Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schwarzer Bildschirm, kein Zugriff auf Festplatte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.05.2011, 22:30   #1
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Hallo!
Ich habe mich eben angemeldet, weil ich ein Problem mit dem Computer habe. Das Betriebssystem ist Windows 7. Plötzlich kamen diese Meldungen:
"Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr".
"Festplatte beschädigt. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA- Festplatten erkannt. Es wird empholen das System neu zu starten"
"Kritischer Fehler. Fehler der Festplatte RAM-Speicher Nutzung ist kritisch hoch. RAM Speicher gescheitert."
Der Bildschirm ist schwarz geworden, die Icons sind verschwunden und ich kann nicht mehr auf meine Daten zugreifen. Ich habe mich im Forum umgeschaut und ähnliche Fälle gefunden. Das ist mein Malware logfile:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6569

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.05.2011 21:41:46
mbam-log-2011-05-13 (21-41-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 229610
Laufzeit: 1 Stunde(n), 5 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vKLuVrOIsaEYCN (Rogue.Installer.Gen) -> Value: vKLuVrOIsaEYCN -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\vkluvroisaeycn.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Lisa\AppData\Local\Temp\5zklycqi.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Lisa\AppData\Local\Temp\k7gnj9eb.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Lisa\AppData\Local\Temp\tmp1565.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Lisa\AppData\LocalLow\Sun\Java\deployment\cache\6.0\22\39e1d656-17e67c7f (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\programdata\31448824.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Und das OTL.TxtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/13/2011 11:06:13 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lisa
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 44.43 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: LISASIHRER | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\asus\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lisa\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsl3a7c6a8d) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89DF136D-E8AE-4214-A117-09D1D7610AEA}\MpKsl3a7c6a8d.sys (Microsoft Corporation)
DRV - (MpKsl4330bb19) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89DF136D-E8AE-4214-A117-09D1D7610AEA}\MpKsl4330bb19.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (asushwio) -- C:\Windows\System32\drivers\ASUSHWIO.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 15:54:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 15:53:04 | 000,000,000 | ---D | M]
 
[2010/04/10 10:55:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
[2011/05/05 04:02:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions
[2010/11/03 01:04:15 | 000,000,000 | -H-D | M] (Forecastfox Weather) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/04/29 16:35:04 | 000,000,000 | -H-D | M] (Winload Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011/04/29 16:35:16 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/29 16:35:02 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/04/24 06:24:17 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/24 06:24:15 | 000,000,000 | -H-D | M] (Download Statusbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/06 11:47:36 | 000,000,000 | -H-D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/29 16:35:14 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\engine@conduit.com
[2010/03/24 16:13:02 | 000,000,917 | -H-- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\88g6p2db.default\searchplugins\conduit.xml
[2011/05/11 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/08/06 06:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 15:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/15 06:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 06:32:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/05/13 22:20:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.122.1.1 71.250.0.12
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\asus\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell - "" = AutoRun
O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/13 23:05:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\OTL.exe
[2011/05/13 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2011/05/13 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 20:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/13 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 20:29:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/13 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 19:05:33 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/11 09:21:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 09:21:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/05/10 19:33:14 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\4.0
[2011/05/10 19:33:10 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\.tfo4
[2011/04/27 19:25:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/27 19:24:50 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/27 19:24:49 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/27 19:24:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe
[2011/04/27 19:23:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/04/27 19:22:29 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/04/15 04:18:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/15 04:18:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/15 04:18:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/15 04:18:36 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/15 04:18:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/15 04:18:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/15 04:18:21 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/15 04:18:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/15 04:18:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/15 04:18:19 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/15 04:18:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/15 04:18:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/15 04:18:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/15 04:18:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/15 04:18:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/15 04:18:17 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/15 04:17:50 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/15 04:17:48 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/15 04:17:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/15 04:17:41 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/15 04:17:40 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2009/08/18 19:14:32 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/13 23:05:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\OTL.exe
[2011/05/13 22:31:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 22:31:10 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/13 22:28:33 | 000,656,266 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/05/13 22:28:33 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/05/13 22:28:33 | 000,131,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/05/13 22:28:33 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/05/13 22:23:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/13 22:23:46 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/13 22:20:02 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/05/13 20:29:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 19:05:33 | 000,000,635 | -H-- | M] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk
[2011/05/13 19:05:19 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31448824
[2011/05/08 19:26:40 | 000,000,100 | -H-- | M] () -- C:\Users\Lisa\Desktop\verkleinerer.set
[2011/04/24 06:20:53 | 000,319,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011/05/13 20:29:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 19:05:33 | 000,000,635 | -H-- | C] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk
[2011/05/13 19:05:18 | 000,000,336 | -H-- | C] () -- C:\ProgramData\31448824
[2010/06/02 13:30:40 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/05/01 15:29:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/22 18:26:06 | 000,014,336 | -H-- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 11:11:48 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/10/26 15:46:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/10/26 10:11:16 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/10/26 10:11:16 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/10/26 10:08:53 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/10/26 10:05:52 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/07/26 03:28:45 | 000,656,266 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 03:28:45 | 000,131,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,319,456 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,618,108 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,107,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
< End of report >
         
--- --- ---



Und das Extras.TxtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 5/13/2011 11:06:13 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lisa
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 44.43 Gb Free Space | 55.53% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: LISASIHRER | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.76
"{470F98FC-4831-4ACB-9A8C-D114ED27C120}" = LocaleMe
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"Audio Tuner" = Audio Tuner (remove only)
"Eee Docking_is1" = Eee Docking 3.6.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemSetting_is1" = SystemSetting
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/12/2010 11:46:43 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 12/22/2010 10:16:53 PM | Computer Name = LisasIhrer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0x2c0 Startzeit der fehlerhaften Anwendung: 0x01cba0c2f30b4091 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: b49a1bb5-0e3a-11e0-9e47-e0cb4e2cc176
 
Error - 12/23/2010 3:41:45 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 12/24/2010 4:10:26 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 12/28/2010 9:02:02 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 1/19/2011 2:13:21 PM | Computer Name = LisasIhrer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.0.0.152, Zeitstempel:
0x4cb31516 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xe0fafafa Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01cbb33020606d50 Pfad der
fehlerhaften Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften
Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: cbb8e2bf-23f7-11e0-9daf-e0cb4e2cc176
 
Error - 1/23/2011 12:52:34 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 1/27/2011 4:27:51 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
Error - 1/27/2011 5:31:17 PM | Computer Name = LisasIhrer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.exe, Version: 6.1.7600.16450,
Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: RSZShell.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x491df3d2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0cd29cf4
ID
des fehlerhaften Prozesses: 0x910 Startzeit der fehlerhaften Anwendung: 0x01cbbb7793cdd5e9
Pfad
der fehlerhaften Anwendung: C:\windows\Explorer.exe Pfad des fehlerhaften Moduls:
RSZShell.dll Berichtskennung: c58ecd38-2a5c-11e0-9d99-e0cb4e2cc176
 
Error - 1/30/2011 11:19:42 PM | Computer Name = LisasIhrer | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 10/14/2010 10:56:30 PM | Computer Name = LisasIhrer | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.91.1720.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
 
    Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.6201.0 Fehlercode:
0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support". 
 
Error - 10/14/2010 10:56:30 PM | Computer Name = LisasIhrer | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen. Neue Signaturversion:
Vorherige Signaturversion: 1.91.1720.0 Aktualisierungsquelle: %%859 Aktualisierungsstufe:
%%853 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
 
    Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.6201.0 Fehlercode:
0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
unter "Hilfe und Support". 
 
Error - 10/15/2010 7:16:37 AM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 10/16/2010 12:25:43 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 10/17/2010 12:55:42 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 10/17/2010 5:44:52 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 10/18/2010 1:08:46 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 10/19/2010 1:01:48 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
Error - 10/19/2010 5:54:11 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
 
Error - 10/19/2010 10:26:43 PM | Computer Name = LisasIhrer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
 
 
< End of report >
         
--- --- ---


Was muss ich als nächstes tun?

Alt 14.05.2011, 17:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 15.05.2011, 16:34   #3
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Ich konnte keine anderen Logfiles finden, deshalb habe ich den Vollscan nocheinmal durchführen lassen. Das ist das Ergebnis:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6585

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.05.2011 17:27:09
mbam-log-2011-05-15 (17-27-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 51099
Laufzeit: 20 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Wie kann ich die anderen Logs sehen?
__________________

Alt 15.05.2011, 16:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alle entfernen und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell - "" = AutoRun
O33 - MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell - "" = AutoRun
O33 - MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
[2011/05/10 19:33:14 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\4.0
[2011/05/10 19:33:10 | 000,000,000 | -H-D | C] -- C:\Users\Lisa\.tfo4
[2011/05/13 19:05:19 | 000,000,336 | -H-- | M] () -- C:\ProgramData\31448824
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Alt 15.05.2011, 17:48   #5
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb65a41e-ca70-11df-9918-e0cb4e2cc176}\ not found.
File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd8a06b4-19c6-11e0-9e13-e0cb4e2cc176}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found.
C:\Users\Lisa\4.0\package folder moved successfully.
C:\Users\Lisa\4.0 folder moved successfully.
C:\Users\Lisa\.tfo4\temp folder moved successfully.
C:\Users\Lisa\.tfo4\.fontRenderer folder moved successfully.
C:\Users\Lisa\.tfo4 folder moved successfully.
C:\ProgramData\31448824 moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05152011_183558


Das ist das Log nach dem Fixen. Er hat aber keinen Neustart gemacht.


Alt 15.05.2011, 18:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Schwarzer Bildschirm, kein Zugriff auf Festplatte

Alt 15.05.2011, 18:45   #7
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Hier ist der Report:

2011/05/15 19:40:54.0892 7928 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 19:40:55.0434 7928 ================================================================================
2011/05/15 19:40:55.0435 7928 SystemInfo:
2011/05/15 19:40:55.0435 7928
2011/05/15 19:40:55.0435 7928 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/15 19:40:55.0435 7928 Product type: Workstation
2011/05/15 19:40:55.0436 7928 ComputerName: LISASIHRER
2011/05/15 19:40:55.0437 7928 UserName: Lisa
2011/05/15 19:40:55.0437 7928 Windows directory: C:\windows
2011/05/15 19:40:55.0437 7928 System windows directory: C:\windows
2011/05/15 19:40:55.0437 7928 Processor architecture: Intel x86
2011/05/15 19:40:55.0438 7928 Number of processors: 2
2011/05/15 19:40:55.0438 7928 Page size: 0x1000
2011/05/15 19:40:55.0438 7928 Boot type: Normal boot
2011/05/15 19:40:55.0438 7928 ================================================================================
2011/05/15 19:40:57.0271 7928 Initialize success
2011/05/15 19:41:02.0577 7128 ================================================================================
2011/05/15 19:41:02.0578 7128 Scan started
2011/05/15 19:41:02.0578 7128 Mode: Manual;
2011/05/15 19:41:02.0578 7128 ================================================================================
2011/05/15 19:41:03.0494 7128 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/05/15 19:41:03.0578 7128 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/05/15 19:41:03.0717 7128 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/05/15 19:41:03.0819 7128 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/05/15 19:41:03.0972 7128 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/05/15 19:41:04.0064 7128 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/05/15 19:41:04.0265 7128 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/05/15 19:41:04.0354 7128 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/05/15 19:41:04.0496 7128 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/05/15 19:41:04.0666 7128 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/05/15 19:41:04.0747 7128 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/05/15 19:41:04.0795 7128 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/05/15 19:41:04.0859 7128 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/05/15 19:41:04.0917 7128 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/05/15 19:41:05.0065 7128 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
2011/05/15 19:41:05.0187 7128 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/05/15 19:41:05.0317 7128 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
2011/05/15 19:41:05.0417 7128 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/05/15 19:41:05.0579 7128 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/05/15 19:41:05.0662 7128 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/05/15 19:41:05.0829 7128 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
2011/05/15 19:41:06.0005 7128 asushwio (b6b5566b24329432e0fd1e4ed15a683b) C:\windows\system32\drivers\asushwio.sys
2011/05/15 19:41:06.0221 7128 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/05/15 19:41:06.0384 7128 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/05/15 19:41:06.0538 7128 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
2011/05/15 19:41:06.0774 7128 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/05/15 19:41:06.0970 7128 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/05/15 19:41:07.0076 7128 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/05/15 19:41:07.0231 7128 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/05/15 19:41:07.0321 7128 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/05/15 19:41:07.0388 7128 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/05/15 19:41:07.0497 7128 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/05/15 19:41:07.0648 7128 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/05/15 19:41:07.0765 7128 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/05/15 19:41:07.0858 7128 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/05/15 19:41:07.0908 7128 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/05/15 19:41:08.0050 7128 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/05/15 19:41:08.0130 7128 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/05/15 19:41:08.0175 7128 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/05/15 19:41:08.0263 7128 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/05/15 19:41:08.0406 7128 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/05/15 19:41:08.0508 7128 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
2011/05/15 19:41:08.0673 7128 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
2011/05/15 19:41:08.0864 7128 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/05/15 19:41:08.0940 7128 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
2011/05/15 19:41:09.0090 7128 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/05/15 19:41:09.0199 7128 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/05/15 19:41:09.0363 7128 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/05/15 19:41:09.0457 7128 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/05/15 19:41:09.0638 7128 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/05/15 19:41:09.0721 7128 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/05/15 19:41:09.0795 7128 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/05/15 19:41:09.0921 7128 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/05/15 19:41:10.0017 7128 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/05/15 19:41:10.0183 7128 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/05/15 19:41:10.0708 7128 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/05/15 19:41:10.0891 7128 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/05/15 19:41:11.0070 7128 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/05/15 19:41:11.0203 7128 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/05/15 19:41:11.0359 7128 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/05/15 19:41:11.0662 7128 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/05/15 19:41:11.0937 7128 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/05/15 19:41:12.0095 7128 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/05/15 19:41:12.0236 7128 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/05/15 19:41:12.0377 7128 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/05/15 19:41:12.0461 7128 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/05/15 19:41:12.0634 7128 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/05/15 19:41:12.0683 7128 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/05/15 19:41:12.0731 7128 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/05/15 19:41:12.0917 7128 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/05/15 19:41:13.0047 7128 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/05/15 19:41:13.0160 7128 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/05/15 19:41:13.0347 7128 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/05/15 19:41:13.0487 7128 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/05/15 19:41:13.0762 7128 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/05/15 19:41:13.0847 7128 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/05/15 19:41:14.0057 7128 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/05/15 19:41:14.0144 7128 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/05/15 19:41:14.0227 7128 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/05/15 19:41:14.0319 7128 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/05/15 19:41:14.0532 7128 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/05/15 19:41:14.0708 7128 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/05/15 19:41:14.0868 7128 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/05/15 19:41:15.0003 7128 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/05/15 19:41:15.0105 7128 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/05/15 19:41:15.0257 7128 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/05/15 19:41:15.0368 7128 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
2011/05/15 19:41:15.0733 7128 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/05/15 19:41:16.0064 7128 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/05/15 19:41:16.0275 7128 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
2011/05/15 19:41:16.0539 7128 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/05/15 19:41:16.0620 7128 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/05/15 19:41:16.0772 7128 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/05/15 19:41:16.0868 7128 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/05/15 19:41:17.0010 7128 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/05/15 19:41:17.0081 7128 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/05/15 19:41:17.0214 7128 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/05/15 19:41:17.0290 7128 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/05/15 19:41:17.0424 7128 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/05/15 19:41:17.0537 7128 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/05/15 19:41:17.0692 7128 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
2011/05/15 19:41:17.0774 7128 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/05/15 19:41:17.0854 7128 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/05/15 19:41:18.0015 7128 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
2011/05/15 19:41:18.0162 7128 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/05/15 19:41:18.0345 7128 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/05/15 19:41:18.0414 7128 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/05/15 19:41:18.0513 7128 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/05/15 19:41:18.0585 7128 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/05/15 19:41:18.0761 7128 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/05/15 19:41:18.0945 7128 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/05/15 19:41:19.0040 7128 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/05/15 19:41:19.0207 7128 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/05/15 19:41:19.0297 7128 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/05/15 19:41:19.0453 7128 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/05/15 19:41:19.0564 7128 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/05/15 19:41:19.0700 7128 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/05/15 19:41:19.0940 7128 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/05/15 19:41:20.0055 7128 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/05/15 19:41:20.0421 7128 MpKsl78d785e3 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55E50FA0-CF29-450A-BC25-04E7FC49D8BD}\MpKsl78d785e3.sys
2011/05/15 19:41:20.0710 7128 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/05/15 19:41:20.0788 7128 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/05/15 19:41:20.0935 7128 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/05/15 19:41:21.0036 7128 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/05/15 19:41:21.0186 7128 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/05/15 19:41:21.0270 7128 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/05/15 19:41:21.0397 7128 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/05/15 19:41:21.0470 7128 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/05/15 19:41:21.0647 7128 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/05/15 19:41:21.0719 7128 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/05/15 19:41:21.0776 7128 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/05/15 19:41:21.0949 7128 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/05/15 19:41:22.0132 7128 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/05/15 19:41:22.0177 7128 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/05/15 19:41:22.0273 7128 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/05/15 19:41:22.0429 7128 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/05/15 19:41:22.0480 7128 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/05/15 19:41:22.0538 7128 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/05/15 19:41:22.0673 7128 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/05/15 19:41:22.0758 7128 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/05/15 19:41:22.0915 7128 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/05/15 19:41:23.0072 7128 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/05/15 19:41:23.0150 7128 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/05/15 19:41:23.0210 7128 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/05/15 19:41:23.0342 7128 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/05/15 19:41:23.0408 7128 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/05/15 19:41:23.0545 7128 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/05/15 19:41:23.0624 7128 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/05/15 19:41:23.0853 7128 netr28 (596e25b4631df2be98fd2bade8bcc625) C:\windows\system32\DRIVERS\netr28.sys
2011/05/15 19:41:24.0069 7128 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/05/15 19:41:24.0174 7128 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/15 19:41:24.0347 7128 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/05/15 19:41:24.0439 7128 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/05/15 19:41:24.0564 7128 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
2011/05/15 19:41:24.0737 7128 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/05/15 19:41:24.0832 7128 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
2011/05/15 19:41:24.0965 7128 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
2011/05/15 19:41:25.0059 7128 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/05/15 19:41:25.0205 7128 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/05/15 19:41:25.0325 7128 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/05/15 19:41:25.0378 7128 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/05/15 19:41:25.0503 7128 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/05/15 19:41:25.0607 7128 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/05/15 19:41:25.0665 7128 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/05/15 19:41:25.0822 7128 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/05/15 19:41:25.0881 7128 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/05/15 19:41:25.0957 7128 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/05/15 19:41:26.0332 7128 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/05/15 19:41:26.0399 7128 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/05/15 19:41:26.0591 7128 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/05/15 19:41:26.0705 7128 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/05/15 19:41:26.0914 7128 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/05/15 19:41:26.0993 7128 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/05/15 19:41:27.0051 7128 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/05/15 19:41:27.0193 7128 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/05/15 19:41:27.0310 7128 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/05/15 19:41:27.0471 7128 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/05/15 19:41:27.0529 7128 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/05/15 19:41:27.0608 7128 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/05/15 19:41:27.0761 7128 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/05/15 19:41:27.0880 7128 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/05/15 19:41:28.0032 7128 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/05/15 19:41:28.0118 7128 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/05/15 19:41:28.0190 7128 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/05/15 19:41:28.0328 7128 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/05/15 19:41:28.0458 7128 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/05/15 19:41:28.0684 7128 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/05/15 19:41:28.0797 7128 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/05/15 19:41:28.0974 7128 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/05/15 19:41:29.0181 7128 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/05/15 19:41:29.0292 7128 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/05/15 19:41:29.0437 7128 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/05/15 19:41:29.0585 7128 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/05/15 19:41:29.0725 7128 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/05/15 19:41:29.0788 7128 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/05/15 19:41:29.0953 7128 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/05/15 19:41:30.0020 7128 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/05/15 19:41:30.0114 7128 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/05/15 19:41:30.0200 7128 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/05/15 19:41:30.0326 7128 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/05/15 19:41:30.0425 7128 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/05/15 19:41:30.0630 7128 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/05/15 19:41:30.0873 7128 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/05/15 19:41:30.0946 7128 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/05/15 19:41:31.0008 7128 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/05/15 19:41:31.0173 7128 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/05/15 19:41:31.0279 7128 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/05/15 19:41:31.0462 7128 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
2011/05/15 19:41:31.0661 7128 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/05/15 19:41:31.0886 7128 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/05/15 19:41:32.0061 7128 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/05/15 19:41:32.0201 7128 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/05/15 19:41:32.0330 7128 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/05/15 19:41:32.0424 7128 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/05/15 19:41:32.0633 7128 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/05/15 19:41:32.0840 7128 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/05/15 19:41:32.0997 7128 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/05/15 19:41:33.0078 7128 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/05/15 19:41:33.0155 7128 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/05/15 19:41:33.0369 7128 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/05/15 19:41:33.0453 7128 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/05/15 19:41:33.0627 7128 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/05/15 19:41:33.0757 7128 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/05/15 19:41:33.0889 7128 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/05/15 19:41:33.0970 7128 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/05/15 19:41:34.0091 7128 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/05/15 19:41:34.0221 7128 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/05/15 19:41:34.0332 7128 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/05/15 19:41:34.0439 7128 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\drivers\USBSTOR.SYS
2011/05/15 19:41:34.0551 7128 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/05/15 19:41:34.0679 7128 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/05/15 19:41:34.0845 7128 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/05/15 19:41:34.0955 7128 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/05/15 19:41:35.0077 7128 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/05/15 19:41:35.0197 7128 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/05/15 19:41:35.0309 7128 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/05/15 19:41:35.0404 7128 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/05/15 19:41:35.0467 7128 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/05/15 19:41:35.0529 7128 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/05/15 19:41:35.0655 7128 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/05/15 19:41:35.0774 7128 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/05/15 19:41:35.0910 7128 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/05/15 19:41:36.0024 7128 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/05/15 19:41:36.0154 7128 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/05/15 19:41:36.0323 7128 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/05/15 19:41:36.0431 7128 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/05/15 19:41:36.0571 7128 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/15 19:41:36.0644 7128 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/05/15 19:41:36.0786 7128 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/05/15 19:41:36.0889 7128 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/05/15 19:41:37.0191 7128 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/05/15 19:41:37.0320 7128 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/05/15 19:41:37.0635 7128 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/05/15 19:41:37.0814 7128 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/05/15 19:41:37.0932 7128 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/05/15 19:41:38.0067 7128 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/05/15 19:41:38.0259 7128 ================================================================================
2011/05/15 19:41:38.0260 7128 Scan finished
2011/05/15 19:41:38.0260 7128 ================================================================================

Alt 15.05.2011, 19:19   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 15.05.2011, 19:58   #9
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Wie deaktiviere ich antivirus: Microsoft Security Essentials und antispyware Microsoft Security Essentials?

Alt 15.05.2011, 20:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Es ist dir ausdrücklich erlaubt, solche einfachen Sachen selbst zu recherchieren
Unter Einstellungen den oberen Haken rausnehmen (Echtzeitschutz)


Alt 16.05.2011, 02:52   #11
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-15.03 - Lisa 16.05.2011   3:11.1.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.2039.1170 [GMT 2:00]
ausgeführt von:: c:\users\Lisa\Desktop\cofi.exe.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Lisa\OTL.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-16 bis 2011-05-16  ))))))))))))))))))))))))))))))
.
.
2011-05-16 01:42 . 2011-05-16 01:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-15 16:35 . 2011-05-15 16:35	--------	d-----w-	C:\_OTL
2011-05-13 18:29 . 2011-05-13 18:29	--------	d-----w-	c:\users\Lisa\AppData\Roaming\Malwarebytes
2011-05-13 18:29 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 18:29 . 2011-05-13 18:29	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-13 18:29 . 2011-05-13 18:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-13 18:29 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-11 13:53 . 2011-04-14 16:26	711672	----a-w-	c:\program files\Mozilla Firefox\helper.exe
2011-05-11 13:53 . 2011-04-14 16:26	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-11 13:53 . 2011-04-14 16:25	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-11 13:53 . 2011-04-14 16:25	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-11 13:53 . 2011-04-14 16:25	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-11 13:53 . 2011-04-14 16:25	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-11 13:53 . 2011-04-14 16:25	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-11 13:53 . 2010-01-01 08:00	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-11 13:53 . 2010-01-01 08:00	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-11 07:21 . 2011-04-09 06:13	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-05-11 07:21 . 2011-04-09 06:13	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-27 17:25 . 2011-02-18 05:33	31232	----a-w-	c:\windows\system32\prevhost.exe
2011-04-27 17:24 . 2011-03-11 05:44	143744	----a-w-	c:\windows\system32\drivers\nvstor.sys
2011-04-27 17:24 . 2011-03-11 05:44	1210240	----a-w-	c:\windows\system32\drivers\ntfs.sys
2011-04-27 17:24 . 2011-03-11 05:44	117120	----a-w-	c:\windows\system32\drivers\nvraid.sys
2011-04-27 17:24 . 2011-03-11 05:43	80256	----a-w-	c:\windows\system32\drivers\amdsata.sys
2011-04-27 17:24 . 2011-03-11 05:39	1686016	----a-w-	c:\windows\system32\esent.dll
2011-04-27 17:24 . 2011-03-11 05:44	146304	----a-w-	c:\windows\system32\drivers\storport.sys
2011-04-27 17:24 . 2011-03-11 05:43	332160	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2011-04-27 17:24 . 2011-03-11 05:43	22400	----a-w-	c:\windows\system32\drivers\amdxata.sys
2011-04-27 17:24 . 2011-03-11 05:37	74240	----a-w-	c:\windows\system32\fsutil.exe
2011-04-27 17:23 . 2011-03-12 11:31	442880	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-27 17:22 . 2011-02-26 05:33	2614784	----a-w-	c:\windows\explorer.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 05:40 . 2011-04-15 02:17	1137664	----a-w-	c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-15 02:17	1164288	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-15 02:17	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-15 02:18	132608	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-15 02:18	28672	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-15 02:17	2331136	----a-w-	c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-15 02:17	288256	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-15 02:18	981504	----a-w-	c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-15 02:18	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-15 02:18	386048	----a-w-	c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-15 02:18	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-02-23 05:06 . 2011-04-15 02:18	311296	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-15 02:18	309760	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-15 02:18	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-15 02:17	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-15 02:17	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-15 02:17	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-15 02:17	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-02-19 05:33 . 2011-03-09 04:04	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 04:04	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 04:04	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-04-15 02:18	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-15 02:18	294912	----a-w-	c:\windows\system32\atmfd.dll
2011-02-18 05:36 . 2011-04-15 02:18	428032	----a-w-	c:\windows\system32\vbscript.dll
2011-04-14 16:26 . 2011-05-11 13:53	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45	2355224	----a-w-	c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24	2736736	----a-w-	c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"PDFPrint"="c:\users\Lisa\Downloads\PDF24\pdf24.exe" [2010-12-14 216456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 MpKsl3d69d22b;MpKsl3d69d22b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2364BB9-7D04-4D43-9424-BA14B0398E10}\MpKsl3d69d22b.sys [x]
R1 MpKslee86f52e;MpKslee86f52e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{645E8158-4B5F-4626-9DD0-AEC15A0DF0BB}\MpKslee86f52e.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-09-11 626688]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 MpKsl4330bb19;MpKsl4330bb19;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89DF136D-E8AE-4214-A117-09D1D7610AEA}\MpKsl4330bb19.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*NewlyCreated* - MPKSL3695926B
*NewlyCreated* - MPKSL78D785E3
*Deregistered* - klmd25
*Deregistered* - MpKsl3695926b
*Deregistered* - MpKsl78d785e3
*Deregistered* - MpNWMon
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\88g6p2db.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-16  03:48:32
ComboFix-quarantined-files.txt  2011-05-16 01:48
.
Vor Suchlauf: 8 Verzeichnis(se), 47.230.185.472 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 47.077.879.808 Bytes frei
.
- - End Of File - - D423AF3D5F1A7358E296A05F6F5E1AB0
         
--- --- ---

Alt 16.05.2011, 12:00   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Zitat:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
hast du diese Toolbars noch nicht deinstalliert?

Alt 16.05.2011, 22:40   #13
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Ich habe sie gerade deinstalliert. Um sicher zu gehen, dass sie weg sind, habe ich noch ein OTM Log machen lassen:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 5/16/2011 11:25:48 PM - Run 4
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Lisa\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 43.80 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: LISASIHRER | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lisa\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\Asus\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lisa\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/11 15:54:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 15:53:04 | 000,000,000 | ---D | M]
 
[2010/04/10 10:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
[2011/05/16 23:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions
[2010/11/03 01:04:15 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/04/29 16:35:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/24 06:24:15 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/06 11:47:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/04/29 16:35:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\88g6p2db.default\extensions\engine@conduit.com
[2010/03/24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\88g6p2db.default\searchplugins\conduit.xml
[2011/05/11 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/08/06 06:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/11 15:55:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/15 06:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 06:32:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\88G6P2DB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/05/16 03:43:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Users\Lisa\Downloads\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -  File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.122.1.1 71.250.0.12
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/05/16 03:48:36 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/05/16 03:46:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/16 03:09:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/05/16 03:09:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/05/16 03:09:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/05/16 03:07:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/05/16 02:49:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/05/15 20:58:07 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/05/15 20:34:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/15 19:37:30 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2011/05/15 18:35:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/13 20:29:19 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2011/05/13 20:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/13 20:29:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/13 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/13 20:29:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/13 20:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/13 19:05:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/11 09:21:03 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011/05/11 09:21:02 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/27 19:25:15 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\prevhost.exe
[2011/04/27 19:24:50 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\esent.dll
[2011/04/27 19:24:49 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\storport.sys
[2011/04/27 19:24:48 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fsutil.exe
[2011/04/27 19:23:49 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/04/27 19:22:29 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2009/08/18 19:14:32 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/05/16 22:30:04 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 22:30:03 | 000,009,696 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/16 22:27:42 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/05/16 22:27:42 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/05/16 22:27:42 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/05/16 22:27:42 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/05/16 22:22:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/16 22:22:40 | 1603,723,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 03:43:01 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/05/16 03:07:19 | 004,348,896 | R--- | M] () -- C:\Users\Lisa\Desktop\cofi.exe.exe
[2011/05/15 20:43:44 | 000,013,744 | ---- | M] () -- C:\Users\Lisa\Desktop\firefox - Verknüpfung.lnk
[2011/05/15 19:38:08 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2011/05/13 20:29:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 19:05:33 | 000,000,635 | ---- | M] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk
[2011/05/08 19:26:40 | 000,000,100 | ---- | M] () -- C:\Users\Lisa\Desktop\verkleinerer.set
[2011/04/24 06:20:53 | 000,319,456 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011/05/16 03:09:06 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/05/16 03:09:06 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/05/16 03:09:06 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/05/16 03:09:06 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/05/16 03:09:06 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/05/15 20:43:44 | 000,013,744 | ---- | C] () -- C:\Users\Lisa\Desktop\firefox - Verknüpfung.lnk
[2011/05/15 20:31:28 | 004,348,896 | R--- | C] () -- C:\Users\Lisa\Desktop\cofi.exe.exe
[2011/05/13 20:29:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/13 19:05:33 | 000,000,635 | ---- | C] () -- C:\Users\Lisa\Desktop\Windows 7 Recovery.lnk
[2010/06/02 13:30:40 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/05/01 15:29:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/22 18:26:06 | 000,014,336 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/10 11:11:48 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/10/26 10:11:16 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/10/26 10:11:16 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/10/26 10:08:53 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/10/26 10:05:52 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/07/26 03:28:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 03:28:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,319,456 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

< End of report >
         
--- --- ---

Alt 16.05.2011, 23:00   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 17.05.2011, 03:08   #15
Eich
 
Schwarzer Bildschirm, kein Zugriff auf Festplatte - Standard

Schwarzer Bildschirm, kein Zugriff auf Festplatte



GMER:GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-17 04:05:53
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: 63rbhrw0.exe; Driver: C:\Users\Lisa\AppData\Local\Temp\kxtdquow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                         81E60569 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                  81E85092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[3992] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [75595E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000047                                                                                       halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015aff487d1                                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015aff487d1 (not active ControlSet)                         

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Antwort

Themen zu Schwarzer Bildschirm, kein Zugriff auf Festplatte
adblock, bho, bildschirm, c:\windows\system32\rundll32.exe, computer, conduit, desktop, error, festplatte, firefox, flash player, google, install.exe, installation, location, logfile, malware, microsoft security, mozilla, oldtimer, problem, problembehandlung, realtek, registry, richtlinie, rogue.installer.gen, rundll, scan, schwarzer bildschirm, searchplugins, security, security scan, shell32.dll, software, start menu, starten, system neu, taskhost.exe, updates, webcheck, windows, windows 7 starter, winload toolbar



Ähnliche Themen: Schwarzer Bildschirm, kein Zugriff auf Festplatte


  1. Kein Zugriff auf Festplatte vom Laptop
    Netzwerk und Hardware - 01.07.2015 (9)
  2. Kein Zugriff auf Festplatte vom def. Laptop
    Netzwerk und Hardware - 07.12.2012 (9)
  3. Smart HDD, TRAgent 299008.37, schwarzer Hintergrund, kein Zugriff
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (8)
  4. schwarzer Bildschirm, Bibliotheksordner leer, Festplatte angeblich defekt....
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (23)
  5. externe festplatte, kein zugriff auf dateien möglich
    Log-Analyse und Auswertung - 29.12.2011 (38)
  6. Kein Zugriff auf Ordner auf externer Festplatte
    Log-Analyse und Auswertung - 02.09.2011 (4)
  7. Beschädigte Festplatte, schwarzer Bildschirm und unsichtbare Deteien
    Plagegeister aller Art und deren Bekämpfung - 26.08.2011 (3)
  8. Desktop schwarz, kein Zugriff auf Dateien von Festplatte
    Log-Analyse und Auswertung - 06.07.2011 (29)
  9. Wichtig! Schwarzer Bildschirm, festplatte beschädigt(angeblich)
    Log-Analyse und Auswertung - 15.06.2011 (32)
  10. TR/patched.gen - Kein zugriff mehr auf die Festplatte
    Plagegeister aller Art und deren Bekämpfung - 01.06.2011 (3)
  11. Trjoaner krazy / Festplatte defekt / schwarzer Desktop / keinen Zugriff auf meine Dateien
    Plagegeister aller Art und deren Bekämpfung - 25.05.2011 (3)
  12. Festplatte beschädigt, Dateien verschwunden, schwarzer Bildschirm
    Log-Analyse und Auswertung - 21.05.2011 (1)
  13. Festplatte beschädigt. Schwarzer Bildschirm.
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (23)
  14. Prblem mit Festplatte C: Kein zugriff
    Alles rund um Windows - 05.12.2010 (3)
  15. externe Festplatte, kein Zugriff
    Alles rund um Windows - 09.04.2010 (12)
  16. kein zugriff auf Festplatte möglich
    Log-Analyse und Auswertung - 24.01.2009 (0)
  17. 2. festplatte - kein zugriff mehr!!??!!
    Log-Analyse und Auswertung - 15.11.2004 (9)

Zum Thema Schwarzer Bildschirm, kein Zugriff auf Festplatte - Hallo! Ich habe mich eben angemeldet, weil ich ein Problem mit dem Computer habe. Das Betriebssystem ist Windows 7. Plötzlich kamen diese Meldungen: "Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten - Schwarzer Bildschirm, kein Zugriff auf Festplatte...
Archiv
Du betrachtest: Schwarzer Bildschirm, kein Zugriff auf Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.