:23 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 24,99 Gb Total Space | 0,86 Gb Free Space | 3,45% Space Free | Partition Type: NTFS
Drive D: | 273,09 Gb Total Space | 25,98 Gb Free Space | 9,51% Space Free | Partition Type: NTFS
Drive E: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BENJAMIN-NB | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{190297F8-14EC-4ECA-BFAC-72843DBFB382}" = Microsoft SharedView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{722AF0E9-9BAB-4556-9AA6-B5240D46E4B3}" = Global Agenda Launcher
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}" = ScreenManager Pro for LCD
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DFD7F080-D4BB-4A72-8B19-8FD0CE34F780}" = NetSpeedMonitor 2.4.2.0 x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices  (11/30/2008 1.0.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Atlantica Online" = Atlantica Online
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Camfrog 6.0" = Camfrog Video Chat 6.0
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DCoder Image Source" = DCoder Image Source (remove only)
"DeskBot_is1" = DeskBot
"DirectVobSub" = DirectVobSub (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Drumaxx" = Drumaxx
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FL Studio 9" = FL Studio 9
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.3
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"Generic USB 106 Sound" = TerraTec Headset Master 5.1 USB
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"iTunes Remote Helper_is1" = iTunes Remote Helper 1.73
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.5.74 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"MobMap_is1" = MobMap 4.01
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Pidgin" = Pidgin
"PoiZone" = PoiZone
"Pontifex Demo_is1" = Pontifex Demo 10.19.01
"Postal 2" = Postal 2
"ProgDVB" = ProgDVB
"ProgSatFinder" = Prog Finder
"RealMedia" = RealMedia (remove only)
"ResusSim Prehospital Demo" = ResusSim Prehospital Demo
"Sakura" = Sakura
"Sawer" = Sawer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = iTunesRemote
"StarCraft II Beta" = StarCraft II Beta
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TIPP10_is1" = TIPP10 Version 2.0.3
"Toxic Biohazard" = Toxic Biohazard
"Tremulous" = Tremulous 1.1.0
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"TuneUp Utilities" = TuneUp Utilities
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Verbindungsassistent" = Verbindungsassistent
"Videora Palm Pre Converter" = Videora Palm Pre Converter 5.04
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Youtube Music Downloader_is1" = Youtube Music Downloader V3.5
"ZoomPlayer" = Zoom Player (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 08:06:54 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 17.04.2011 11:40:23 | Computer Name = Benjamin-NB | Source = ESENT | ID = 482
Description = wuaueng.dll (980) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb"
 bei Offset 131072 (0x0000000000020000) für 32768 (0x00008000) Bytes zu schreiben,
 ist nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz
 auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) 
bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise
 beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
 
Error - 17.04.2011 14:08:02 | Computer Name = Benjamin-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.04.2011 14:08:02 | Computer Name = Benjamin-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
 
Error - 17.04.2011 14:08:02 | Computer Name = Benjamin-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error - 20.04.2011 18:34:56 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\sony
 ericsson\sony ericsson pc suite\Drivers\DPInst64.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.04.2011 18:35:59 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search box extension\SrchBxEx.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search box extension\SrchBxEx.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 20.04.2011 18:35:59 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 20.04.2011 18:35:59 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SEPsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 20.04.2011 18:36:17 | Computer Name = Benjamin-NB | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ System Events ]
Error - 02.03.2011 18:00:08 | Computer Name = Benjamin-NB | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 07.03.2011 05:38:15 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 08.03.2011 09:50:52 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 08.03.2011 18:41:38 | Computer Name = Benjamin-NB | Source = bowser | ID = 8003
Description = 
 
Error - 09.03.2011 05:21:58 | Computer Name = Benjamin-NB | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.03.2011 12:37:14 | Computer Name = Benjamin-NB | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?03.?2011 um 16:43:41 unerwartet heruntergefahren.
 
Error - 11.03.2011 23:51:38 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 12.03.2011 15:18:49 | Computer Name = Benjamin-NB | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.03.2011 09:25:43 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
Error - 15.03.2011 10:36:19 | Computer Name = Benjamin-NB | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
 und wird nicht verwendet. Der Treiber wurde entladen.
 
[ TuneUp Events ]
Error - 22.12.2010 04:08:30 | Computer Name = Benjamin-NB | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 22.12.2010 04:08:30 | Computer Name = Benjamin-NB | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 22.12.2010 04:08:30 | Computer Name = Benjamin-NB | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von brote (21.04.2011 um 18:08 Uhr)

Alt 21.04.2011, 20:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 21.04.2011, 21:46   #3
brote
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Anscheinend ist der Trojaner weg, aber die Ordner sind noch versteckt und im Startmenü fehlen auch Einträge.
Ich hoffe der ist auch wirklich weg und versteckt sich nicht nur


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.04.2011 21:44:51
mbam-log-2011-04-21 (21-44-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 305735
Laufzeit: 58 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 21.04.2011, 22:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.startup.homepage: "http://www.mydtzone.com/startpage|http://go.microsoft.com/fwlink/?LinkId=69157"
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\Shell - "" = AutoRun
O33 - MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2010.09.11 01:09:30 | 002,508,760 | ---- | M] ()
O33 - MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\Shell\AutoRun\command - "" = F:\Autoplay\AutoRun.exe
O33 - MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\Shell - "" = AutoRun
O33 - MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
[2011.04.21 17:33:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rpld.sys
[2011.04.21 17:33:13 | 000,000,234 | ---- | M] () -- C:\Windows\System32\pbucn
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2011, 23:02   #5
brote
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Bing" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.bing.com/search?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr
Prefs.js: "chrf-ytbm" removed from browser.search.param.yahoo-fr-cjkt
Prefs.js: "hxxp://www.mydtzone.com/startpage|hxxp://go.microsoft.com/fwlink/?LinkId=69157" removed from browser.startup.homepage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{299b1013-523f-11e0-ba6d-001e101f2b52}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{299b1013-523f-11e0-ba6d-001e101f2b52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{299b1013-523f-11e0-ba6d-001e101f2b52}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37e507aa-4feb-11e0-ae87-001fcf40ac41}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37e507ac-4feb-11e0-ae87-001fcf40ac41}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37e507bb-4feb-11e0-ae87-001fcf40ac41}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b919da8-0768-11df-9993-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b919da8-0768-11df-9993-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b919da8-0768-11df-9993-806e6f6e6963}\ not found.
File move failed. E:\Installer.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2ca8-4d77-11e0-b997-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2cab-4d77-11e0-b997-00030d42d6bb}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2cb8-4d77-11e0-b997-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52bb2cbc-4d77-11e0-b997-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfb91a-67fc-11e0-aa82-00030d42d6bb}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfba41-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfba41-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfba41-67fc-11e0-aa82-001e101f9843}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfba96-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfba96-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfba96-67fc-11e0-aa82-001e101f9843}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfba98-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfba98-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfba98-67fc-11e0-aa82-001e101f9843}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfbac4-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfbac4-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfbac4-67fc-11e0-aa82-001e101f9843}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfbac6-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63cfbac6-67fc-11e0-aa82-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63cfbac6-67fc-11e0-aa82-001e101f9843}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644370d4-4f31-11e0-bedf-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{644370d4-4f31-11e0-bedf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{644370d4-4f31-11e0-bedf-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{806e08c9-5e72-11e0-96f1-001fcf40ac41}\ not found.
File F:\Autoplay\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430fa80-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430fa80-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430fa80-589a-11e0-a192-001fcf40ac41}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430fa88-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430fa88-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430fa88-589a-11e0-a192-001fcf40ac41}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430faac-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430faac-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430faac-589a-11e0-a192-001fcf40ac41}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430fae8-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9430fae8-589a-11e0-a192-001fcf40ac41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9430fae8-589a-11e0-a192-001fcf40ac41}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eebcd-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eebcd-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eebcd-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eebdb-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eebdb-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eebdb-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eebf8-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eebf8-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eebf8-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eec0d-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eec0d-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eec0d-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed1a-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed1a-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed1a-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed28-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed28-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed28-52cc-11e0-9273-00030d42d6bb}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed4d-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed4d-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed4d-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed50-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed50-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed50-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed5a-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{973eed5a-52cc-11e0-9273-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{973eed5a-52cc-11e0-9273-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa0254e3-52c1-11e0-b9c0-00030d42d6bb}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa0254ee-52c1-11e0-b9c0-00030d42d6bb}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa025509-52c1-11e0-b9c0-00030d42d6bb}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa02551c-52c1-11e0-b9c0-00030d42d6bb}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa025527-52c1-11e0-b9c0-00030d42d6bb}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa025544-52c1-11e0-b9c0-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d40c44b0-52ca-11e0-badb-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e50db7-bd67-11df-bdb4-00030d42d6bb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
File C:\Windows\System32\drivers\rpld.sys not found.
File C:\Windows\System32\pbucn not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Benjamin
->Temp folder emptied: 600638 bytes
->Temporary Internet Files folder emptied: 3655949 bytes
->Java cache emptied: 4649170 bytes
->FireFox cache emptied: 54819093 bytes
->Flash cache emptied: 63891 bytes

User: Benjamin2
->Temp folder emptied: 9202178 bytes
->Temporary Internet Files folder emptied: 6751679 bytes
->FireFox cache emptied: 45661898 bytes
->Flash cache emptied: 2530 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 4253753 bytes
->Temporary Internet Files folder emptied: 95085 bytes
->FireFox cache emptied: 69722595 bytes
->Flash cache emptied: 815 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2088662 bytes
RecycleBin emptied: 6818103 bytes

Total Files Cleaned = 199,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04212011_225631

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Installer.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Alt 21.04.2011, 23:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> TR/kazy.mekml, Festplatte beschädigt, Dateien weg

Alt 21.04.2011, 23:37   #7
brote
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Das Log des Programms ist nach ausführen komplett leer!

Alt 21.04.2011, 23:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Du hast es auch nach Anleitung und mit Adminrechten ausgeführt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2011, 00:04   #9
brote
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Alles wies da stand! Auf den Desktop gepackt, mit Adminrechten gestartet, gescannt und nach dem Scan geht ja dann ein Fenster auf und da steht der hat nichts gefunden!
Das einzige was ich habe ist der Report beim Programmstart:
2011/04/22 00:00:49.0939 4124 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/22 00:00:50.0190 4124 ================================================================================
2011/04/22 00:00:50.0190 4124 SystemInfo:
2011/04/22 00:00:50.0190 4124
2011/04/22 00:00:50.0190 4124 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/22 00:00:50.0190 4124 Product type: Workstation
2011/04/22 00:00:50.0190 4124 ComputerName: BENJAMIN-NB
2011/04/22 00:00:50.0191 4124 UserName: Benjamin
2011/04/22 00:00:50.0191 4124 Windows directory: C:\Windows
2011/04/22 00:00:50.0191 4124 System windows directory: C:\Windows
2011/04/22 00:00:50.0191 4124 Processor architecture: Intel x86
2011/04/22 00:00:50.0191 4124 Number of processors: 2
2011/04/22 00:00:50.0191 4124 Page size: 0x1000
2011/04/22 00:00:50.0191 4124 Boot type: Normal boot
2011/04/22 00:00:50.0191 4124 ================================================================================
2011/04/22 00:00:50.0665 4124 Initialize success
2011/04/22 00:00:53.0286 4584 ================================================================================
2011/04/22 00:00:53.0286 4584 Scan started
2011/04/22 00:00:53.0286 4584 Mode: Manual;
2011/04/22 00:00:53.0286 4584 ================================================================================
2011/04/22 00:00:53.0951 4584 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/22 00:00:54.0003 4584 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/22 00:00:54.0044 4584 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/22 00:00:54.0104 4584 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/22 00:00:54.0130 4584 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/22 00:00:54.0151 4584 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/22 00:00:54.0217 4584 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/22 00:00:54.0248 4584 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/22 00:00:54.0295 4584 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/22 00:00:54.0346 4584 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/22 00:00:54.0379 4584 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/22 00:00:54.0410 4584 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/22 00:00:54.0452 4584 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/22 00:00:54.0484 4584 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/22 00:00:54.0520 4584 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/22 00:00:54.0551 4584 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/22 00:00:54.0576 4584 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/22 00:00:54.0634 4584 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/22 00:00:54.0712 4584 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/22 00:00:54.0745 4584 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/22 00:00:54.0797 4584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/22 00:00:54.0818 4584 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/22 00:00:54.0901 4584 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) D:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/22 00:00:54.0941 4584 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/22 00:00:54.0983 4584 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/22 00:00:55.0070 4584 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/22 00:00:55.0117 4584 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/22 00:00:55.0167 4584 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/22 00:00:55.0223 4584 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/22 00:00:55.0268 4584 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/22 00:00:55.0295 4584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/22 00:00:55.0324 4584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/22 00:00:55.0351 4584 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/22 00:00:55.0384 4584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/22 00:00:55.0418 4584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/22 00:00:55.0441 4584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/22 00:00:55.0491 4584 BthAvrcp (db99076533ffb38cbec8ac88e4535850) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/22 00:00:55.0550 4584 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/22 00:00:55.0582 4584 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/22 00:00:55.0609 4584 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/22 00:00:55.0774 4584 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2011/04/22 00:00:55.0826 4584 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/22 00:00:55.0871 4584 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/22 00:00:55.0950 4584 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/22 00:00:55.0990 4584 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/22 00:00:56.0032 4584 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/22 00:00:56.0071 4584 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/22 00:00:56.0107 4584 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/22 00:00:56.0145 4584 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/22 00:00:56.0178 4584 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/22 00:00:56.0219 4584 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/22 00:00:56.0268 4584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/22 00:00:56.0339 4584 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/22 00:00:56.0398 4584 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/22 00:00:56.0425 4584 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/22 00:00:56.0470 4584 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/22 00:00:56.0541 4584 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/22 00:00:56.0586 4584 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/04/22 00:00:56.0654 4584 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/22 00:00:56.0769 4584 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/22 00:00:56.0851 4584 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/22 00:00:56.0885 4584 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/22 00:00:56.0985 4584 ewusbnet (7c18a6c99f4119d361a5ca028e788648) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/22 00:00:57.0022 4584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/22 00:00:57.0054 4584 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/22 00:00:57.0103 4584 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/22 00:00:57.0145 4584 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/22 00:00:57.0171 4584 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/22 00:00:57.0197 4584 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/22 00:00:57.0241 4584 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/22 00:00:57.0280 4584 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/22 00:00:57.0321 4584 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/22 00:00:57.0358 4584 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/22 00:00:57.0424 4584 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/22 00:00:57.0475 4584 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/22 00:00:57.0513 4584 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/22 00:00:57.0569 4584 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/04/22 00:00:57.0604 4584 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/04/22 00:00:57.0638 4584 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/22 00:00:57.0728 4584 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/22 00:00:57.0779 4584 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/22 00:00:57.0814 4584 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/22 00:00:57.0846 4584 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/22 00:00:57.0885 4584 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/22 00:00:57.0937 4584 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/22 00:00:57.0994 4584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/22 00:00:58.0043 4584 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/22 00:00:58.0139 4584 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/22 00:00:58.0162 4584 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/22 00:00:58.0245 4584 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/22 00:00:58.0294 4584 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/22 00:00:58.0327 4584 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/22 00:00:58.0467 4584 IntcAzAudAddService (a9d92a2d9f583892c91202502d979be1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/22 00:00:58.0548 4584 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/22 00:00:58.0593 4584 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/22 00:00:58.0628 4584 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/22 00:00:58.0677 4584 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/22 00:00:58.0709 4584 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/22 00:00:58.0758 4584 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/22 00:00:58.0793 4584 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/22 00:00:58.0823 4584 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/22 00:00:58.0866 4584 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/22 00:00:58.0899 4584 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/22 00:00:58.0936 4584 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/22 00:00:58.0981 4584 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/22 00:00:59.0053 4584 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/22 00:00:59.0108 4584 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/22 00:00:59.0139 4584 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/22 00:00:59.0164 4584 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/22 00:00:59.0196 4584 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/22 00:00:59.0224 4584 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/22 00:00:59.0287 4584 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
2011/04/22 00:00:59.0394 4584 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/22 00:00:59.0435 4584 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/22 00:00:59.0469 4584 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/22 00:00:59.0529 4584 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
2011/04/22 00:00:59.0566 4584 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/22 00:00:59.0605 4584 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/22 00:00:59.0655 4584 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/22 00:00:59.0679 4584 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/22 00:00:59.0716 4584 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/22 00:00:59.0748 4584 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/22 00:00:59.0782 4584 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/22 00:00:59.0839 4584 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/22 00:00:59.0869 4584 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/22 00:00:59.0896 4584 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/22 00:00:59.0931 4584 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/22 00:00:59.0960 4584 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/22 00:01:00.0012 4584 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/22 00:01:00.0041 4584 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/22 00:01:00.0060 4584 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/22 00:01:00.0115 4584 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/22 00:01:00.0147 4584 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/22 00:01:00.0171 4584 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/22 00:01:00.0197 4584 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/22 00:01:00.0235 4584 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/22 00:01:00.0267 4584 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/22 00:01:00.0299 4584 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/22 00:01:00.0324 4584 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/22 00:01:00.0374 4584 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/22 00:01:00.0429 4584 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/22 00:01:00.0466 4584 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/22 00:01:00.0502 4584 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/22 00:01:00.0534 4584 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/22 00:01:00.0567 4584 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/22 00:01:00.0593 4584 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/22 00:01:00.0626 4584 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/22 00:01:00.0658 4584 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/22 00:01:01.0048 4584 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/04/22 00:01:01.0178 4584 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/22 00:01:01.0260 4584 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/22 00:01:01.0287 4584 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/22 00:01:01.0338 4584 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/22 00:01:01.0368 4584 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/22 00:01:01.0564 4584 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/22 00:01:01.0728 4584 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/22 00:01:01.0762 4584 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/22 00:01:01.0795 4584 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/22 00:01:01.0828 4584 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/22 00:01:01.0907 4584 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/22 00:01:01.0939 4584 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/22 00:01:01.0970 4584 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/22 00:01:01.0995 4584 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/22 00:01:02.0025 4584 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/22 00:01:02.0054 4584 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/22 00:01:02.0075 4584 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/22 00:01:02.0121 4584 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/22 00:01:02.0213 4584 PID_0920 (a937c4e37c0c1003ce5fca1e5e103fdc) C:\Windows\system32\DRIVERS\LV532AV.SYS
2011/04/22 00:01:02.0289 4584 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/22 00:01:02.0319 4584 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/22 00:01:02.0380 4584 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/22 00:01:02.0446 4584 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
2011/04/22 00:01:02.0513 4584 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/22 00:01:02.0561 4584 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/22 00:01:02.0588 4584 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/22 00:01:02.0620 4584 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/22 00:01:02.0688 4584 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/22 00:01:02.0727 4584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/22 00:01:02.0759 4584 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/22 00:01:02.0786 4584 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/22 00:01:02.0816 4584 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/22 00:01:02.0841 4584 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/22 00:01:02.0861 4584 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/22 00:01:02.0913 4584 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/22 00:01:02.0958 4584 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/22 00:01:02.0995 4584 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/22 00:01:03.0035 4584 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/22 00:01:03.0070 4584 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/22 00:01:03.0139 4584 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/22 00:01:03.0209 4584 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/22 00:01:03.0273 4584 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/04/22 00:01:03.0328 4584 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/04/22 00:01:03.0359 4584 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/04/22 00:01:03.0392 4584 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/04/22 00:01:03.0430 4584 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/04/22 00:01:03.0461 4584 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/04/22 00:01:03.0498 4584 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/04/22 00:01:03.0542 4584 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/04/22 00:01:03.0579 4584 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/22 00:01:03.0633 4584 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/22 00:01:03.0669 4584 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/22 00:01:03.0719 4584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/22 00:01:03.0779 4584 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/04/22 00:01:03.0825 4584 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/22 00:01:03.0853 4584 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/22 00:01:03.0893 4584 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/22 00:01:03.0937 4584 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/22 00:01:03.0972 4584 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/22 00:01:04.0008 4584 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/22 00:01:04.0042 4584 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/22 00:01:04.0137 4584 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/04/22 00:01:04.0192 4584 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/04/22 00:01:04.0245 4584 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/04/22 00:01:04.0268 4584 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/04/22 00:01:04.0331 4584 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/22 00:01:04.0377 4584 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/22 00:01:04.0413 4584 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/22 00:01:04.0462 4584 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/22 00:01:04.0547 4584 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
2011/04/22 00:01:04.0604 4584 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/22 00:01:04.0678 4584 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/04/22 00:01:04.0716 4584 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/22 00:01:04.0748 4584 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/22 00:01:04.0799 4584 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/22 00:01:04.0838 4584 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/22 00:01:04.0880 4584 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/22 00:01:04.0915 4584 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/22 00:01:04.0944 4584 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/22 00:01:05.0036 4584 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/22 00:01:05.0100 4584 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/22 00:01:05.0137 4584 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/22 00:01:05.0170 4584 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/22 00:01:05.0201 4584 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/22 00:01:05.0228 4584 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/22 00:01:05.0252 4584 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/22 00:01:05.0363 4584 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/04/22 00:01:05.0401 4584 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/22 00:01:05.0465 4584 TTCinergyT2 (a4a06dda70c8e7439c08b501408ad9d7) C:\Windows\system32\drivers\TTCinergyT2BDA.sys
2011/04/22 00:01:05.0528 4584 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/22 00:01:05.0556 4584 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/22 00:01:05.0586 4584 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/22 00:01:05.0642 4584 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/22 00:01:05.0684 4584 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/22 00:01:05.0722 4584 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/22 00:01:05.0793 4584 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/22 00:01:05.0856 4584 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/22 00:01:05.0890 4584 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/22 00:01:05.0925 4584 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/22 00:01:05.0948 4584 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/22 00:01:06.0005 4584 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/22 00:01:06.0035 4584 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/22 00:01:06.0075 4584 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/22 00:01:06.0146 4584 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/22 00:01:06.0176 4584 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/22 00:01:06.0201 4584 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/22 00:01:06.0256 4584 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/22 00:01:06.0297 4584 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/22 00:01:06.0328 4584 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/22 00:01:06.0366 4584 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/22 00:01:06.0405 4584 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/22 00:01:06.0441 4584 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/22 00:01:06.0476 4584 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/22 00:01:06.0522 4584 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/22 00:01:06.0556 4584 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/22 00:01:06.0575 4584 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/22 00:01:06.0605 4584 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/22 00:01:06.0630 4584 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/22 00:01:06.0691 4584 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/04/22 00:01:06.0759 4584 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/04/22 00:01:06.0789 4584 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/04/22 00:01:06.0838 4584 vpcuxd (f49c0d1f8dae860ee47e5f34ac0f6008) C:\Windows\system32\DRIVERS\vpcuxd.sys
2011/04/22 00:01:06.0903 4584 vpcvmm (5ed378d91e32134f3c0b3810860ffd71) C:\Windows\system32\drivers\vpcvmm.sys
2011/04/22 00:01:06.0952 4584 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/22 00:01:06.0984 4584 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/22 00:01:07.0045 4584 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/22 00:01:07.0089 4584 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 00:01:07.0102 4584 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 00:01:07.0169 4584 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/22 00:01:07.0199 4584 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/22 00:01:07.0279 4584 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/22 00:01:07.0310 4584 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/22 00:01:07.0408 4584 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/22 00:01:07.0449 4584 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/22 00:01:07.0511 4584 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/22 00:01:07.0590 4584 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/22 00:01:07.0634 4584 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/22 00:01:07.0766 4584 ================================================================================
2011/04/22 00:01:07.0766 4584 Scan finished
2011/04/22 00:01:07.0766 4584 ================================================================================

Alt 22.04.2011, 12:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.04.2011, 13:28   #11
brote
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-21.04 - Benjamin 22.04.2011  13:17:00.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2046.1331 [GMT 2:00]
ausgeführt von:: c:\users\Benjamin\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpeA454.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-22 bis 2011-04-22  ))))))))))))))))))))))))))))))
.
.
2011-04-22 11:22 . 2011-04-22 11:23	--------	d-----w-	c:\users\Benjamin\AppData\Local\temp
2011-04-22 11:22 . 2011-04-22 11:22	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-04-22 11:22 . 2011-04-22 11:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-22 11:22 . 2011-04-22 11:22	--------	d-----w-	c:\users\Benjamin2\AppData\Local\temp
2011-04-21 16:47 . 2011-04-21 16:47	--------	d-----w-	c:\program files\CCleaner
2011-04-21 15:08 . 2011-04-21 15:08	--------	d-----w-	c:\users\Benjamin2\AppData\Roaming\Malwarebytes
2011-04-21 14:51 . 2011-04-21 14:51	--------	d--h--w-	c:\users\Benjamin\AppData\Roaming\Malwarebytes
2011-04-21 14:51 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 14:51 . 2011-04-21 14:51	--------	d--h--w-	c:\programdata\Malwarebytes
2011-04-21 14:51 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-11 17:08 . 1999-12-17 06:13	86016	----a-w-	c:\windows\unvise32.exe
2011-04-08 16:28 . 2011-04-08 16:28	218688	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-08 16:28 . 2011-04-08 16:28	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2011-04-08 16:27 . 2011-04-08 16:31	--------	d--h--w-	c:\users\Benjamin\AppData\Roaming\DAEMON Tools Lite
2011-04-08 16:27 . 2011-04-08 16:27	--------	d--h--w-	c:\programdata\DAEMON Tools Lite
2011-04-03 16:29 . 2011-04-14 12:20	--------	d--h--w-	c:\programdata\VirtualizedApplications
2011-04-03 14:18 . 2011-04-03 14:18	--------	d--h--w-	c:\users\Benjamin\AppData\Local\SoftGrid Client
2011-04-03 14:17 . 2011-04-21 12:57	--------	d--h--w-	c:\users\Benjamin\AppData\Roaming\SoftGrid Client
2011-04-03 14:16 . 2011-04-04 04:00	--------	d-----w-	c:\program files\Microsoft Application Virtualization Client
2011-04-03 14:15 . 2011-04-03 14:19	--------	d--h--w-	c:\users\Benjamin\AppData\Roaming\TP
2011-03-29 17:38 . 2011-03-29 18:34	--------	d--h--w-	c:\users\Benjamin\AppData\Roaming\Ventrilo
2011-03-27 23:11 . 2011-03-27 23:11	--------	d--h--w-	c:\users\Benjamin\AppData\Roaming\Hi-Rez Studios
2011-03-27 23:11 . 2011-04-21 16:15	--------	d--h--w-	c:\programdata\Hi-Rez Studios
2011-03-27 16:51 . 2011-03-27 16:51	--------	d--h--w-	c:\users\Benjamin\AppData\Local\CrashRpt
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 14:55 . 2011-03-18 14:55	8464	----a-w-	c:\windows\system32\SpOrder.dll
2011-02-19 05:33 . 2011-03-09 11:49	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 11:49	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 11:49	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-11 06:54 . 2011-03-08 14:02	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AB3F3FA-78B9-403F-8353-EDCC065B3D7D}\mpengine.dll
2011-02-03 05:45 . 2011-02-10 16:30	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2010-01-22 15:42	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"Malwarebytes' Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Benjamin2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-15 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08	209153	----a-w-	d:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
2010-12-16 12:22	54664	----a-w-	d:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39	1164584	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 16:32	155648	----a-w-	d:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 16:31	61440	----a-w-	d:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 15:54	127022	----a-w-	c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-01-30 07:12	13605408	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-01-30 07:12	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2002-12-10 16:34	638976	----a-w-	c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2010-06-09 09:47	1689088	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-19 18:10	8452640	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenManager Pro for LCD]
2009-03-02 04:07	12080424	----a-w-	d:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14	1173504	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-03 14:44	15028104	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 13:46	1458176	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17	434176	----a-w-	d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-31 198656]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-07-29 13224]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 TTCinergyT2;TerraTec Cinergy T² (BDA);c:\windows\system32\drivers\TTCinergyT2BDA.sys [2005-10-06 22528]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-27 1343400]
R4 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-08 218688]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacom\x86\novacomd.exe [2010-01-12 33792]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 WTGService;WTGService;d:\program files\Verbindungsassistent\wtgservice.exe [2010-09-11 329168]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-07-29 27632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = localhost;*.local
IE: Read with DeskBot - d:\program files\BellCraft.com\DeskBot\DeskBot.htm
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\os8yk4py.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-lxczbmgr - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-22  13:27:29
ComboFix-quarantined-files.txt  2011-04-22 11:27
.
Vor Suchlauf: 1.971.699.712 Bytes frei
Nach Suchlauf: 1.875.353.600 Bytes frei
.
- - End Of File - - 685935A3513C5C27133132C52E515F31
         
--- --- ---

Alt 22.04.2011, 13:38   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Standard

TR/kazy.mekml, Festplatte beschädigt, Dateien weg



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/kazy.mekml, Festplatte beschädigt, Dateien weg
anti-malware, appdata, avgntflt.sys, avira, beschädigt, bluescreen, dateien, dateien weg, desktop, explorer, festplatte, festplatte beschädigt, hallo zusammen, hängt, infiziert, install.exe, kazy.mekml, langs, location, logfile, löschen, microsoft, mozilla thunderbird, nicht gefunden, nvlddmkm.sys, oldtimer, otl.exe, rechner, regedit.exe, remote control, richtlinie, saver, schattenkopien, sched.exe, searchplugins, shell, shell32.dll, software, start menu, taskhost.exe, temp, trojan.fakealert, trojan.zbotr.gen, trojaner, version, video converter, webcheck, windows, windows 7



Ähnliche Themen: TR/kazy.mekml, Festplatte beschädigt, Dateien weg


  1. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 16.02.2018 (27)
  2. Festplatte Cluster beschädigt/Windows Xp Recovery/FakeAlert vermutlich TR/Kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  3. Trojaner Kazy.mekml / kein zugriff mehr auf die Festplatte
    Plagegeister aller Art und deren Bekämpfung - 06.05.2011 (17)
  4. TR/Kazy.mekml.1 - Festplatte beschädigt, Datein versteckt
    Log-Analyse und Auswertung - 04.05.2011 (11)
  5. TR/Kazy.mekml.1 Infektion, dateien weg, festplatte beschädigt!
    Log-Analyse und Auswertung - 02.05.2011 (18)
  6. TR/Kazy.mekml.1 - Festplattenfehler, Dateien versteckt
    Log-Analyse und Auswertung - 02.05.2011 (27)
  7. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  8. TR/Kazy.mekml.1, Festplatte beschädigt, Dateien nicht sichtbar
    Log-Analyse und Auswertung - 29.04.2011 (7)
  9. TR/Kazy.mekml.1 Festplatte C und D leer
    Log-Analyse und Auswertung - 29.04.2011 (23)
  10. Windows Securtiy Alert. Virus. Festplatte beschädigt. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (8)
  11. TR/Kazy.mekml.1 - Festplatte beschädigt. Das System hat ein Problem mit...
    Log-Analyse und Auswertung - 28.04.2011 (6)
  12. TR/Kazy.mekml.1, festplatten cluster beschädigt, daten nicht mehr lesbar, schwarzer hintergrund
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  13. TR/Kazy.mekml.1 - Dateien verschwunden,
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  14. TR/Kazy.mekml.1 meldet Kritischen Fehler der Festplatte
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (15)
  15. tr/kazy.mekml.1' desktop dateien weg
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. tr kazy.mekml.1 - dateien wieder sichtbar machen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  17. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)

Zum Thema TR/kazy.mekml, Festplatte beschädigt, Dateien weg - Hallo zusammen! Ich habe mich hier angemeldet, weil auch mein Rechner mit dem Trojaner Kazy.mekml infiziert ist. Seitdem fehlen Dateien auf meinem Desktop, sowie auf dem restlichen Teil meiner Festplatte. - TR/kazy.mekml, Festplatte beschädigt, Dateien weg...
Archiv
Du betrachtest: TR/kazy.mekml, Festplatte beschädigt, Dateien weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.