Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   tr/kazy.mekml.1 wirklich weg? (https://www.trojaner-board.de/97838-tr-kazy-mekml-1-wirklich-weg.html)

JSBach 21.04.2011 17:03
tr/kazy.mekml.1 wirklich weg?
 
Hallo,
erstmal großes Lob an das Forum, ist jetzt das zweite Mal, dass ich mir mit den Hinweisen hier selber in Sachen Trojaner helfen konnte.
Blöderweise hab ich mir auch diesen tr/kazy.mekml.1 eingefangen. Malwarebytes hat 3 Dateien entfernt und unhide.exe hat meine versteckten Dateien wieder sichtbar gemacht.
Hier mal das Malware log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 17:11:06
mbam-log-2011-04-21 (17-11-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172986
Laufzeit: 15 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2660 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.



Ich hab aber noch ein ungutes Gefühl. Zwar findet Malwarebytes nach einem kompletten Scan nichts mehr, aber bin ich den Trojaner jetzt wirklich los? Überlege schon, ob komplette Neuinstallation des Systems besser wäre...

Danke schon mal!

cosinus 21.04.2011 19:28
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

JSBach 21.04.2011 22:07
Ok, hier der Malware-Log nach dem Komplettscan (ältere logs gibts nicht):

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 22:58:38
mbam-log-2011-04-21 (22-58-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 467239
Laufzeit: 2 Stunde(n), 5 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL kommt als nächstes...

JSBach 21.04.2011 22:22
Und OTL:OTL Logfile:
Code:
OTL Extras logfile created on: 21.04.2011 23:09:20 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Hauke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 192,73 Gb Free Space | 68,01% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 5,21 Gb Free Space | 35,54% Space Free | Partition Type: NTFS
 
Computer Name: HAUKE-PC | User Name: Hauke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A311581-712D-40C1-A4F2-32FE693E9A6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A3BAD9F-D07D-4F2A-A780-7D306C5DDFDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A35FCB91-0AEA-454A-BE4E-8FF03E25862F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31122836-372E-4CC5-9D9C-3F6D4BAC7929}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3700E1D0-74F6-4390-A936-E2D4E7C16434}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4E2F1756-682A-4E0F-BBC7-56F5CCA9463C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5322D995-A0DC-468F-B778-6DE85ACEEAA1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{5348518E-EA1C-4280-BE55-899E9541BC24}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{58F8EB1E-19F5-4F20-B2B8-F463B8D50BA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C711B42-89C9-447F-BBD0-FD691CD4BEA0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5CBECF5D-3CA4-4564-99F0-2D2815D67E35}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{81D47F6D-5F48-473A-AB9D-9F5B343E0F65}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{98EDE754-B284-43E6-A592-9F46D6657878}" = dir=in | app=c:\programme (x86)\skype\phone\skype.exe |
"{A16D907F-2E11-4F43-9A26-3E032906186F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{C3146BB5-8DE7-4483-9844-760599D3BC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C855B5F9-DAB6-41D1-9109-AAF2E68D4BAD}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{D52E6528-D4C4-4FEB-AADB-03179234AD2A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{D7FF5C5F-D306-4CFA-BA4B-9CBD438DBE88}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F9CD7967-39FE-4494-AA6A-AC0517746796}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{11C39C10-BA29-42BD-B9B4-62F5A12135CC}C:\programme (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\programme (x86)\mozilla firefox\firefox.exe |
"TCP Query User{88D4895E-D8A5-4777-B583-89041E9DFE44}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{8F01FD57-A183-4610-940F-D5BA6000E855}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{F9E34EDE-25EE-4F57-B149-F86FBA01B555}C:\programme (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\programme (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320) 
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem  (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem  (02/23/2009 7.01.0.2)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1f77d410-e11e-4ae7-a00f-873b46e592d5}" = Nero 9 Lite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{401E5DAC-CE0A-4646-9AE3-652B7A19C70E}" = EViews 5
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009b" = MATLAB R2009b
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.65
"Nokia PC Suite" = Nokia PC Suite
"PDF Blender" = PDF Blender
"PunkBusterSvc" = PunkBuster Services
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.01.2011 12:10:45 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 31.01.2011 17:03:52 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 01.02.2011 11:17:52 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 01.02.2011 13:55:30 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.02.2011 03:42:23 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 02.02.2011 14:07:53 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.02.2011 04:12:15 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.02.2011 13:10:35 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.02.2011 16:19:53 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.02.2011 05:13:32 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 11.10.2010 11:09:48 | Computer Name = Hauke-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3983
 seconds with 1680 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.04.2011 11:13:36 | Computer Name = Hauke-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.04.2011 11:15:37 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21.04.2011 16:12:28 | Computer Name = Hauke-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.04.2011 16:12:29 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 21.04.2011 16:12:29 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

OTL Logfile:
Code:
OTL logfile created on: 21.04.2011 23:09:20 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Hauke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 192,73 Gb Free Space | 68,01% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 5,21 Gb Free Space | 35,54% Space Free | Partition Type: NTFS
 
Computer Name: HAUKE-PC | User Name: Hauke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hauke\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd)
PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hauke\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys ()
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys ()
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys ()
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys ()
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys ()
DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys ()
DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys ()
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys ()
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys ()
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys ()
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys ()
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys ()
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys ()
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wolfram|Alpha"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.03.09 19:22:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme (x86)\Mozilla Firefox\components [2011.03.22 21:33:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme (x86)\Mozilla Firefox\plugins [2011.04.21 22:15:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.01.06 14:05:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.01.22 15:40:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2009.12.11 20:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions
[2009.12.11 20:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.15 15:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\au4d7nqc.default\extensions
[2010.10.14 12:17:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\au4d7nqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.15 23:09:47 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\au4d7nqc.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.02.09 21:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Sunbird\Profiles\j4taif5b.default\extensions
[2010.08.07 15:53:28 | 000,002,275 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\Firefox\Profiles\au4d7nqc.default\searchplugins\wolframalpha.xml
File not found (No name found) --
[2010.10.18 12:55:22 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\HAUKE\APPDATA\ROAMING\5006
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [dplaaint]  File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Resgui]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 23:07:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hauke\Desktop\OTL.exe
[2011.04.21 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.04.21 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.04.21 22:12:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.16 10:44:26 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.16 10:44:17 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.16 10:44:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.16 10:44:06 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.16 10:44:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.16 10:43:57 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.04.16 10:43:55 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.16 10:43:51 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.04.16 10:43:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.16 10:43:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.16 10:43:49 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.16 10:43:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.04.16 10:43:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2011.04.16 10:43:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Hauke\AppData\Roaming\*.tmp files -> C:\Users\Hauke\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 23:12:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 23:12:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 23:07:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hauke\Desktop\OTL.exe
[2011.04.21 22:15:42 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.21 18:16:34 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{365E1431-7F5C-48B8-8ABD-04F685CC2C81}.job
[2011.04.21 17:38:16 | 000,002,719 | ---- | M] () -- C:\Users\Hauke\Desktop\Microsoft Office Outlook 2007.lnk
[2011.04.21 17:15:03 | 000,026,033 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.04.21 17:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 17:12:14 | 4253,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.18 21:47:51 | 001,477,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.18 21:47:51 | 000,640,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.18 21:47:51 | 000,607,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.18 21:47:51 | 000,130,854 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.18 21:47:51 | 000,108,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.17 17:29:57 | 000,388,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.09 10:29:04 | 000,006,080 | ---- | M] () -- C:\Users\Hauke\AppData\Local\d3d9caps.dat
[2011.04.07 22:38:44 | 000,053,760 | ---- | M] () -- C:\Users\Hauke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.04 19:45:31 | 000,636,324 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\NMM-MetaData.db
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Hauke\AppData\Roaming\*.tmp files -> C:\Users\Hauke\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 22:13:30 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.04.21 22:13:30 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.16 10:44:40 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011.04.16 10:44:40 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011.04.16 10:44:40 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011.04.16 10:44:31 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011.04.16 10:44:31 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011.04.16 10:44:31 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011.04.16 10:44:31 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011.04.16 10:44:30 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011.04.16 10:44:30 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011.04.16 10:44:30 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011.04.16 10:44:27 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011.04.16 10:44:27 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011.04.16 10:44:24 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011.04.16 10:44:24 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011.04.16 10:44:24 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011.04.16 10:44:24 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011.04.16 10:44:21 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011.04.16 10:44:18 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011.04.16 10:44:17 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011.04.16 10:44:15 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011.04.16 10:44:06 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011.04.16 10:44:05 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011.04.16 10:44:00 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011.04.16 10:43:57 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011.04.16 10:43:56 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011.04.16 10:43:53 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011.04.16 10:43:53 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011.04.16 10:43:52 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011.04.16 10:43:52 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011.04.16 10:43:52 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2011.04.16 10:43:51 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011.04.16 10:43:51 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011.04.16 10:43:51 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011.04.16 10:43:50 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011.04.16 10:43:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011.04.16 10:43:49 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2011.04.16 10:43:49 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011.04.16 10:43:48 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011.04.16 10:43:47 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2011.04.16 10:43:43 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011.04.16 10:43:43 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011.04.16 10:43:43 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2010.10.30 15:26:02 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010.10.30 15:26:02 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010.10.18 14:23:50 | 000,000,347 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\urhtps.dat
[2010.09.22 20:58:30 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.09.22 20:58:23 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.22 20:58:22 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.31 15:57:47 | 000,000,047 | R--- | C] () -- C:\Windows\ghdc.dat
[2010.03.09 19:56:48 | 000,636,324 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\NMM-MetaData.db
[2010.03.06 20:43:49 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.03.04 16:53:32 | 000,000,744 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\filterclsid.dat
[2010.03.02 21:57:08 | 001,457,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.02 21:55:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.03.02 21:42:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.12 20:11:31 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2010.01.12 20:11:30 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.01.12 20:11:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.01.12 20:05:05 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.01.12 19:56:23 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.12.11 13:43:34 | 000,131,072 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\DataSafeDotNet.exe
[2009.12.02 12:51:15 | 000,006,080 | ---- | C] () -- C:\Users\Hauke\AppData\Local\d3d9caps.dat
[2009.09.15 20:24:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.13 18:42:46 | 000,053,760 | ---- | C] () -- C:\Users\Hauke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.27 05:43:54 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.27 05:43:52 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.27 05:43:52 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.27 05:43:52 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.27 04:08:59 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.04.30 12:52:55 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.04.30 12:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
--- --- ---

cosinus 21.04.2011 22:34
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

JSBach 22.04.2011 05:44
Hi,

ich poste mal alle logs in chronologischer Reihenfolge:
Ältere logs sind glaub ich durch ccleaner gelöscht worden.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 17:11:06
mbam-log-2011-04-21 (17-11-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172986
Laufzeit: 15 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2660 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 18:26:10
mbam-log-2011-04-21 (18-26-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172815
Laufzeit: 5 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 20:32:59
mbam-log-2011-04-21 (20-32-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172996
Laufzeit: 4 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 20:45:07
mbam-log-2011-04-21 (20-45-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 7912
Laufzeit: 6 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Hauke\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\PFW3N86G\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 22:58:38
mbam-log-2011-04-21 (22-58-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 467239
Laufzeit: 2 Stunde(n), 5 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
mmh, bin ich das Ding jetzt wirklich los?
Und schützen AntiVir und Malwarebytes ausreichend vor solchen Trojanern in Zukunft?

cosinus 22.04.2011 12:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O4 - HKCU..\Run: [dplaaint]  File not found
O4 - HKCU..\Run: [Resgui]  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

JSBach 22.04.2011 12:41
hab ich gemacht. Rechner wurde neu gestartet und dann kam dieses log file:

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File E:\AUTORUN.INF not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaaint not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Resgui not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hauke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 888247 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7055581 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 608764048 bytes
 
Total Files Cleaned = 588,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_133459

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mcafee_aV8b2hH3EN62uxJ not found!
File\Folder C:\Windows\temp\mcafee_jzgYWwUJ03GsGCc not found!
File\Folder C:\Windows\temp\mcafee_lXjITglK4NCYnpr not found!
File\Folder C:\Windows\temp\mcmsc_diK8svJPGF1dIc1 not found!
File\Folder C:\Windows\temp\mcmsc_IIjR8hHH1d928OA not found!
File\Folder C:\Windows\temp\mcmsc_lcbessBH7DFKzTd not found!
File\Folder C:\Windows\temp\mcmsc_wAsQK9NP12JX4kw not found!
File\Folder C:\Windows\temp\sqlite_1JP4WjdH05dWGkx not found!
File\Folder C:\Windows\temp\sqlite_1vIidSBnUd5FTO4 not found!
File\Folder C:\Windows\temp\sqlite_cQ06762HN53bt59 not found!
File\Folder C:\Windows\temp\sqlite_rvEtnoLD6IdDUQk not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6TJNE1R\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPGBSSSX\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0E41BM7\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FMFHHJ3\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 22.04.2011 13:33
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

JSBach 22.04.2011 15:03
unhide.exe hatte ich schon ausgeführt, danach waren alle icons etc. wieder aufgetaucht. Hier das geforderte log:

Code:
2011/04/22 15:59:22.0914 4688        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/22 15:59:24.0172 4688        ================================================================================
2011/04/22 15:59:24.0172 4688        SystemInfo:
2011/04/22 15:59:24.0172 4688       
2011/04/22 15:59:24.0172 4688        OS Version: 6.0.6001 ServicePack: 1.0
2011/04/22 15:59:24.0172 4688        Product type: Workstation
2011/04/22 15:59:24.0172 4688        ComputerName: HAUKE-PC
2011/04/22 15:59:24.0173 4688        UserName: Hauke
2011/04/22 15:59:24.0174 4688        Windows directory: C:\Windows
2011/04/22 15:59:24.0174 4688        System windows directory: C:\Windows
2011/04/22 15:59:24.0174 4688        Running under WOW64
2011/04/22 15:59:24.0174 4688        Processor architecture: Intel x64
2011/04/22 15:59:24.0174 4688        Number of processors: 2
2011/04/22 15:59:24.0174 4688        Page size: 0x1000
2011/04/22 15:59:24.0174 4688        Boot type: Normal boot
2011/04/22 15:59:24.0174 4688        ================================================================================
2011/04/22 15:59:24.0746 4688        Initialize success
2011/04/22 15:59:27.0202 5232        ================================================================================
2011/04/22 15:59:27.0202 5232        Scan started
2011/04/22 15:59:27.0203 5232        Mode: Manual;
2011/04/22 15:59:27.0203 5232        ================================================================================
2011/04/22 15:59:28.0101 5232        ACPI            (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
2011/04/22 15:59:28.0187 5232        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/04/22 15:59:28.0453 5232        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/04/22 15:59:28.0552 5232        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/04/22 15:59:28.0652 5232        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/04/22 15:59:28.0888 5232        AFD            (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/04/22 15:59:29.0040 5232        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/04/22 15:59:29.0211 5232        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/22 15:59:29.0383 5232        aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/04/22 15:59:29.0517 5232        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/22 15:59:29.0636 5232        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/04/22 15:59:29.0829 5232        ApfiltrService  (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/22 15:59:29.0965 5232        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/04/22 15:59:30.0144 5232        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/04/22 15:59:30.0253 5232        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/22 15:59:30.0463 5232        atapi          (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
2011/04/22 15:59:30.0693 5232        avgntflt        (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/22 15:59:30.0866 5232        BCM42RLY        (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/22 15:59:31.0143 5232        BCM43XX        (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/04/22 15:59:31.0291 5232        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/04/22 15:59:31.0796 5232        bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/22 15:59:31.0936 5232        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/22 15:59:32.0122 5232        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/22 15:59:32.0312 5232        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/22 15:59:32.0461 5232        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/22 15:59:32.0536 5232        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/22 15:59:32.0689 5232        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/22 15:59:32.0825 5232        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/22 15:59:33.0011 5232        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/22 15:59:33.0129 5232        cdrom          (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/22 15:59:33.0288 5232        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/04/22 15:59:33.0422 5232        CLFS            (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
2011/04/22 15:59:33.0661 5232        CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/22 15:59:33.0759 5232        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/22 15:59:33.0845 5232        Compbatt        (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/22 15:59:33.0988 5232        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/22 15:59:34.0124 5232        CtClsFlt        (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/04/22 15:59:34.0303 5232        DfsC            (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/04/22 15:59:34.0541 5232        disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/04/22 15:59:34.0931 5232        drmkaud        (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
2011/04/22 15:59:35.0214 5232        DXGKrnl        (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/22 15:59:35.0361 5232        e1express      (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/04/22 15:59:35.0521 5232        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/22 15:59:35.0702 5232        Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/04/22 15:59:35.0856 5232        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/04/22 15:59:36.0050 5232        ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/04/22 15:59:36.0155 5232        exfat          (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/04/22 15:59:36.0248 5232        fastfat        (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/04/22 15:59:36.0331 5232        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/22 15:59:36.0520 5232        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/22 15:59:36.0598 5232        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/22 15:59:36.0678 5232        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/22 15:59:36.0765 5232        FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/04/22 15:59:36.0974 5232        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/22 15:59:37.0340 5232        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/22 15:59:37.0531 5232        HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/22 15:59:37.0605 5232        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/22 15:59:37.0697 5232        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/22 15:59:37.0852 5232        HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/22 15:59:37.0952 5232        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/04/22 15:59:38.0063 5232        HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/04/22 15:59:38.0297 5232        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/04/22 15:59:38.0436 5232        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/22 15:59:38.0659 5232        iaStor          (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\drivers\iastor.sys
2011/04/22 15:59:38.0756 5232        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/04/22 15:59:39.0341 5232        igfx            (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/22 15:59:39.0937 5232        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/22 15:59:40.0128 5232        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/22 15:59:40.0273 5232        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/22 15:59:40.0329 5232        IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/22 15:59:40.0559 5232        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/22 15:59:40.0669 5232        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/22 15:59:40.0778 5232        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/22 15:59:40.0941 5232        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/04/22 15:59:41.0057 5232        iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/22 15:59:41.0165 5232        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/22 15:59:41.0309 5232        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/22 15:59:41.0413 5232        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/22 15:59:41.0539 5232        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/22 15:59:41.0885 5232        KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/22 15:59:42.0109 5232        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/22 15:59:42.0223 5232        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/22 15:59:42.0353 5232        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/22 15:59:42.0430 5232        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/22 15:59:42.0610 5232        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/22 15:59:42.0735 5232        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/22 15:59:43.0010 5232        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/04/22 15:59:43.0117 5232        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/04/22 15:59:43.0254 5232        mfeavfk        (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/22 15:59:43.0436 5232        mfebopk        (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2011/04/22 15:59:43.0544 5232        mfehidk        (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys
2011/04/22 15:59:43.0724 5232        mferkdk        (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys
2011/04/22 15:59:43.0823 5232        mfesmfk        (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys
2011/04/22 15:59:43.0951 5232        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/22 15:59:44.0179 5232        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/22 15:59:44.0346 5232        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/22 15:59:44.0436 5232        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/22 15:59:44.0614 5232        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/22 15:59:44.0726 5232        MPFP            (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/04/22 15:59:44.0826 5232        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/04/22 15:59:45.0003 5232        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/22 15:59:45.0108 5232        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/22 15:59:45.0306 5232        MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/04/22 15:59:45.0439 5232        mrxsmb          (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/22 15:59:45.0544 5232        mrxsmb10        (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/22 15:59:45.0692 5232        mrxsmb20        (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/22 15:59:45.0812 5232        msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/04/22 15:59:45.0893 5232        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/04/22 15:59:46.0117 5232        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/22 15:59:46.0229 5232        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/22 15:59:46.0415 5232        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/22 15:59:46.0673 5232        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/22 15:59:46.0729 5232        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/22 15:59:46.0813 5232        MsRPC          (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/22 15:59:46.0918 5232        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/22 15:59:47.0073 5232        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/22 15:59:47.0158 5232        Mup            (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/04/22 15:59:47.0290 5232        NativeWifiP    (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/22 15:59:47.0494 5232        NDIS            (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
2011/04/22 15:59:47.0608 5232        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/22 15:59:47.0702 5232        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/22 15:59:47.0786 5232        NdisWan        (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/22 15:59:47.0939 5232        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/22 15:59:48.0034 5232        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/22 15:59:48.0123 5232        netbt          (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/22 15:59:48.0348 5232        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/22 15:59:48.0481 5232        nmwcdcx64      (02c1198276c0d4f39e54eb5148af1e2a) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/04/22 15:59:48.0717 5232        nmwcdx64        (d8f00fcc82451bdaa3db93bb62ae6ac3) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/04/22 15:59:48.0902 5232        Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/04/22 15:59:48.0972 5232        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/22 15:59:49.0096 5232        Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/04/22 15:59:49.0315 5232        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/22 15:59:49.0419 5232        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/04/22 15:59:49.0525 5232        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/04/22 15:59:49.0741 5232        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/04/22 15:59:49.0892 5232        OA009Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/04/22 15:59:49.0962 5232        OA009Vid        (d460884eb05b90d06b35a1dbc31928df) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/04/22 15:59:50.0237 5232        ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/04/22 15:59:50.0366 5232        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/04/22 15:59:50.0427 5232        partmgr        (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/04/22 15:59:50.0562 5232        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/04/22 15:59:50.0659 5232        pci            (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/04/22 15:59:50.0955 5232        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/04/22 15:59:51.0052 5232        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/22 15:59:51.0272 5232        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/22 15:59:51.0588 5232        PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/22 15:59:51.0682 5232        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/04/22 15:59:51.0790 5232        PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/22 15:59:51.0995 5232        PxHlpa64        (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/04/22 15:59:52.0202 5232        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/04/22 15:59:52.0443 5232        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/22 15:59:52.0557 5232        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/22 15:59:52.0788 5232        R300            (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/22 15:59:53.0080 5232        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/22 15:59:53.0371 5232        Rasl2tp        (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/22 15:59:53.0501 5232        RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/22 15:59:53.0591 5232        RasSstp        (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/22 15:59:53.0783 5232        rdbss          (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/22 15:59:53.0872 5232        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/22 15:59:53.0966 5232        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/04/22 15:59:54.0039 5232        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/22 15:59:54.0133 5232        RDPWD          (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/04/22 15:59:54.0360 5232        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/22 15:59:54.0558 5232        RTSTOR          (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/04/22 15:59:54.0739 5232        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/22 15:59:54.0884 5232        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/22 15:59:54.0981 5232        Serenum        (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/04/22 15:59:55.0175 5232        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/04/22 15:59:55.0272 5232        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/22 15:59:55.0585 5232        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/04/22 15:59:55.0670 5232        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/22 15:59:55.0751 5232        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/22 15:59:55.0826 5232        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/22 15:59:56.0049 5232        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/04/22 15:59:56.0159 5232        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/04/22 15:59:56.0267 5232        Smb            (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/04/22 15:59:56.0386 5232        spldr          (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/04/22 15:59:56.0602 5232        srv            (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/04/22 15:59:56.0750 5232        srv2            (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/22 15:59:56.0904 5232        srvnet          (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/22 15:59:56.0996 5232        sscdbus        (b165001ba2cb1e56c70084ceec53d7ab) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/04/22 15:59:57.0116 5232        sscdmdfl        (f431653836c02870f93254bf5c9ca23e) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/04/22 15:59:57.0330 5232        sscdmdm        (b57f56218759d08ca3bce765a18d398b) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/04/22 15:59:57.0616 5232        STHDA          (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/04/22 15:59:57.0838 5232        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/22 15:59:57.0937 5232        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/22 15:59:58.0029 5232        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/22 15:59:58.0115 5232        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/22 15:59:58.0353 5232        Tcpip          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/04/22 15:59:58.0609 5232        Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/22 15:59:58.0773 5232        tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/22 15:59:58.0872 5232        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/22 15:59:58.0956 5232        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/22 15:59:59.0047 5232        tdx            (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/22 15:59:59.0214 5232        TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/22 15:59:59.0351 5232        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/22 15:59:59.0471 5232        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/22 15:59:59.0616 5232        tunnel          (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/22 15:59:59.0731 5232        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/04/22 15:59:59.0890 5232        udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/22 16:00:00.0054 5232        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/22 16:00:00.0184 5232        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/04/22 16:00:00.0369 5232        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/22 16:00:00.0492 5232        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/22 16:00:00.0616 5232        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/22 16:00:00.0776 5232        upperdev        (9856c38ab8faacca4dd99dac7b42f838) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/04/22 16:00:00.0944 5232        usbccgp        (a587d8c773bab0567bbaf36df6d6f2f1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/22 16:00:01.0055 5232        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/22 16:00:01.0218 5232        usbehci        (2890153576c9e190dc8d9b49314d08cd) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/22 16:00:01.0305 5232        usbhub          (a2b05905445fc5bf90faf6cf11143798) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/22 16:00:01.0425 5232        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/04/22 16:00:01.0533 5232        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/22 16:00:01.0695 5232        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/22 16:00:01.0836 5232        usbser          (5a8d98330f21e69d19459ed65847111d) C:\Windows\system32\drivers\usbser.sys
2011/04/22 16:00:01.0923 5232        UsbserFilt      (89123dc822ac7a708bd4c9e196a37610) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2011/04/22 16:00:02.0110 5232        USBSTOR        (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/22 16:00:02.0218 5232        usbuhci        (8eb2eba8af6da7c0a7b1e82834f5adba) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/22 16:00:02.0376 5232        usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/22 16:00:02.0512 5232        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/22 16:00:02.0601 5232        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/22 16:00:02.0679 5232        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/22 16:00:02.0831 5232        volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/04/22 16:00:02.0968 5232        volmgrx        (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/04/22 16:00:03.0081 5232        volsnap        (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/04/22 16:00:03.0211 5232        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/04/22 16:00:03.0355 5232        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/22 16:00:03.0481 5232        Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 16:00:03.0539 5232        Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 16:00:03.0689 5232        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/04/22 16:00:03.0794 5232        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/22 16:00:04.0126 5232        WmiAcpi        (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/22 16:00:04.0285 5232        WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/22 16:00:04.0453 5232        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/22 16:00:04.0596 5232        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/22 16:00:04.0802 5232        yukonx64        (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/04/22 16:00:04.0984 5232        ================================================================================
2011/04/22 16:00:04.0984 5232        Scan finished
2011/04/22 16:00:04.0984 5232        ================================================================================

JSBach 22.04.2011 21:41
:dankeschoen: erstmal. Kannst du denn was zu meiner Frage sagen?
Zitat:
war findet Malwarebytes nach einem kompletten Scan nichts mehr, aber bin ich den Trojaner jetzt wirklich los? Überlege schon, ob komplette Neuinstallation des Systems besser wäre...

cosinus 23.04.2011 15:22
Wenn du unbedingt neu installieren willst, dann mach das. idR ist eine Neuinstallation sicherer/gründlicher.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:59 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129