| |
| |||||||
Log-Analyse und Auswertung: Post_Label_N2420US und Win32:Downloader-LWRWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.12.2011, 17:40
| #16 |
 |  Post_Label_N2420US und Win32:Downloader-LWR TDSS-Killer findet eine Datei, netr28u ( UnsignedFile.Multi.Generic ) - skipped by user Code:
ATTFilter 17:35:14.0629 4308 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:35:14.0722 4308 ============================================================
17:35:14.0722 4308 Current date / time: 2011/12/29 17:35:14.0722
17:35:14.0722 4308 SystemInfo:
17:35:14.0722 4308
17:35:14.0722 4308 OS Version: 6.0.6002 ServicePack: 2.0
17:35:14.0722 4308 Product type: Workstation
17:35:14.0722 4308 ComputerName: A-PC
17:35:14.0722 4308 UserName: a
17:35:14.0722 4308 Windows directory: C:\Windows
17:35:14.0722 4308 System windows directory: C:\Windows
17:35:14.0722 4308 Processor architecture: Intel x86
17:35:14.0722 4308 Number of processors: 4
17:35:14.0722 4308 Page size: 0x1000
17:35:14.0722 4308 Boot type: Normal boot
17:35:14.0722 4308 ============================================================
17:35:15.0112 4308 Initialize success
17:36:32.0925 5176 ============================================================
17:36:32.0925 5176 Scan started
17:36:32.0925 5176 Mode: Manual; SigCheck; TDLFS;
17:36:32.0925 5176 ============================================================
17:36:33.0409 5176 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:36:33.0502 5176 ACPI - ok
17:36:33.0580 5176 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:36:33.0596 5176 adp94xx - ok
17:36:33.0627 5176 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:36:33.0643 5176 adpahci - ok
17:36:33.0643 5176 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:36:33.0658 5176 adpu160m - ok
17:36:33.0674 5176 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:36:33.0689 5176 adpu320 - ok
17:36:33.0767 5176 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:36:33.0814 5176 AFD - ok
17:36:33.0861 5176 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:36:33.0877 5176 agp440 - ok
17:36:33.0923 5176 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:36:33.0923 5176 aic78xx - ok
17:36:33.0970 5176 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:36:33.0986 5176 aliide - ok
17:36:34.0001 5176 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:36:34.0017 5176 amdagp - ok
17:36:34.0033 5176 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:36:34.0048 5176 amdide - ok
17:36:34.0064 5176 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:36:34.0111 5176 AmdK7 - ok
17:36:34.0142 5176 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:36:34.0189 5176 AmdK8 - ok
17:36:34.0220 5176 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:36:34.0235 5176 arc - ok
17:36:34.0282 5176 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:36:34.0282 5176 arcsas - ok
17:36:34.0345 5176 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
17:36:34.0360 5176 aswFsBlk - ok
17:36:34.0438 5176 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
17:36:34.0454 5176 aswMonFlt - ok
17:36:34.0469 5176 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
17:36:34.0485 5176 aswRdr - ok
17:36:34.0516 5176 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
17:36:34.0532 5176 aswSnx - ok
17:36:34.0563 5176 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
17:36:34.0579 5176 aswSP - ok
17:36:34.0594 5176 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
17:36:34.0594 5176 aswTdi - ok
17:36:34.0625 5176 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:36:34.0672 5176 AsyncMac - ok
17:36:34.0688 5176 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
17:36:34.0703 5176 atapi - ok
17:36:34.0781 5176 AVMUNET (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys
17:36:34.0797 5176 AVMUNET - ok
17:36:34.0844 5176 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:36:34.0891 5176 Beep - ok
17:36:34.0953 5176 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:36:35.0000 5176 blbdrive - ok
17:36:35.0047 5176 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:36:35.0125 5176 bowser - ok
17:36:35.0140 5176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:36:35.0203 5176 BrFiltLo - ok
17:36:35.0218 5176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:36:35.0265 5176 BrFiltUp - ok
17:36:35.0437 5176 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:36:35.0515 5176 Brserid - ok
17:36:35.0530 5176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:36:35.0593 5176 BrSerWdm - ok
17:36:35.0608 5176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:36:35.0686 5176 BrUsbMdm - ok
17:36:35.0702 5176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:36:35.0764 5176 BrUsbSer - ok
17:36:35.0795 5176 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:36:35.0842 5176 BTHMODEM - ok
17:36:35.0873 5176 catchme - ok
17:36:35.0905 5176 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:36:35.0951 5176 cdfs - ok
17:36:35.0983 5176 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:36:35.0998 5176 cdrom - ok
17:36:36.0029 5176 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
17:36:36.0061 5176 circlass - ok
17:36:36.0092 5176 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:36:36.0107 5176 CLFS - ok
17:36:36.0154 5176 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:36:36.0170 5176 cmdide - ok
17:36:36.0201 5176 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
17:36:36.0217 5176 Compbatt - ok
17:36:36.0248 5176 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:36:36.0248 5176 crcdisk - ok
17:36:36.0279 5176 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:36:36.0326 5176 Crusoe - ok
17:36:36.0404 5176 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:36:36.0435 5176 DfsC - ok
17:36:36.0497 5176 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:36:36.0513 5176 disk - ok
17:36:36.0575 5176 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:36:36.0607 5176 drmkaud - ok
17:36:36.0653 5176 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:36:36.0669 5176 DXGKrnl - ok
17:36:36.0747 5176 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
17:36:36.0778 5176 e1express - ok
17:36:36.0809 5176 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:36:36.0841 5176 E1G60 - ok
17:36:36.0903 5176 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:36:36.0919 5176 Ecache - ok
17:36:36.0934 5176 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:36:36.0965 5176 elxstor - ok
17:36:37.0012 5176 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:36:37.0059 5176 ErrDev - ok
17:36:37.0106 5176 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:36:37.0168 5176 exfat - ok
17:36:37.0199 5176 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:36:37.0215 5176 fastfat - ok
17:36:37.0246 5176 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:36:37.0277 5176 fdc - ok
17:36:37.0340 5176 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:36:37.0340 5176 FileInfo - ok
17:36:37.0355 5176 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:36:37.0387 5176 Filetrace - ok
17:36:37.0418 5176 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:37.0449 5176 flpydisk - ok
17:36:37.0496 5176 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:36:37.0511 5176 FltMgr - ok
17:36:37.0527 5176 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:36:37.0574 5176 Fs_Rec - ok
17:36:37.0605 5176 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:36:37.0621 5176 gagp30kx - ok
17:36:37.0714 5176 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
17:36:37.0745 5176 HdAudAddService - ok
17:36:37.0792 5176 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:36:37.0839 5176 HDAudBus - ok
17:36:37.0870 5176 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:36:37.0933 5176 HidBth - ok
17:36:37.0964 5176 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:36:38.0026 5176 HidIr - ok
17:36:38.0073 5176 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:36:38.0104 5176 HidUsb - ok
17:36:38.0135 5176 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:36:38.0151 5176 HpCISSs - ok
17:36:38.0198 5176 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:36:38.0245 5176 HTTP - ok
17:36:38.0276 5176 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:36:38.0291 5176 i2omp - ok
17:36:38.0338 5176 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:36:38.0369 5176 i8042prt - ok
17:36:38.0401 5176 iaStor (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
17:36:38.0416 5176 iaStor - ok
17:36:38.0432 5176 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:36:38.0447 5176 iaStorV - ok
17:36:38.0463 5176 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:36:38.0463 5176 iirsp - ok
17:36:38.0588 5176 IntcAzAudAddService (345ac48d17f5c2f2aa1ee50d34c3978b) C:\Windows\system32\drivers\RTKVHDA.sys
17:36:38.0681 5176 IntcAzAudAddService - ok
17:36:38.0697 5176 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:36:38.0713 5176 intelide - ok
17:36:38.0728 5176 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:36:38.0775 5176 intelppm - ok
17:36:38.0806 5176 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:38.0853 5176 IpFilterDriver - ok
17:36:38.0853 5176 IpInIp - ok
17:36:38.0884 5176 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:36:38.0915 5176 IPMIDRV - ok
17:36:38.0931 5176 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:36:38.0962 5176 IPNAT - ok
17:36:38.0978 5176 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:36:39.0025 5176 IRENUM - ok
17:36:39.0040 5176 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:36:39.0056 5176 isapnp - ok
17:36:39.0087 5176 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:36:39.0103 5176 iScsiPrt - ok
17:36:39.0134 5176 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:36:39.0134 5176 iteatapi - ok
17:36:39.0165 5176 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:36:39.0165 5176 iteraid - ok
17:36:39.0181 5176 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:36:39.0196 5176 kbdclass - ok
17:36:39.0212 5176 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:36:39.0259 5176 kbdhid - ok
17:36:39.0290 5176 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
17:36:39.0321 5176 KSecDD - ok
17:36:39.0368 5176 Lbd - ok
17:36:39.0383 5176 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:36:39.0430 5176 lltdio - ok
17:36:39.0477 5176 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:36:39.0493 5176 LSI_FC - ok
17:36:39.0508 5176 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:36:39.0524 5176 LSI_SAS - ok
17:36:39.0586 5176 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:36:39.0586 5176 LSI_SCSI - ok
17:36:39.0602 5176 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:36:39.0664 5176 luafv - ok
17:36:39.0711 5176 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:36:39.0727 5176 megasas - ok
17:36:39.0773 5176 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:36:39.0789 5176 MegaSR - ok
17:36:39.0805 5176 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:36:39.0836 5176 Modem - ok
17:36:39.0867 5176 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:36:39.0914 5176 monitor - ok
17:36:39.0929 5176 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:36:39.0945 5176 mouclass - ok
17:36:39.0976 5176 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:36:39.0992 5176 mouhid - ok
17:36:40.0007 5176 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:36:40.0023 5176 MountMgr - ok
17:36:40.0070 5176 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:36:40.0085 5176 mpio - ok
17:36:40.0101 5176 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:36:40.0132 5176 mpsdrv - ok
17:36:40.0179 5176 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:36:40.0195 5176 Mraid35x - ok
17:36:40.0210 5176 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:36:40.0257 5176 MRxDAV - ok
17:36:40.0273 5176 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:40.0288 5176 mrxsmb - ok
17:36:40.0351 5176 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:40.0397 5176 mrxsmb10 - ok
17:36:40.0429 5176 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:40.0460 5176 mrxsmb20 - ok
17:36:40.0507 5176 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:36:40.0507 5176 msahci - ok
17:36:40.0553 5176 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:36:40.0553 5176 msdsm - ok
17:36:40.0585 5176 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:36:40.0756 5176 Msfs - ok
17:36:40.0819 5176 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:36:40.0834 5176 msisadrv - ok
17:36:40.0881 5176 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:36:40.0928 5176 MSKSSRV - ok
17:36:40.0959 5176 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:40.0975 5176 MSPCLOCK - ok
17:36:40.0990 5176 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:36:41.0021 5176 MSPQM - ok
17:36:41.0037 5176 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:36:41.0053 5176 MsRPC - ok
17:36:41.0068 5176 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:36:41.0084 5176 mssmbios - ok
17:36:41.0099 5176 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:36:41.0131 5176 MSTEE - ok
17:36:41.0146 5176 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:36:41.0162 5176 Mup - ok
17:36:41.0209 5176 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:36:41.0224 5176 NativeWifiP - ok
17:36:41.0271 5176 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:36:41.0287 5176 NDIS - ok
17:36:41.0349 5176 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:41.0380 5176 NdisTapi - ok
17:36:41.0380 5176 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:41.0411 5176 Ndisuio - ok
17:36:41.0443 5176 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:41.0474 5176 NdisWan - ok
17:36:41.0505 5176 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:36:41.0536 5176 NDProxy - ok
17:36:41.0583 5176 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:36:41.0614 5176 NetBIOS - ok
17:36:41.0630 5176 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:36:41.0645 5176 netbt - ok
17:36:41.0739 5176 netr28u (2e812881ec96e80eae304877ed90206b) C:\Windows\system32\DRIVERS\netr28u.sys
17:36:41.0848 5176 netr28u ( UnsignedFile.Multi.Generic ) - warning
17:36:41.0848 5176 netr28u - detected UnsignedFile.Multi.Generic (1)
17:36:41.0879 5176 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:36:41.0895 5176 nfrd960 - ok
17:36:41.0926 5176 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:36:41.0957 5176 Npfs - ok
17:36:41.0989 5176 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:36:42.0020 5176 nsiproxy - ok
17:36:42.0082 5176 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:36:42.0176 5176 Ntfs - ok
17:36:42.0207 5176 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:36:42.0254 5176 ntrigdigi - ok
17:36:42.0254 5176 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:36:42.0301 5176 Null - ok
17:36:42.0488 5176 nvlddmkm (433b35bcc2a5cb7ecb0b807d6ed38d4e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:36:42.0722 5176 nvlddmkm - ok
17:36:42.0769 5176 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:36:42.0784 5176 nvraid - ok
17:36:42.0800 5176 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:36:42.0815 5176 nvstor - ok
17:36:42.0831 5176 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:36:42.0831 5176 nv_agp - ok
17:36:42.0847 5176 NwlnkFlt - ok
17:36:42.0847 5176 NwlnkFwd - ok
17:36:42.0925 5176 NxpCap (35ebe490c993f39091ce7bf89e725b0c) C:\Windows\system32\DRIVERS\NxpCap.sys
17:36:42.0971 5176 NxpCap - ok
17:36:43.0034 5176 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:36:43.0065 5176 ohci1394 - ok
17:36:43.0112 5176 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:36:43.0174 5176 Parport - ok
17:36:43.0221 5176 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:36:43.0221 5176 partmgr - ok
17:36:43.0237 5176 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:36:43.0283 5176 Parvdm - ok
17:36:43.0315 5176 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:36:43.0330 5176 pci - ok
17:36:43.0346 5176 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:36:43.0346 5176 pciide - ok
17:36:43.0361 5176 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:36:43.0377 5176 pcmcia - ok
17:36:43.0424 5176 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:36:43.0486 5176 PEAUTH - ok
17:36:43.0549 5176 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:36:43.0580 5176 PptpMiniport - ok
17:36:43.0611 5176 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:36:43.0642 5176 Processor - ok
17:36:43.0689 5176 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:36:43.0736 5176 PSched - ok
17:36:43.0814 5176 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
17:36:43.0829 5176 PxHelp20 - ok
17:36:43.0876 5176 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:36:43.0970 5176 ql2300 - ok
17:36:44.0032 5176 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:36:44.0048 5176 ql40xx - ok
17:36:44.0063 5176 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:36:44.0095 5176 QWAVEdrv - ok
17:36:44.0126 5176 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:36:44.0173 5176 RasAcd - ok
17:36:44.0204 5176 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:44.0219 5176 Rasl2tp - ok
17:36:44.0251 5176 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:44.0282 5176 RasPppoe - ok
17:36:44.0313 5176 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:36:44.0329 5176 RasSstp - ok
17:36:44.0360 5176 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:36:44.0375 5176 rdbss - ok
17:36:44.0391 5176 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:44.0422 5176 RDPCDD - ok
17:36:44.0438 5176 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:36:44.0469 5176 rdpdr - ok
17:36:44.0485 5176 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:36:44.0500 5176 RDPENCDD - ok
17:36:44.0531 5176 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:36:44.0578 5176 RDPWD - ok
17:36:44.0625 5176 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:36:44.0656 5176 rspndr - ok
17:36:44.0687 5176 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:36:44.0703 5176 sbp2port - ok
17:36:44.0781 5176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:36:44.0843 5176 secdrv - ok
17:36:44.0875 5176 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:36:44.0906 5176 Serenum - ok
17:36:44.0937 5176 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:36:44.0968 5176 Serial - ok
17:36:44.0984 5176 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:36:44.0999 5176 sermouse - ok
17:36:45.0015 5176 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:36:45.0046 5176 sffdisk - ok
17:36:45.0046 5176 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:36:45.0077 5176 sffp_mmc - ok
17:36:45.0093 5176 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:36:45.0140 5176 sffp_sd - ok
17:36:45.0171 5176 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:36:45.0233 5176 sfloppy - ok
17:36:45.0265 5176 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:36:45.0265 5176 sisagp - ok
17:36:45.0296 5176 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:36:45.0296 5176 SiSRaid2 - ok
17:36:45.0327 5176 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:36:45.0327 5176 SiSRaid4 - ok
17:36:45.0358 5176 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:36:45.0405 5176 Smb - ok
17:36:45.0639 5176 SNPSTD3 (4b0e6dfe7905db8cb7318c0d23abc4ea) C:\Windows\system32\DRIVERS\snpstd3.sys
17:36:46.0169 5176 SNPSTD3 - ok
17:36:46.0232 5176 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:36:46.0247 5176 spldr - ok
17:36:46.0294 5176 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:36:46.0325 5176 srv - ok
17:36:46.0357 5176 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:36:46.0388 5176 srv2 - ok
17:36:46.0419 5176 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:36:46.0435 5176 srvnet - ok
17:36:46.0481 5176 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:36:46.0497 5176 swenum - ok
17:36:46.0497 5176 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:36:46.0513 5176 Symc8xx - ok
17:36:46.0528 5176 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:36:46.0544 5176 Sym_hi - ok
17:36:46.0559 5176 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:36:46.0559 5176 Sym_u3 - ok
17:36:46.0606 5176 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:36:46.0669 5176 Tcpip - ok
17:36:46.0700 5176 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:36:46.0747 5176 Tcpip6 - ok
17:36:46.0778 5176 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:36:46.0809 5176 tcpipreg - ok
17:36:46.0840 5176 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:36:46.0871 5176 TDPIPE - ok
17:36:46.0918 5176 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:36:46.0949 5176 TDTCP - ok
17:36:46.0981 5176 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:36:47.0012 5176 tdx - ok
17:36:47.0137 5176 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:36:47.0152 5176 TermDD - ok
17:36:47.0183 5176 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:47.0215 5176 tssecsrv - ok
17:36:47.0246 5176 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:36:47.0277 5176 tunmp - ok
17:36:47.0339 5176 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:36:47.0355 5176 tunnel - ok
17:36:47.0402 5176 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:36:47.0417 5176 uagp35 - ok
17:36:47.0433 5176 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:36:47.0449 5176 udfs - ok
17:36:47.0480 5176 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:36:47.0480 5176 uliagpkx - ok
17:36:47.0511 5176 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:36:47.0527 5176 uliahci - ok
17:36:47.0542 5176 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:36:47.0558 5176 UlSata - ok
17:36:47.0558 5176 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:36:47.0573 5176 ulsata2 - ok
17:36:47.0589 5176 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:36:47.0636 5176 umbus - ok
17:36:47.0683 5176 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:47.0714 5176 usbccgp - ok
17:36:47.0745 5176 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:36:47.0807 5176 usbcir - ok
17:36:47.0839 5176 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:36:47.0885 5176 usbehci - ok
17:36:47.0917 5176 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:36:47.0948 5176 usbhub - ok
17:36:47.0963 5176 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:36:48.0010 5176 usbohci - ok
17:36:48.0026 5176 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:36:48.0057 5176 usbprint - ok
17:36:48.0088 5176 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:36:48.0104 5176 usbscan - ok
17:36:48.0119 5176 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:48.0135 5176 USBSTOR - ok
17:36:48.0151 5176 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:36:48.0197 5176 usbuhci - ok
17:36:48.0229 5176 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:48.0275 5176 vga - ok
17:36:48.0291 5176 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:36:48.0322 5176 VgaSave - ok
17:36:48.0338 5176 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:36:48.0353 5176 viaagp - ok
17:36:48.0369 5176 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:36:48.0385 5176 ViaC7 - ok
17:36:48.0400 5176 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:36:48.0416 5176 viaide - ok
17:36:48.0431 5176 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:36:48.0447 5176 volmgr - ok
17:36:48.0478 5176 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:36:48.0494 5176 volmgrx - ok
17:36:48.0494 5176 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:36:48.0509 5176 volsnap - ok
17:36:48.0556 5176 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:36:48.0572 5176 vsmraid - ok
17:36:48.0587 5176 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:36:48.0634 5176 WacomPen - ok
17:36:48.0634 5176 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:36:48.0665 5176 Wanarp - ok
17:36:48.0681 5176 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:36:48.0712 5176 Wanarpv6 - ok
17:36:48.0728 5176 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:36:48.0743 5176 Wd - ok
17:36:48.0775 5176 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:36:48.0790 5176 Wdf01000 - ok
17:36:48.0884 5176 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
17:36:48.0915 5176 WmiAcpi - ok
17:36:48.0962 5176 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:36:48.0977 5176 WpdUsb - ok
17:36:48.0993 5176 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:36:49.0040 5176 ws2ifsl - ok
17:36:49.0087 5176 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:49.0118 5176 WUDFRd - ok
17:36:49.0149 5176 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
17:36:49.0149 5176 X10Hid - ok
17:36:49.0196 5176 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
17:36:49.0211 5176 XUIF - ok
17:36:49.0243 5176 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:36:49.0383 5176 \Device\Harddisk0\DR0 - ok
17:36:49.0383 5176 Boot (0x1200) (4aaf4a98fc25a4a7ad9008d4ba50c369) \Device\Harddisk0\DR0\Partition0
17:36:49.0399 5176 \Device\Harddisk0\DR0\Partition0 - ok
17:36:49.0414 5176 Boot (0x1200) (8106bcf4512c3fa93c070df4084d8e08) \Device\Harddisk0\DR0\Partition1
17:36:49.0414 5176 \Device\Harddisk0\DR0\Partition1 - ok
17:36:49.0414 5176 ============================================================
17:36:49.0414 5176 Scan finished
17:36:49.0414 5176 ============================================================
17:36:49.0414 6116 Detected object count: 1
17:36:49.0414 6116 Actual detected object count: 1
17:38:05.0574 6116 netr28u ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:05.0574 6116 netr28u ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.12.2011, 21:30
| #17 |
| | Post_Label_N2420US und Win32:Downloader-LWR Ansonsten habe ich schon mal SUPERAntiSpyware und aswMBR laufen lassen.
__________________Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 12/29/2011 bei 08:46 PM
Version der Applikation : 5.0.1142
Version der Kern-Datenbank : 8089
Version der Spur-Datenbank : 5901
Scan Art : Schneller Scann
Totale Scann-Zeit : 00:03:44
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Gescannte Speicherelemente : 734
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 30087
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 7545
Erfasste Datei-Elemente : 0
Code:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-29 19:21:51
-----------------------------
19:21:51.504 OS Version: Windows 6.0.6002 Service Pack 2
19:21:51.504 Number of processors: 4 586 0x1707
19:21:51.504 ComputerName: A-PC UserName: a
19:22:01.706 Initialize success
19:22:01.815 AVAST engine defs: 11122900
19:22:20.177 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:22:20.177 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
19:22:20.177 Disk 0 MBR read successfully
19:22:20.177 Disk 0 MBR scan
19:22:20.192 Disk 0 Windows VISTA default MBR code
19:22:20.208 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 933377 MB offset 2048
19:22:20.208 Disk 0 Partition - 00 0F Extended LBA 20489 MB offset 1911558222
19:22:20.223 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20489 MB offset 1911558285
19:22:20.239 Disk 0 scanning sectors +1953520065
19:22:20.286 Disk 0 scanning C:\Windows\system32\drivers
19:22:25.387 Service scanning
19:22:26.760 Modules scanning
19:22:30.005 Disk 0 trace - called modules:
19:22:30.020 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:22:30.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b1d968]
19:22:30.036 3 CLASSPNP.SYS[8c19f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86775030]
19:22:32.703 AVAST engine scan C:\Windows
19:22:39.521 AVAST engine scan C:\Windows\system32
19:24:08.253 AVAST engine scan C:\Windows\system32\drivers
19:24:39.578 AVAST engine scan C:\Users\a
20:00:34.110 AVAST engine scan C:\ProgramData
20:03:27.847 Scan finished successfully
20:31:27.218 Disk 0 MBR has been saved successfully to "C:\Users\a\Desktop\MBR.dat"
20:31:27.234 The log file has been saved successfully to "C:\Users\a\Desktop\aswMBR.txt"
|
|
30.12.2011, 00:02
| #18 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Post_Label_N2420US und Win32:Downloader-LWRZitat:
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
30.12.2011, 11:22
| #19 |
| | Post_Label_N2420US und Win32:Downloader-LWR Nach dem Laufen von ComboFix kam es zu einem Bluescreen und der Computer wurde neu gestartet, Windows meldete ein unerwartetes Herunterfahren. Den ComboFix-Text habe ich aus C:\combofix Code:
ATTFilter omboFix 11-12-29.05 - a 30.12.2011 11:01:37.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2462 [GMT 1:00]
ausgeführt von:: C:\Users\a\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\aaw2008_11n.exe
C:\Program Files\GS_Index_20071215.exe
C:\Program Files\mbam-setup-1.51.1.1800.exe
C:\Windows\Windows6.0-KB948465-X86.exe
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-30 ))))))))))))))))))))))))))))))
2011-12-30 10:08:52 . 2011-12-30 10:08:58 -------- d-----w- C:\Users\a\AppData\Local\temp
2011-12-30 10:08:52 . 2011-12-30 10:08:52 -------- d-----w- C:\Users\Public\AppData\Local\temp
2011-12-30 10:08:52 . 2011-12-30 10:08:52 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-29 19:37:54 . 2011-12-29 19:37:54 -------- d-----w- C:\Users\a\AppData\Roaming\SUPERAntiSpyware.com
2011-12-29 19:37:14 . 2011-12-29 19:37:54 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-12-29 16:07:03 . 2011-12-29 16:07:03 56200 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{69228D0E-710D-4C42-9F2A-812FA8992112}\offreg.dll ERROR(0x00000005)
2011-12-27 14:09:50 . 2011-11-21 10:47:38 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{69228D0E-710D-4C42-9F2A-812FA8992112}\mpengine.dll ERROR(0x00000005)
2011-12-14 11:55:37 . 2011-10-27 08:01:53 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-12-14 11:55:37 . 2011-10-27 08:01:53 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-12-14 11:55:35 . 2011-11-23 13:37:27 2043904 ----a-w- C:\Windows\system32\win32k.sys
2011-12-14 11:55:35 . 2011-10-14 16:02:19 429056 ----a-w- C:\Windows\system32\EncDec.dll
2011-12-14 11:55:34 . 2011-11-08 12:10:10 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-14 11:55:34 . 2011-10-25 15:56:04 49152 ----a-w- C:\Windows\system32\csrsrv.dll
2011-12-14 11:55:33 . 2011-11-08 14:42:19 2048 ----a-w- C:\Windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-12-29 15:56:33 . 2011-06-22 13:04:07 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24:06 . 2011-09-13 12:01:40 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-11-28 18:01:25 . 2010-06-29 12:56:38 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 18:01:23 . 2008-12-13 20:23:56 199816 ----a-w- C:\Windows\system32\aswBoot.exe
2011-11-28 17:53:53 . 2011-04-04 14:57:44 435032 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2011-11-28 17:53:35 . 2008-12-13 20:24:03 314456 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-11-28 17:52:19 . 2008-12-13 20:24:03 34392 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-11-28 17:52:16 . 2008-12-13 20:24:03 52952 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-11-28 17:52:07 . 2008-12-13 20:23:56 55128 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51:50 . 2008-12-13 20:24:03 20568 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-11-24 16:11:06 . 2011-11-24 16:11:03 3511776 ----a-w- C:\Program Files\ccsetup312.exe
2011-11-21 10:47:38 . 2008-10-08 09:57:06 6823496 ----a-w- C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2011-11-17 15:56:09 . 2011-11-17 15:56:06 2448704 ----a-w- C:\Program Files\mp3tagv249asetup.exe
2011-11-13 17:53:16 . 2011-11-13 17:51:03 199812300 ----a-w- C:\Program Files\LibO_3.4.4_Win_x86_install_multi.exe
2011-11-13 12:04:27 . 2008-10-08 11:01:08 319456 ----a-w- C:\Windows\DIFxAPI.dll
2011-11-13 11:43:01 . 2011-11-13 11:39:01 51566481 ----a-w- C:\Program Files\32bit_Vista_Win7_R266.exe
2011-11-12 15:48:45 . 2011-11-12 15:48:12 44579152 ----a-w- C:\Program Files\calibre-0.8.26.msi
2011-11-07 21:12:32 . 2011-11-07 21:12:11 44517200 ----a-w- C:\Program Files\calibre-0.8.25.msi
2011-10-18 18:53:14 . 2011-11-13 12:04:10 3546664 ----a-w- C:\Windows\system32\drivers\RTKVHDA.sys
2011-10-18 17:10:30 . 2011-11-13 12:04:09 83048 ----a-w- C:\Windows\system32\RtkCoInst.dll
2011-10-18 14:57:10 . 2011-11-13 12:04:15 58264 ----a-w- C:\Windows\system32\TepeqAPO.dll
2011-10-18 12:47:22 . 2011-11-13 12:04:09 1329768 ----a-w- C:\Windows\system32\RtkApoApi.dll
2011-10-18 10:05:00 . 2011-11-13 12:04:10 2276968 ----a-w- C:\Windows\system32\RtkPgExt.dll
2011-10-17 16:30:38 . 2011-11-13 12:04:08 4238440 ----a-w- C:\Windows\system32\RtkAPO.dll
2011-10-14 12:43:36 . 2011-11-13 12:04:06 1873920 ----a-w- C:\Windows\system32\RCoRes.dat
2011-10-03 03:06:03 . 2010-10-19 14:27:02 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-09-29 20:56:25 . 2011-09-29 20:56:24 3495424 ----a-w- C:\Program Files\ccsetup311.exe
2011-09-29 20:37:05 . 2011-09-29 20:37:03 158832 ----a-w- C:\Program Files\1by1_175.exe
2011-09-17 13:22:38 . 2011-09-17 13:22:37 3127456 ----a-w- C:\Program Files\install_flash_player_ax.exe
2011-09-16 14:55:46 . 2011-09-16 14:55:44 908576 ----a-w- C:\Program Files\jxpiinstall.exe
2011-09-16 13:44:39 . 2011-09-16 13:44:33 18702336 ----a-w- C:\Program Files\PXCViewer_x86.msi
2011-09-15 13:23:12 . 2011-09-15 13:22:37 12570736 ----a-w- C:\Program Files\SUPERAntiSpyware.exe
2011-09-13 13:39:34 . 2011-09-13 13:39:32 2322184 ----a-w- C:\Program Files\esetsmartinstaller_enu.exe
2011-09-12 15:08:00 . 2011-09-12 15:07:55 10268672 ----a-w- C:\Program Files\Ad-Aware95Install.msi
2011-08-03 16:11:14 . 2011-08-03 16:11:00 21073936 ----a-w- C:\Program Files\vlc-1.1.11-win32.exe
2011-07-29 14:37:22 . 2011-07-29 14:37:17 2448352 ----a-w- C:\Program Files\mp3tagv249setup.exe
2011-06-28 13:09:21 . 2011-06-28 13:09:07 21022914 ----a-w- C:\Program Files\vlc-1.1.10-win32.exe
2011-05-30 20:07:55 . 2011-05-30 20:07:51 1402880 ----a-w- C:\Program Files\HiJackThis.msi
2011-05-30 14:17:33 . 2011-05-30 14:17:28 3096424 ----a-w- C:\Program Files\ccsetup307.exe
2011-04-28 14:07:20 . 2011-04-28 14:07:16 2446680 ----a-w- C:\Program Files\mp3tagv248setup.exe
2011-04-26 16:04:49 . 2011-04-26 16:03:55 20533281 ----a-w- C:\Program Files\vlc-1.1.9-win32.exe
2011-04-23 11:59:41 . 2011-04-23 11:59:39 568648 ----a-w- C:\Program Files\GoogleEarthSetup.exe
2011-04-04 17:24:31 . 2011-04-04 17:24:26 3050664 ----a-w- C:\Program Files\ccsetup305.exe
2011-04-04 15:09:03 . 2011-04-04 15:08:58 247053 ----a-w- C:\Program Files\mp3DC213.exe
2011-03-31 11:08:14 . 2011-03-31 11:08:00 20586196 ----a-w- C:\Program Files\vlc-1.1.8-win32.exe
2011-03-20 14:06:40 . 2011-03-20 14:06:40 772384 ----a-w- C:\Program Files\Mats_Run.performance.exe
2011-03-20 14:05:44 . 2011-03-20 14:05:43 772896 ----a-w- C:\Program Files\Mats_Run.printing.exe
2011-03-18 11:56:34 . 2011-03-18 11:56:26 20364702 ----a-w- C:\Program Files\vlc-1.1.7-win32.exe
2011-03-18 11:52:29 . 2011-03-18 11:52:24 6277496 ----a-w- C:\Program Files\Silverlight.exe
2011-02-20 15:40:23 . 2011-02-20 15:36:14 168166968 ----a-w- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe
2011-01-26 16:52:54 . 2011-01-26 16:52:49 3006368 ----a-w- C:\Program Files\ccsetup303.exe
2011-01-06 15:49:55 . 2011-01-06 15:49:33 38147376 ----a-w- C:\Program Files\QuickTimeInstaller.exe
2010-12-30 15:04:03 . 2010-12-30 15:03:35 4044900 ----a-w- C:\Program Files\tipp10_win_v2-0-3.exe
2010-12-20 11:43:49 . 2010-12-20 11:43:43 4750496 ----a-w- C:\Program Files\Shockwave_Installer_Slim.exe
2010-12-09 15:21:50 . 2010-12-09 15:21:36 19985265 ----a-w- C:\Program Files\vlc-1.1.5-win32.exe
2010-10-26 15:08:19 . 2010-10-26 15:08:18 226402 ----a-w- C:\Program Files\mp3DC212.exe
2010-10-14 19:42:56 . 2010-10-14 19:42:28 4229377 ----a-w- C:\Program Files\OrbitSetup4.0.3.exe
2010-08-28 10:45:53 . 2010-08-28 10:44:33 19657194 ----a-w- C:\Program Files\vlc-1.1.4-win32.exe
2010-08-20 12:25:01 . 2010-08-20 12:23:40 19563096 ----a-w- C:\Program Files\vlc-1.1.3-win32.exe
2010-08-10 14:13:14 . 2010-08-10 14:04:16 128750008 ----a-w- C:\Program Files\Ad-AwareInstall.exe
2010-08-02 12:16:06 . 2010-08-02 12:14:46 19461015 ----a-w- C:\Program Files\vlc-1.1.2-win32.exe
2010-08-01 12:43:52 . 2010-08-01 12:43:51 1295402 ----a-w- C:\Program Files\ag_mp3_plugin_setup.exe
2010-07-27 12:20:47 . 2010-07-27 12:10:19 151343200 ----a-w- C:\Program Files\OOo_3.2.1_Win_x86_install_de.exe
2010-05-25 18:43:14 . 2010-05-25 18:43:14 3099136 ----a-w- C:\Program Files\openofficeorg32.msi
2010-05-20 13:50:51 . 2010-05-20 13:50:50 150358 ----a-w- C:\Program Files\1by1_169.exe
2010-05-03 11:02:53 . 2010-05-03 11:02:38 5461276 ----a-w- C:\Program Files\TMViewerSetup.exe
2010-04-07 12:40:48 . 2010-04-07 12:40:38 3376656 ----a-w- C:\Program Files\ccsetup230.exe
2010-03-04 15:42:06 . 2010-03-04 15:10:43 167555440 ----a-w- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
2010-03-02 14:44:28 . 2010-03-02 14:44:27 2024035 ----a-w- C:\Program Files\Firesave.exe
2010-03-02 12:32:21 . 2010-03-02 12:31:34 8853856 ----a-w- C:\Program Files\Thunderbird Setup 3.0.3.exe
2010-03-02 12:06:41 . 2010-03-02 12:06:40 1772267 ----a-w- C:\Program Files\Thundersave_1.0.exe
2010-02-19 12:43:42 . 2010-02-19 12:40:40 44518776 ----a-w- C:\Program Files\setup_av_free_2_.exe
2010-02-06 14:07:49 . 2010-02-06 14:06:34 18499623 ----a-w- C:\Program Files\vlc-1.0.5-win32.exe
2010-01-29 17:38:01 . 2010-01-29 17:37:52 3370400 ----a-w- C:\Program Files\ccsetup228.exe
2010-01-28 17:53:15 . 2010-01-28 17:53:14 127083 ----a-w- C:\Program Files\1by1_168.exe
2010-01-28 17:18:20 . 2010-01-28 17:18:12 2572472 ----a-w- C:\Program Files\OrbitDownloaderSetup.exe
2009-12-02 12:06:35 . 2009-12-02 12:06:33 1128916 ----a-w- C:\Program Files\pdf2wordsetup.exe
2009-11-29 20:12:45 . 2009-11-29 20:12:00 12543460 ----a-w- C:\Program Files\pdfsam-win32inst-v2_0_0.exe
2009-10-26 13:49:09 . 2009-10-26 13:44:08 77086488 ----a-w- C:\Program Files\Ad-AwareInstallation.exe
2009-10-14 12:26:57 . 2009-10-14 12:26:51 3309072 ----a-w- C:\Program Files\ccsetup224.exe
2009-10-07 11:55:47 . 2009-10-07 11:45:28 149845064 ----a-w- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe
2009-07-11 12:36:28 . 2009-07-11 12:35:13 17828326 ----a-w- C:\Program Files\vlc-1.0.0-win32.exe
2009-06-26 15:59:36 . 2009-06-26 15:59:35 728103 ----a-w- C:\Program Files\VAL v1.1.1 Setup.exe
2009-05-15 11:43:08 . 2009-05-15 11:43:03 3227248 ----a-w- C:\Program Files\ccsetup219.exe
2009-05-08 21:16:48 . 2009-05-08 21:15:49 16742799 ----a-w- C:\Program Files\vlc-0.9.9-win32.exe
2009-05-07 13:42:11 . 2009-05-07 13:31:52 147695064 ----a-w- C:\Program Files\OOo_3.1.0_Win32Intel_install_de.exe
2009-05-05 14:01:41 . 2009-05-05 14:01:41 212713 ----a-w- C:\Program Files\mp3DC211.exe
2009-05-05 13:59:55 . 2009-05-05 13:59:51 121784 ----a-w- C:\Program Files\1by1_167.exe
2009-04-27 13:16:42 . 2009-04-27 13:16:35 3190688 ----a-w- C:\Program Files\ccsetup218.exe
2009-04-27 10:03:46 . 2009-04-27 10:03:46 9818624 ----a-w- C:\Program Files\openofficeorg31.msi
2009-04-21 12:18:24 . 2009-04-21 12:16:06 34543112 ----a-w- C:\Program Files\Ad-AwareAE.exe
2009-02-19 17:00:19 . 2009-02-19 16:59:10 16409960 ----a-w- C:\Program Files\spybotsd162.exe
2009-01-04 17:29:14 . 2009-01-04 17:29:10 938576 ----a-w- C:\Program Files\7z463.exe
2009-01-02 15:07:39 . 2009-01-02 15:05:44 16320472 ----a-w- C:\Program Files\vlc-0.9.8a-win32.exe
2008-12-31 14:43:22 . 2008-12-31 14:43:22 1018074 ----a-w- C:\Program Files\lameplugin.exe
2008-12-31 14:13:21 . 2008-12-31 14:11:25 15083520 ----a-w- C:\Program Files\spybotsd160.exe
2008-12-31 13:51:39 . 2008-12-31 13:51:14 3165824 ----a-w- C:\Program Files\ccsetup215.exe
2008-12-30 13:12:39 . 2008-12-30 13:12:28 2170309 ----a-w- C:\Program Files\gnupg-w32cli-1.4.9.exe
2008-12-29 17:36:11 . 2008-12-29 17:36:10 2188592 ----a-w- C:\Program Files\OrbitDownloader281Setup.exe
2008-12-10 16:28:34 . 2008-12-13 16:50:37 792771 ----a-w- C:\Program Files\MozBackup-1.4.8-DE.exe
2011-11-09 14:23:09 . 2011-03-22 16:03:41 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01:17 122512 ----a-w- C:\Program Files\Alwil Software\Avast5\ashShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 09:27:35 39408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 23:19:20 178712]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-22 18:10:00 13589024]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-22 18:10:00 92704]
"Launcher"="C:\Program Files\Kyocera\FS-720 Utilities\KMGLNC.exe" [2005-01-27 19:48:34 57344]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2007-05-10 12:18:26 835584]
"tsnpstd3"="C:\Windows\tsnpstd3.exe" [2009-06-30 15:20:08 339968]
"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 06:35:26 20480]
"avast"="C:\Program Files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 18:01:24 3744552]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 11:06:06 254696]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 14:13:56 11430504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04:58 35736 ----a-w- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57:32 20480 ----a-w- C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31:10 1840424 ----a-w- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29:52 2221352 ----a-w- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45:12 75304 ----a-w- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16:20 185896 ----a-w- C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06:06 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-09 00:44:22 4616064 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-20 09:27:35 39408 ----a-w- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2008-10-14 00:52:38 180224 ----a-w- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21:14 135664]
R3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys [2006-11-07 00:00:00 14976]
R3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21:14 135664]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2008-08-21 09:57:22 645120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 11:16:28 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 16:27:02 12880]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 21:55:22 67664]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 23:38:07 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 10:55:28 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 17:52:07 55128]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 14:31:10 1153368]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-10-14 00:52:50 376937]
S2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2008-10-14 00:52:50 184423]
S3 NxpCap;CTX capture service;C:\Windows\system32\DRIVERS\NxpCap.sys [2008-09-25 13:28:06 1332576]
S3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 08:31:04 13976]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - 90736186
*Deregistered* - 90736186
*Deregistered* - aswMBR
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Inhalt des "geplante Tasks" Ordners
2011-12-29 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21:20 . 2010-01-19 15:21:14]
2011-12-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21:20 . 2010-01-19 15:21:14]
2011-12-30 C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- C:\Windows\system32\msfeedssync.exe [2011-03-15 16:20:14 . 2011-03-15 16:20:14]
------- Zusätzlicher Suchlauf -------
uStart Page = about:blank
IE: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\xce0990k.default\
FF - prefs.js: browser.startup.homepage -
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Ad-Watch - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Skytel - Skytel.exe
|
|
30.12.2011, 18:47
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Post_Label_N2420US und Win32:Downloader-LWR Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.12.2011, 22:04
| #21 |
| | Post_Label_N2420US und Win32:Downloader-LWR Osam-log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:22:30 on 30.12.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 8.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FINDFAST.CPL" - "Microsoft Corporation" - C:\Windows\system32\FINDFAST.CPL "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "catchme" (catchme) - ? - C:\Users\a\AppData\Local\Temp\catchme.sys (File not found) "fgldrpog" (fgldrpog) - ? - C:\Users\a\AppData\Local\Temp\fgldrpog.sys (Hidden registry entry, rootkit activity | File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lbd" (Lbd) - ? - C:\Windows\System32\DRIVERS\Lbd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "RT2870 USB Wireless LAN Card Driver for Vista" (netr28u) - "Ralink Technology Corp." - C:\Windows\System32\DRIVERS\netr28u.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {AE424E85-F6DF-4910-A6A9-438797986431} "LibreOffice Property Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\propertyhdl.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Sammelmappen-Teiler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\UNBIND.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Program Files\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? - (File not found | COM-object registry key not found) {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {6E5B18CB-0EB6-4461-88B8-33B4683613D5} "DasÖrtliche Toolbar" - ? - C:\Program Files\Das Örtliche Toolbar\DasOertlicheToolbar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} "T3ToolbarHelper Class" - ? - C:\Program Files\Das Örtliche Toolbar\DasOertlicheToolbar.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "Launcher" - "KYOCERA MITA Corporation" - C:\Program Files\Kyocera\FS-720 Utilities\KMGLNC.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "tsnpstd3" - ? - C:\Windows\tsnpstd3.exe "WrtMon.exe" - ? - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "KML10001" - "KYOCERA MITA Corporation" - C:\Windows\system32\KML10001.DLL "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TVEnhance Background Capture Service (TBCS)" (TVECapSvc) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe "TVEnhance Task Scheduler (TTS))" (TVESched) - ? - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-30 21:23:58
-----------------------------
21:23:58.803 OS Version: Windows 6.0.6002 Service Pack 2
21:23:58.803 Number of processors: 4 586 0x1707
21:23:58.819 ComputerName: A-PC UserName: a
21:24:02.407 Initialize success
21:24:02.735 AVAST engine defs: 11123000
21:24:18.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:24:18.678 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
21:24:18.927 Disk 0 MBR read successfully
21:24:18.927 Disk 0 MBR scan
21:24:18.927 Disk 0 Windows VISTA default MBR code
21:24:19.193 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 933377 MB offset 2048
21:24:19.208 Disk 0 Partition - 00 0F Extended LBA 20489 MB offset 1911558222
21:24:19.442 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20489 MB offset 1911558285
21:24:19.551 Disk 0 scanning sectors +1953520065
21:24:20.175 Disk 0 scanning C:\Windows\system32\drivers
21:25:50.967 Service scanning
21:25:52.403 Modules scanning
21:27:26.112 Disk 0 trace - called modules:
21:27:26.174 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:27:26.190 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87302438]
21:27:26.190 3 CLASSPNP.SYS[8c1a98b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86779030]
21:27:28.701 AVAST engine scan C:\Windows
21:32:08.612 AVAST engine scan C:\Windows\system32
21:54:05.299 AVAST engine scan C:\Windows\system32\drivers
21:58:37.020 Disk 0 MBR has been saved successfully to "C:\Users\a\Desktop\MBR.dat"
21:58:37.067 The log file has been saved successfully to "C:\Users\a\Desktop\aswMBR30-12-11.txt"
Danke!!! |
|
30.12.2011, 22:44
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Post_Label_N2420US und Win32:Downloader-LWR Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2011, 17:18
| #23 |
| | Post_Label_N2420US und Win32:Downloader-LWR So, hier die beiden logs Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.31.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 a :: A-PC [Administrator] 31.12.2011 11:46:20 mbam-log-2011-12-31 (11-46-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368908 Laufzeit: 1 Stunde(n), 3 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 12/31/2011 bei 03:48 PM
Version der Applikation : 5.0.1142
Version der Kern-Datenbank : 8091
Version der Spur-Datenbank : 5903
Scan Art : kompletter Scann
Totale Scann-Zeit : 01:38:00
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Gescannte Speicherelemente : 669
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 38547
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 260647
Erfasste Datei-Elemente : 0
Ich hoffe, die Sache ist damit gut gelaufen. Gutes neues Jahr und vielen, vielen Dank!  |
|
01.01.2012, 14:07
| #24 |
| | Post_Label_N2420US und Win32:Downloader-LWR ESET ist noch mal gelaufen, alles gut Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-13 03:16:33
# local_time=2011-09-13 05:16:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 79391430 79391430 0 0
# compatibility_mode=768 16777215 100 0 308782 308782 0 0
# compatibility_mode=5892 16776573 100 100 15441 153454224 0 0
# compatibility_mode=8192 67108863 100 0 306 306 0 0
# scanned=305168
# found=0
# cleaned=0
# scan_time=5496
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-15 10:06:15
# local_time=2011-09-16 12:06:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 79575671 79575671 0 0
# compatibility_mode=768 16777215 100 0 493023 493023 0 0
# compatibility_mode=5892 16776573 100 100 199682 153638465 0 0
# compatibility_mode=8192 67108863 100 0 184547 184547 0 0
# scanned=303452
# found=3
# cleaned=0
# scan_time=18638
I:\A-PC\Backup Set 2010-03-02 133326\Backup Files 2010-03-02 133326\Backup files 1.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
I:\A-PC\Backup Set 2010-11-08 151038\Backup Files 2010-11-08 151038\Backup files 1.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
I:\A-PC\Backup Set 2010-11-08 151038\Backup Files 2011-05-05 111900\Backup files 1.zip HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 06:40:10
# local_time=2011-12-22 07:40:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 8961236 8961236 0 0
# compatibility_mode=5892 16776573 100 100 14333 162106678 0 0
# compatibility_mode=8192 67108863 100 0 8392593 8392593 0 0
# scanned=235493
# found=2
# cleaned=0
# scan_time=5259
C:\Users\a\AppData\Local\temp\Temp1_Post_Label_N2420US.zip\Post_Label.exe a variant of Win32/Kryptik.XUH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\a\Desktop\Post_Label_N2420US\Post_Label.exe a variant of Win32/Kryptik.XUH trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 06:40:35
# local_time=2011-12-28 07:40:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 9479826 9479826 0 0
# compatibility_mode=5892 16776573 100 100 4936 162625268 0 0
# compatibility_mode=8192 67108863 100 0 8911183 8911183 0 0
# scanned=238531
# found=0
# cleaned=0
# scan_time=5094
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 10:29:48
# local_time=2011-12-28 11:29:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 9493433 9493433 0 0
# compatibility_mode=5892 16776573 100 100 18543 162638875 0 0
# compatibility_mode=8192 67108863 100 0 8924790 8924790 0 0
# scanned=238821
# found=0
# cleaned=0
# scan_time=5241
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 07:48:48
# local_time=2011-12-31 08:48:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 9748163 9748163 0 0
# compatibility_mode=5892 16776573 100 100 106886 162893605 0 0
# compatibility_mode=8192 67108863 100 0 9179520 9179520 0 0
# scanned=602
# found=0
# cleaned=0
# scan_time=50
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-31 09:09:54
# local_time=2011-12-31 10:09:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 9748529 9748529 0 0
# compatibility_mode=5892 16776573 100 100 107252 162893971 0 0
# compatibility_mode=8192 67108863 100 0 9179886 9179886 0 0
# scanned=205045
# found=0
# cleaned=0
# scan_time=4551
Löschen? Oder einfach dort in Sicherheit eingesperrt lassen? |
|
02.01.2012, 12:26
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Post_Label_N2420US und Win32:Downloader-LWRZitat:
Ansonsten keine weiteren Funde!  Rechner wieder im Lot oder gibts noch Probleme und/oder andere Funde?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 12:43
| #26 |
| | Post_Label_N2420US und Win32:Downloader-LWR Nein, es gibt keine Funde und Befunde mehr Ich wollte nun die Tools löschen. Nur beim Beseitigen von ComboFix habe ich offensichtlich einen Fehler gemacht: Ich habe meinen AVAST-Virenscanner nicht ausgestellt und während ich combofix/uninstall laufen ließ, sprang er an und verschob einige Dateien in die Sandbox. ComboFix hat sofort gemeckert, ich habe den Virenscanner abgestellt und combofix/unistall noch einmal laufen lassen - nun hat er sich aufgehängt: Fehler beim Schreiben :C:\32788R2FWJFW\pev.3XE Geändert von andrewJ (02.01.2012 um 13:00 Uhr) |
|
02.01.2012, 14:11
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Post_Label_N2420US und Win32:Downloader-LWR Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 14:22
| #28 | |
| | Post_Label_N2420US und Win32:Downloader-LWR Wie ich oben schon schrieb: Zitat:
 |
|
02.01.2012, 14:33
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Post_Label_N2420US und Win32:Downloader-LWRZitat:
Richtig: "combofix /uninstall" Falls es auch RICHTIG ausgeführt nicht geht: Downloade dir bitte CF_UNINST.exe und speichere diese auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2012, 20:54
| #30 |
| | Post_Label_N2420US und Win32:Downloader-LWR Es hat geklappt! Vielen Dank noch mal! |
|
| Themen zu Post_Label_N2420US und Win32:Downloader-LWR |
| adobe, antivirus, application/pdf, application/pdf:, autorun, bho, c:\windows\system32\rundll32.exe, ccsetup, defender, error, excel.exe, exe, explorer, firefox, google earth, hijack, home, logfile, mozilla thunderbird, mp3, nodrives, nvidia, nvlddmkm.sys, plug-in, realtek, registry, required, rundll, safer networking, senden, software, superantispyware, system, tracker, usb, version=1.0, virus, vista, winlogon.exe |
Linear-Darstellung
