Hey,
hier die nächsten drei logs.
GMER:
[code]
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-12 11:28:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHT2060AH rev.006C
Running: ysp5hul7.exe; Driver: C:\DOKUME~1\Papa\LOKALE~1\Temp\uxldipoc.sys
---- System - GMER 1.0.15 ----
SSDT F8B61C94 ZwClose
SSDT F8B61C4E ZwCreateKey
SSDT F8B61C9E ZwCreateSection
SSDT F8B61C44 ZwCreateThread
SSDT F8B61C53 ZwDeleteKey
SSDT F8B61C5D ZwDeleteValueKey
SSDT F8B61C8F ZwDuplicateObject
SSDT F8B61C62 ZwLoadKey
SSDT F8B61C30 ZwOpenProcess
SSDT F8B61C35 ZwOpenThread
SSDT F8B61C6C ZwReplaceKey
SSDT F8B61C67 ZwRestoreKey
SSDT F8B61CA3 ZwSetContextThread
SSDT F8B61C58 ZwSetValueKey
SSDT F8B61C3F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
Device RsFx0150.sys (RsFx Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device F30D1D20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\DRIVERS (*** hidden *** ) [MANUAL] BOProtocol <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
--- --- ---
OSAM :
Code:
Alles auswählen Aufklappen ATTFilter
OSAM Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:33:44 on 12.08.2011
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Common]
-----( %SystemRoot%\Tasks )-----
"ASC4_PerformanceMonitor.job" - "IObit" - C:\Programme\IObit\Advanced SystemCare 4\PMonitor.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FINDFAST.CPL" - "Microsoft Corporation" - C:\WINDOWS\system32\FINDFAST.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"mbllnk.cpl" - "AvantGo, Inc." - C:\WINDOWS\system32\mbllnk.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"BOVOLUME" (BOVOLUME) - "T-Systems Nova GmbH" - C:\PROGRA~1\T-DSLB~1\BOVOLUME.SYS
"BusinessOnline PPPoE Adapter" (BOAdapter) - "T-Systems Nova GmbH, Berkom Berlin" - C:\WINDOWS\System32\DRIVERS\BOPPPoE.sys
"BusinessOnline PPPoE Protokoll" (BOProtocol) - ? - C:\WINDOWS\System32\DRIVERS (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Papa\LOKALE~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - ? - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"OMCI WDM Device Driver" (OMCI) - "Dell Inc" - C:\WINDOWS\System32\DRIVERS\omci.sys
"PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Programme\T-DSL Business\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"RsFx0150 Driver" (RsFx0150) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\RsFx0150.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\WINDOWS\System32\DRIVERS\SymIM.sys (File not found)
"T-Sinus 111card Driver" (TS111) - "Deutsche Telekom AG" - C:\WINDOWS\System32\DRIVERS\TS111NDS.sys
"T-Systems Nova Packet Capture Driver" (TNPacket) - "T-Systems Nova GmbH" - C:\Programme\T-DSL SpeedManager\TNPACKET.SYS
"uxldipoc" (uxldipoc) - ? - C:\DOKUME~1\Papa\LOKALE~1\Temp\uxldipoc.sys (Hidden registry entry, rootkit activity | File not found)
"w32n5223 Protocol Driver" (w32n5223) - "Deutsche Telekon" - C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\W32N5223.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp: Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\aatp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Access 97\soa800.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\ART\OFFICE11\msohev.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=48835
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Mobilen Favoriten erstellen" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\inetrepl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft-Indexerstellung.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Access 97\FINDFAST.EXE (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Papa\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 2.3.lnk" - ? - C:\Programme\OpenOffice.org 2.3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Advanced SystemCare 4" - "IObit" - C:\Programme\IObit\Advanced SystemCare 4\ASCTray.exe
"TomTomHOME.exe" - "TomTom" - "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe"
"updateMgr" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BusinessOnline Log" - "T-Systems International GmbH" - "C:\Programme\T-DSL Business\bolog.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Advanced SystemCare Service" (AdvancedSystemCareService) - "IObit" - C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Sage Verteilungsdienst" (SageDeploymentService) - "Sage Software" - C:\Programme\Gemeinsame Dateien\Sage Software Shared\Deploymentservice.exe
"SAMSUNG WiselinkPro Service" (WiselinkPro) - ? - C:\Programme\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe (File found, but it contains no detailed information)
"SQL Server (PERSONAL2010)" (MSSQL$PERSONAL2010) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL10_50.PERSONAL2010\MSSQL\Binn\sqlservr.exe
"SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Symantec Core LC" (Symantec Core LC) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPD-LC\symlcsvc.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
"TSMService" (TSMService) - "T-Systems Nova, Berkom" - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
Alles auswählen Aufklappen ATTFilter
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 11:35:06
-----------------------------
11:35:06.046 OS Version: Windows 5.1.2600 Service Pack 3
11:35:06.046 Number of processors: 2 586 0x401
11:35:06.062 ComputerName: HERMANN UserName: Papa
11:35:06.531 Initialize success
11:36:45.765 AVAST engine defs: 11081200
11:38:05.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:38:05.656 Disk 0 Vendor: FUJITSU_MHT2060AH 006C Size: 57231MB BusType: 3
11:38:07.703 Disk 0 MBR read successfully
11:38:07.703 Disk 0 MBR scan
11:38:07.796 Disk 0 Windows XP default MBR code
11:38:07.812 Disk 0 scanning sectors +117194175
11:38:07.968 Disk 0 scanning C:\WINDOWS\system32\drivers
11:38:34.875 Service scanning
11:38:35.390 Service BOProtocol C:\WINDOWS\system32\DRIVERS **LOCKED** 5
11:38:36.203 Modules scanning
11:38:57.750 Disk 0 trace - called modules:
11:38:57.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
11:38:57.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82365ab8]
11:38:57.843 3 CLASSPNP.SYS[f8596fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x823d74d0]
11:38:59.125 AVAST engine scan C:\WINDOWS
11:39:22.750 AVAST engine scan C:\WINDOWS\system32
11:44:07.015 AVAST engine scan C:\WINDOWS\system32\drivers
11:44:46.390 AVAST engine scan C:\Dokumente und Einstellungen\Papa
11:50:40.203 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:51:32.656 Scan finished successfully
11:58:38.781 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Papa\Desktop\MBR.dat"
11:58:38.859 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Papa\Desktop\aswMBRlog.txt"
Grüße
12.08.2011, 11:02
Hybrid-Darstellung
