| |
| |||||||
Log-Analyse und Auswertung: Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.pscWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.02.2012, 18:12
| #1 |
 |  Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Hey Leutz, bei all den Regeln hoffe ich, keine zu verletzen: Ich poste ein GMER-Logfile, weil ich beim Besuch einer vermeintlich harmlosen Vornamen-Seite durch Avira folgende Meldung bekam: Beginne mit der Suche in 'C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr08LWN.tmp' Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore\DisableSR> wurde erfolgreich repariert. C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr08LWN.tmp [FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Decdec.psc [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ce6f76b.qua' verschoben! Das Gmer-Logfile sagt folgendes: GMER 1.0.15.14966 - hxxp://www.gmer.net Rootkit scan 2012-02-06 18:10:26 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT BA7D6D34 ZwClose SSDT BA7D6CEE ZwCreateKey SSDT BA7D6D3E ZwCreateSection SSDT BA7D6CE4 ZwCreateThread SSDT BA7D6CF3 ZwDeleteKey SSDT BA7D6CFD ZwDeleteValueKey SSDT BA7D6D2F ZwDuplicateObject SSDT BA7D6D02 ZwLoadKey SSDT BA7D6CD0 ZwOpenProcess SSDT BA7D6CD5 ZwOpenThread SSDT BA7D6D0C ZwReplaceKey SSDT BA7D6D07 ZwRestoreKey SSDT BA7D6D43 ZwSetContextThread SSDT BA7D6CF8 ZwSetValueKey SSDT BA7D6CDF ZwTerminateProcess ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b136dc Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b136dc@000fde80ae7b 0x72 0x80 0x51 0x05 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b136dc Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b136dc@000fde80ae7b 0x72 0x80 0x51 0x05 ... ---- Files - GMER 1.0.15 ---- File C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr08UV9.tmp 43 bytes File C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr08UVB.tmp 42 bytes ---- EOF - GMER 1.0.15 ---- Welche Einträge sind wirklich gefährlich und wie muss ich sie fixen? Vielen Dank im Voraus von einem Laien. Der Radler |
|
06.02.2012, 20:35
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
08.02.2012, 18:15
| #3 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Danke cosinus für die schnelle Antwort. Bin erst heute dazu gekommen, die Schritte abzuarbeiten.
__________________Hier also die Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.07.05 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Kathrin :: KATHRINSLAPES [Administrator] 07.02.2012 20:49:51 mbam-log-2012-02-07 (20-49-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 307994 Laufzeit: 49 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aa7cd301e8dc35479f577bee56ae3749
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-08 04:36:20
# local_time=2012-02-08 05:36:20 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 104516520 104516520 0 0
# compatibility_mode=1797 16775145 100 93 286722 65256277 340730 0
# compatibility_mode=8192 67108863 100 0 3806 3806 0 0
# scanned=114286
# found=0
# cleaned=0
# scan_time=3162
EDIT: Habe gerade gesehen, dass im Log von Malwarebytes das falsche Datum (von gestern) und die falsche Uhrzeit (3 Stunden voraus) stehen, obwohl ich den Scan gerade durchgeführt und das richtige Log-file gewählt habe. Hat das was zu bedeuten? Gruß radler |
|
09.02.2012, 11:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.02.2012, 15:01
| #5 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Ok. Hier das OTL-Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.02.2012 14:37:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\TOOLS Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 82,02% Memory free 2,62 Gb Paging File | 2,33 Gb Available in Paging File | 88,83% Paging File free Paging file location(s): C:\pagefile.sys 800 800 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 9,77 Gb Total Space | 2,74 Gb Free Space | 28,02% Space Free | Partition Type: NTFS Drive D: | 64,75 Gb Total Space | 15,29 Gb Free Space | 23,62% Space Free | Partition Type: NTFS Computer Name: ------- | User Name: ------- | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.09 14:06:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\TOOLS\OTL.exe PRC - [2012.02.01 22:54:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.01 22:54:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.07 12:20:43 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.08.07 00:44:45 | 000,151,552 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.01.28 11:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.01.10 23:15:44 | 000,159,744 | ---- | M] () -- C:\Programme\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll MOD - [2009.01.10 23:14:06 | 000,023,552 | ---- | M] () -- C:\Programme\FormatFactory\FFModules\Filters\Haali\mkunicode.dll MOD - [2008.08.25 11:17:28 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2008.08.25 11:17:28 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2008.08.25 11:17:27 | 000,216,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll MOD - [2008.08.06 23:52:54 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\02f214a38464254a9b8bbe0868e2e4c5\System.Xml.ni.dll MOD - [2008.08.06 23:52:49 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f1913c9fd594654292e49f033395523a\System.Windows.Forms.ni.dll MOD - [2008.08.06 23:52:37 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\fea415bab77ec34093b3b06c12165ee1\System.Drawing.ni.dll MOD - [2008.08.06 23:52:34 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4fc0ffbcf07c3442985ff17da8c15dd9\System.ni.dll MOD - [2008.08.06 23:52:23 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\89df908a1c9c204eb4125881b0b9887d\mscorlib.ni.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2012.02.01 22:54:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.01 22:54:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.08.07 00:44:45 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.02.01 22:54:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.02.01 22:54:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.15 15:23:41 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2009.05.11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.07 00:44:42 | 000,211,520 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.08.07 00:44:42 | 000,082,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2008.08.07 00:44:42 | 000,028,896 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2007.09.20 20:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2007.05.30 13:04:56 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.05.01 20:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007.02.16 14:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.12.22 04:56:44 | 000,988,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 04:56:00 | 000,209,664 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 04:55:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-776561741-1220945662-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-776561741-1220945662-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.05.21 FF - user.js..browser.search.update: false FF - user.js..browser.startup.homepage: "www.web.de" FF - user.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.05.21 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Programme\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Programme\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.04 15:04:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.01 17:36:19 | 000,000,000 | ---D | M] [2008.08.06 22:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Mozilla\Extensions [2008.08.06 22:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Mozilla\Firefox\Profiles\ku2k4wjz.default\extensions [2010.08.30 14:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.08.25 11:17:31 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2010.08.24 16:14:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.07.14 22:12:07 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.07.14 22:12:07 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2009.07.14 22:12:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2009.07.14 22:12:08 | 000,000,986 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2009.07.14 22:12:08 | 000,000,801 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.02 20:39:35 | 000,441,758 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 15183 more lines... O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-776561741-1220945662-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\Programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278248699640 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008.08.06 22:04:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\Shell - "" = AutoRun O33 - MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "gupdate1c9f6a68a773be6" MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.09 00:29:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kathrin\Recent [2012.02.08 16:40:15 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.02.02 20:08:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2012.02.02 18:53:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kathrin\Startmenü\Programme\Microsoft Bootvis [2012.02.02 18:53:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Bootvis [2012.02.02 16:45:17 | 000,000,000 | ---D | C] -- C:\Programme\Recuva [2008.08.07 00:41:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.09 14:08:27 | 000,415,368 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.02.09 14:08:27 | 000,400,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.02.09 14:08:27 | 000,075,186 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.02.09 14:08:27 | 000,062,484 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.02.09 14:03:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.02.08 23:49:14 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Microsoft Office Word 2007.lnk [2012.02.02 20:39:35 | 000,441,758 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.02.01 23:04:32 | 000,000,521 | ---- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Unterrichtsvorbereitun.lnk [2012.02.01 23:04:15 | 000,000,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Unterrichtsmaterialien.lnk [2012.02.01 23:03:38 | 000,000,668 | ---- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Malwarebyte's AntiMalware.lnk [2012.02.01 22:54:33 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.02.01 22:54:33 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.02.01 22:47:07 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.25 20:11:52 | 000,159,926 | ---- | M] () -- D:\Eigene Dateien\Lomographie 5Terre.pdf [2012.01.21 14:11:33 | 000,244,591 | ---- | M] () -- D:\Eigene Dateien\UranoShop- Widerruf - Rücksendung.jpg [2012.01.12 17:43:45 | 000,009,853 | ---- | M] () -- D:\Eigene Dateien\Stundenplan.odt [2012.01.11 19:46:01 | 000,147,297 | ---- | M] () -- D:\Eigene Dateien\Bewerbung.jpg [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.01 23:04:38 | 000,000,521 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Unterrichtsvorbereitun.lnk [2012.02.01 23:04:21 | 000,000,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Unterrichtsmaterialien.lnk [2012.02.01 23:03:38 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Desktop\Malwarebyte's AntiMalware.lnk [2012.01.25 20:11:51 | 000,159,926 | ---- | C] () -- D:\Eigene Dateien\Lomographie 5Terre.pdf [2012.01.21 14:11:33 | 000,244,591 | ---- | C] () -- D:\Eigene Dateien\UranoShop- Widerruf - Rücksendung.jpg [2012.01.12 17:21:44 | 000,009,853 | ---- | C] () -- D:\Eigene Dateien\Stundenplan.odt [2012.01.11 19:46:00 | 000,147,297 | ---- | C] () -- D:\Eigene Dateien\Bewerbung.jpg [2011.03.18 15:45:25 | 000,000,103 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.12.17 14:13:55 | 000,000,383 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010.12.13 23:03:04 | 000,005,077 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zdvsgyyj.ftl [2010.06.23 19:41:23 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.06.24 16:15:54 | 000,000,095 | ---- | C] () -- C:\WINDOWS\SELINGUA.INI [2008.12.03 14:45:03 | 000,009,705 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.09.11 20:35:21 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008.09.11 20:35:20 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.08.28 10:43:19 | 000,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.25 17:44:45 | 000,000,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\TheLastRipper.xml [2008.08.07 04:57:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.08.07 04:56:48 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.08.07 00:46:26 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.08.07 00:44:42 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2008.08.07 00:15:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2008.08.07 00:11:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.08.06 22:57:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.08.06 22:49:37 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini [2008.08.06 22:35:24 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.08.06 22:33:10 | 000,910,464 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008.08.06 22:32:59 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll [2008.08.06 22:05:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.08.06 22:01:50 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.05.22 23:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.05.22 23:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003.04.02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003.04.02 13:00:00 | 000,415,368 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2003.04.02 13:00:00 | 000,400,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003.04.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003.04.02 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2003.04.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003.04.02 13:00:00 | 000,075,186 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2003.04.02 13:00:00 | 000,062,484 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003.04.02 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2003.04.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003.04.02 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2003.04.02 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003.04.02 13:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2008.08.06 22:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Broadcom [2011.03.18 15:45:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2010.10.13 18:10:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.10.15 12:32:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2008.08.25 17:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm [2008.11.08 14:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet [2010.12.17 14:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nuance [2010.12.17 14:13:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2009.01.25 23:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2011.03.28 21:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.09.07 20:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrafficMonitor [2010.12.17 14:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zeon [2009.04.11 11:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Academic Software Zurich [2008.08.07 00:49:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Acronis [2010.12.13 23:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Arbeitsblatt Profi [2011.02.19 12:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Auslogics [2011.03.18 15:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Buhl Data Service [2010.10.15 12:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Canon [2011.03.30 18:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Dropbox [2008.10.20 11:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\FileMaker [2009.08.17 09:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\GARMIN [2008.10.15 15:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\KeePass [2010.12.17 14:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Nuance [2008.10.26 23:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\OpenOffice.org [2011.01.12 19:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Opera [2010.12.17 14:16:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\ScanSoft [2010.12.10 13:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\TeamViewer [2009.01.25 23:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Teleca [2010.06.15 13:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\TheLastRipper [2010.12.17 14:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Zeon [2008.10.20 09:00:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Surfen\Anwendungsdaten\Academic Software Zurich [2008.10.20 09:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Surfen\Anwendungsdaten\Opera ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.04.11 11:08:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Academic Software Zurich [2008.08.07 00:49:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Acronis [2008.09.12 12:17:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Adobe [2010.12.13 23:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Arbeitsblatt Profi [2011.02.19 12:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Auslogics [2010.06.15 12:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Avira [2011.03.18 15:53:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Buhl Data Service [2010.10.15 12:32:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Canon [2009.05.22 19:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\DivX [2011.03.30 18:29:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Dropbox [2011.04.04 19:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\dvdcss [2008.10.20 11:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\FileMaker [2010.12.17 14:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\FLEXnet [2009.08.17 09:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\GARMIN [2009.06.26 22:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Google [2008.11.11 16:28:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Help [2008.08.06 22:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Identities [2008.08.06 22:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\InstallShield [2008.10.15 15:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\KeePass [2008.08.06 23:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Macromedia [2008.10.19 17:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Malwarebytes [2010.11.17 16:47:23 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Microsoft [2008.08.06 22:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Mozilla [2010.12.17 14:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Nuance [2008.10.26 23:19:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\OpenOffice.org [2008.10.26 22:23:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\OpenOffice.org2 [2011.01.12 19:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Opera [2008.08.07 00:08:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Real [2010.12.17 14:16:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\ScanSoft [2011.04.06 21:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Skype [2010.10.17 10:22:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\skypePM [2009.01.25 23:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Sony Ericsson [2008.08.06 22:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Sun [2010.12.10 13:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\TeamViewer [2009.01.25 23:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Teleca [2010.06.15 13:23:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\TheLastRipper [2010.10.11 21:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\U3 [2008.08.25 12:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\vlc [2011.03.05 23:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Winamp [2008.08.06 22:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\WinRAR [2010.12.17 14:16:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Zeon < %APPDATA%\*.exe /s > [2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2010.10.21 21:31:51 | 000,089,831 | ---- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\Uninstall.exe [2012.02.02 18:53:16 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe [2012.02.02 18:53:16 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe [2012.02.02 18:53:16 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe [2012.02.02 18:53:16 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys [2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2003.04.02 13:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2002.08.29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2003.04.02 13:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2002.08.29 00:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll [2003.04.02 13:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2003.04.02 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll [2003.04.02 13:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll [2003.04.02 13:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2003.04.02 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2003.04.02 13:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2003.04.02 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2003.04.02 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.08.07 05:55:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.08.07 05:55:51 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.08.07 05:55:51 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9B013599 @Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FED912DB < End of report > Irgendwas dabei? Danke fürs Durchschauen. |
|
09.02.2012, 16:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1220945662-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.08.06 22:04:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\Shell - "" = AutoRun
O33 - MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
MsConfig - Services: "gupdate1c9f6a68a773be6"
[2008.08.07 00:41:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[2010.12.13 23:03:04 | 000,005,077 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zdvsgyyj.ftl
@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FED912DB
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc |
|
09.02.2012, 21:16
| #7 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc So ... hier erstmal das OTL-Fix-Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-776561741-1220945662-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb44bebc-d569-11df-92b1-001e101f8891}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb44bebc-d569-11df-92b1-001e101f8891}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb44bebc-d569-11df-92b1-001e101f8891}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb44bebc-d569-11df-92b1-001e101f8891}\ not found.
File F:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\gupdate1c9f6a68a773be6 deleted successfully.
C:\WINDOWS\system32\SysMonitor.exe moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zdvsgyyj.ftl moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9B013599 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FED912DB deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2203525 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Kathrin
->Temp folder emptied: 688814 bytes
->Temporary Internet Files folder emptied: 209206761 bytes
->Java cache emptied: 9656605 bytes
->FireFox cache emptied: 60170979 bytes
->Opera cache emptied: 46049700 bytes
->Flash cache emptied: 111119 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Surfen
->Temp folder emptied: 796089 bytes
->Temporary Internet Files folder emptied: 111588 bytes
->FireFox cache emptied: 92309277 bytes
->Opera cache emptied: 5962306 bytes
->Flash cache emptied: 1159 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119608 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67962 bytes
RecycleBin emptied: 14599162 bytes
Total Files Cleaned = 423,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02092012_210835
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Ich hab zwar in dem ganzen Prozess keine Rückmeldung bekommen, ob ich wirklich noch nen Virus/Trojaner hab, aber die schnelle, professionelle Hilfe, die auch jeder Depp hinbekommt ist schon bemerkenswert. Vielen Dank dafür. Kann es sein, dass du mir gleich noch ein bissl Systemoptimierung reingeschustert hast. Stichwort Autostart deaktivieren? Oder ist das für die Entfernung notwendig? Grüße der Radler |
|
10.02.2012, 09:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Ja ich lösche u.U. auch etwaigen Müll aus dem Autostart. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2012, 15:54
| #9 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Hier das Kaspersky-Log von tdsskiller.exe Code:
ATTFilter 15:53:39.0812 2864 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
15:53:40.0281 2864 ============================================================
15:53:40.0281 2864 Current date / time: 2012/02/10 15:53:40.0281
15:53:40.0281 2864 SystemInfo:
15:53:40.0281 2864
15:53:40.0281 2864 OS Version: 5.1.2600 ServicePack: 2.0
15:53:40.0281 2864 Product type: Workstation
15:53:40.0281 2864 ComputerName: LOCOBICI
15:53:40.0281 2864 UserName: Kathrin
15:53:40.0281 2864 Windows directory: C:\WINDOWS
15:53:40.0281 2864 System windows directory: C:\WINDOWS
15:53:40.0281 2864 Processor architecture: Intel x86
15:53:40.0281 2864 Number of processors: 1
15:53:40.0281 2864 Page size: 0x1000
15:53:40.0281 2864 Boot type: Normal boot
15:53:40.0281 2864 ============================================================
15:53:41.0968 2864 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:53:41.0984 2864 \Device\Harddisk0\DR0:
15:53:41.0984 2864 MBR used
15:53:41.0984 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC
15:53:41.0984 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B7A, BlocksNum 0x8181A86
15:53:42.0046 2864 Initialize success
15:53:42.0046 2864 ============================================================
15:54:42.0328 2392 ============================================================
15:54:42.0328 2392 Scan started
15:54:42.0328 2392 Mode: Manual; SigCheck; TDLFS;
15:54:42.0328 2392 ============================================================
15:54:43.0015 2392 Abiosdsk - ok
15:54:43.0046 2392 abp480n5 - ok
15:54:43.0078 2392 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:54:43.0687 2392 ACPI - ok
15:54:43.0781 2392 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:54:43.0875 2392 ACPIEC - ok
15:54:43.0890 2392 adpu160m - ok
15:54:43.0921 2392 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
15:54:44.0000 2392 aec - ok
15:54:44.0015 2392 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:54:44.0109 2392 AFD - ok
15:54:44.0125 2392 Aha154x - ok
15:54:44.0125 2392 aic78u2 - ok
15:54:44.0140 2392 aic78xx - ok
15:54:44.0156 2392 AliIde - ok
15:54:44.0171 2392 amsint - ok
15:54:44.0203 2392 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:54:44.0281 2392 Arp1394 - ok
15:54:44.0296 2392 asc - ok
15:54:44.0296 2392 asc3350p - ok
15:54:44.0312 2392 asc3550 - ok
15:54:44.0359 2392 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:54:44.0437 2392 AsyncMac - ok
15:54:44.0453 2392 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:54:44.0531 2392 atapi - ok
15:54:44.0531 2392 Atdisk - ok
15:54:44.0562 2392 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:54:44.0625 2392 Atmarpc - ok
15:54:44.0671 2392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:54:44.0750 2392 audstub - ok
15:54:44.0828 2392 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
15:54:44.0843 2392 avgio - ok
15:54:44.0859 2392 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:54:44.0875 2392 avgntflt - ok
15:54:44.0890 2392 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:54:44.0906 2392 avipbb - ok
15:54:44.0953 2392 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:54:44.0984 2392 b57w2k - ok
15:54:45.0062 2392 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:54:45.0171 2392 BCM43XX - ok
15:54:45.0203 2392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:54:45.0281 2392 Beep - ok
15:54:45.0328 2392 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
15:54:45.0406 2392 BthEnum - ok
15:54:45.0421 2392 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
15:54:45.0500 2392 BTHMODEM - ok
15:54:45.0531 2392 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
15:54:45.0609 2392 BthPan - ok
15:54:45.0640 2392 BTHPORT (0b9ace3462420fd48eb5d91868c88b75) C:\WINDOWS\system32\Drivers\BTHport.sys
15:54:45.0734 2392 BTHPORT - ok
15:54:45.0765 2392 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
15:54:45.0828 2392 BTHUSB - ok
15:54:45.0875 2392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:54:45.0968 2392 cbidf2k - ok
15:54:45.0984 2392 cd20xrnt - ok
15:54:46.0015 2392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:54:46.0093 2392 Cdaudio - ok
15:54:46.0125 2392 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:54:46.0218 2392 Cdfs - ok
15:54:46.0234 2392 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:54:46.0296 2392 Cdrom - ok
15:54:46.0312 2392 Changer - ok
15:54:46.0359 2392 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:54:46.0437 2392 CmBatt - ok
15:54:46.0437 2392 CmdIde - ok
15:54:46.0468 2392 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:54:46.0562 2392 Compbatt - ok
15:54:46.0593 2392 Cpqarray - ok
15:54:46.0609 2392 dac2w2k - ok
15:54:46.0609 2392 dac960nt - ok
15:54:46.0640 2392 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:54:46.0734 2392 Disk - ok
15:54:46.0765 2392 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
15:54:46.0859 2392 dmboot - ok
15:54:46.0875 2392 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
15:54:46.0968 2392 dmio - ok
15:54:47.0000 2392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:54:47.0093 2392 dmload - ok
15:54:47.0125 2392 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:54:47.0187 2392 DMusic - ok
15:54:47.0203 2392 dpti2o - ok
15:54:47.0218 2392 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:54:47.0312 2392 drmkaud - ok
15:54:47.0328 2392 ewusbnet - ok
15:54:47.0359 2392 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:54:47.0421 2392 Fastfat - ok
15:54:47.0453 2392 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
15:54:47.0515 2392 Fdc - ok
15:54:47.0531 2392 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
15:54:47.0625 2392 Fips - ok
15:54:47.0656 2392 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:54:47.0734 2392 Flpydisk - ok
15:54:47.0765 2392 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
15:54:47.0843 2392 FltMgr - ok
15:54:47.0859 2392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:54:47.0937 2392 Fs_Rec - ok
15:54:47.0953 2392 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:54:48.0046 2392 Ftdisk - ok
15:54:48.0078 2392 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:54:48.0156 2392 Gpc - ok
15:54:48.0187 2392 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
15:54:48.0187 2392 grmnusb ( UnsignedFile.Multi.Generic ) - warning
15:54:48.0187 2392 grmnusb - detected UnsignedFile.Multi.Generic (1)
15:54:48.0234 2392 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:54:48.0265 2392 HDAudBus - ok
15:54:48.0312 2392 HidBth (358f471549acf2ee0d7a25fa55def726) C:\WINDOWS\system32\DRIVERS\hidbth.sys
15:54:48.0390 2392 HidBth - ok
15:54:48.0421 2392 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:54:48.0515 2392 HidUsb - ok
15:54:48.0531 2392 hpn - ok
15:54:48.0578 2392 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:54:48.0609 2392 HSFHWAZL - ok
15:54:48.0656 2392 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:54:48.0734 2392 HSF_DPV - ok
15:54:48.0765 2392 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
15:54:48.0843 2392 HTTP - ok
15:54:48.0859 2392 hwdatacard - ok
15:54:48.0875 2392 hwusbdev - ok
15:54:48.0890 2392 i2omgmt - ok
15:54:48.0906 2392 i2omp - ok
15:54:48.0937 2392 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:54:49.0015 2392 i8042prt - ok
15:54:49.0218 2392 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:54:49.0906 2392 ialm - ok
15:54:49.0937 2392 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:54:50.0000 2392 Imapi - ok
15:54:50.0015 2392 ini910u - ok
15:54:50.0171 2392 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:54:50.0390 2392 IntcAzAudAddService - ok
15:54:50.0390 2392 IntelIde - ok
15:54:50.0421 2392 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:54:50.0500 2392 intelppm - ok
15:54:50.0515 2392 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
15:54:50.0593 2392 ip6fw - ok
15:54:50.0640 2392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:54:50.0718 2392 IpFilterDriver - ok
15:54:50.0750 2392 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:54:50.0828 2392 IpInIp - ok
15:54:50.0859 2392 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:54:50.0921 2392 IpNat - ok
15:54:50.0953 2392 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:54:51.0031 2392 IPSec - ok
15:54:51.0046 2392 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
15:54:51.0125 2392 irda - ok
15:54:51.0140 2392 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:54:51.0218 2392 IRENUM - ok
15:54:51.0281 2392 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:54:51.0375 2392 isapnp - ok
15:54:51.0390 2392 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:54:51.0468 2392 Kbdclass - ok
15:54:51.0515 2392 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:54:51.0578 2392 kbdhid - ok
15:54:51.0609 2392 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
15:54:51.0671 2392 kmixer - ok
15:54:51.0703 2392 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
15:54:51.0781 2392 KSecDD - ok
15:54:51.0796 2392 lbrtfdc - ok
15:54:51.0843 2392 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:54:51.0859 2392 mdmxsdk - ok
15:54:51.0890 2392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:54:51.0984 2392 mnmdd - ok
15:54:52.0015 2392 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
15:54:52.0078 2392 Modem - ok
15:54:52.0093 2392 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:54:52.0171 2392 Mouclass - ok
15:54:52.0203 2392 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:54:52.0296 2392 mouhid - ok
15:54:52.0328 2392 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:54:52.0390 2392 MountMgr - ok
15:54:52.0406 2392 mraid35x - ok
15:54:52.0437 2392 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:54:52.0515 2392 MRxDAV - ok
15:54:52.0546 2392 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:54:52.0640 2392 MRxSmb - ok
15:54:52.0671 2392 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:54:52.0750 2392 Msfs - ok
15:54:52.0781 2392 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
15:54:52.0859 2392 MSIRCOMM - ok
15:54:52.0875 2392 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:54:52.0953 2392 MSKSSRV - ok
15:54:52.0968 2392 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:54:53.0046 2392 MSPCLOCK - ok
15:54:53.0078 2392 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:54:53.0140 2392 MSPQM - ok
15:54:53.0171 2392 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:54:53.0250 2392 mssmbios - ok
15:54:53.0265 2392 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:54:53.0359 2392 Mup - ok
15:54:53.0390 2392 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:54:53.0453 2392 NDIS - ok
15:54:53.0484 2392 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:54:53.0578 2392 NdisTapi - ok
15:54:53.0593 2392 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:54:53.0671 2392 Ndisuio - ok
15:54:53.0687 2392 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:54:53.0750 2392 NdisWan - ok
15:54:53.0781 2392 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:54:53.0875 2392 NDProxy - ok
15:54:53.0906 2392 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:54:53.0984 2392 NetBIOS - ok
15:54:54.0000 2392 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:54:54.0078 2392 NetBT - ok
15:54:54.0109 2392 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:54:54.0187 2392 NIC1394 - ok
15:54:54.0218 2392 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:54:54.0296 2392 Npfs - ok
15:54:54.0312 2392 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
15:54:54.0375 2392 NSCIRDA - ok
15:54:54.0421 2392 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
15:54:54.0531 2392 Ntfs - ok
15:54:54.0562 2392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:54:54.0656 2392 Null - ok
15:54:54.0687 2392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:54:54.0765 2392 NwlnkFlt - ok
15:54:54.0781 2392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:54:54.0875 2392 NwlnkFwd - ok
15:54:54.0906 2392 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:54:54.0984 2392 ohci1394 - ok
15:54:55.0015 2392 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
15:54:55.0078 2392 Parport - ok
15:54:55.0109 2392 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:54:55.0187 2392 PartMgr - ok
15:54:55.0203 2392 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
15:54:55.0296 2392 ParVdm - ok
15:54:55.0312 2392 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
15:54:55.0390 2392 PCI - ok
15:54:55.0406 2392 PCIDump - ok
15:54:55.0437 2392 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:54:55.0531 2392 PCIIde - ok
15:54:55.0562 2392 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:54:55.0640 2392 Pcmcia - ok
15:54:55.0656 2392 PDCOMP - ok
15:54:55.0671 2392 PDFRAME - ok
15:54:55.0687 2392 PDRELI - ok
15:54:55.0687 2392 PDRFRAME - ok
15:54:55.0703 2392 perc2 - ok
15:54:55.0718 2392 perc2hib - ok
15:54:55.0781 2392 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:54:55.0843 2392 PptpMiniport - ok
15:54:55.0859 2392 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
15:54:55.0937 2392 Processor - ok
15:54:55.0968 2392 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:54:56.0046 2392 PSched - ok
15:54:56.0078 2392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:54:56.0171 2392 Ptilink - ok
15:54:56.0203 2392 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:54:56.0218 2392 PxHelp20 - ok
15:54:56.0234 2392 ql1080 - ok
15:54:56.0234 2392 Ql10wnt - ok
15:54:56.0250 2392 ql12160 - ok
15:54:56.0265 2392 ql1240 - ok
15:54:56.0281 2392 ql1280 - ok
15:54:56.0296 2392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:54:56.0375 2392 RasAcd - ok
15:54:56.0406 2392 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
15:54:56.0453 2392 Rasirda - ok
15:54:56.0484 2392 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:54:56.0562 2392 Rasl2tp - ok
15:54:56.0593 2392 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:54:56.0671 2392 RasPppoe - ok
15:54:56.0687 2392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:54:56.0796 2392 Raspti - ok
15:54:56.0828 2392 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:54:56.0921 2392 Rdbss - ok
15:54:56.0937 2392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:54:57.0031 2392 RDPCDD - ok
15:54:57.0078 2392 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
15:54:57.0140 2392 RDPWD - ok
15:54:57.0171 2392 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:54:57.0234 2392 redbook - ok
15:54:57.0281 2392 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
15:54:57.0343 2392 RFCOMM - ok
15:54:57.0562 2392 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:54:57.0640 2392 sdbus - ok
15:54:57.0671 2392 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:54:57.0750 2392 Secdrv - ok
15:54:57.0781 2392 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
15:54:57.0875 2392 Serial - ok
15:54:57.0890 2392 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:54:57.0984 2392 Sfloppy - ok
15:54:58.0000 2392 Simbad - ok
15:54:58.0031 2392 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
15:54:58.0046 2392 snapman ( UnsignedFile.Multi.Generic ) - warning
15:54:58.0046 2392 snapman - detected UnsignedFile.Multi.Generic (1)
15:54:58.0062 2392 Sparrow - ok
15:54:58.0078 2392 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
15:54:58.0156 2392 splitter - ok
15:54:58.0187 2392 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
15:54:58.0250 2392 sr - ok
15:54:58.0296 2392 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
15:54:58.0375 2392 Srv - ok
15:54:58.0406 2392 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:54:58.0421 2392 ssmdrv - ok
15:54:58.0437 2392 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:54:58.0515 2392 swenum - ok
15:54:58.0546 2392 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:54:58.0640 2392 swmidi - ok
15:54:58.0656 2392 symc810 - ok
15:54:58.0671 2392 symc8xx - ok
15:54:58.0671 2392 sym_hi - ok
15:54:58.0687 2392 sym_u3 - ok
15:54:58.0718 2392 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:54:58.0781 2392 sysaudio - ok
15:54:58.0828 2392 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:54:58.0906 2392 Tcpip - ok
15:54:58.0937 2392 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:54:59.0000 2392 TDPIPE - ok
15:54:59.0015 2392 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:54:59.0078 2392 TDTCP - ok
15:54:59.0125 2392 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
15:54:59.0171 2392 teamviewervpn - ok
15:54:59.0203 2392 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:54:59.0296 2392 TermDD - ok
15:54:59.0343 2392 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
15:54:59.0359 2392 tifm21 - ok
15:54:59.0390 2392 tifsfilter (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:54:59.0406 2392 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
15:54:59.0406 2392 tifsfilter - detected UnsignedFile.Multi.Generic (1)
15:54:59.0437 2392 timounter (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
15:54:59.0437 2392 timounter ( UnsignedFile.Multi.Generic ) - warning
15:54:59.0437 2392 timounter - detected UnsignedFile.Multi.Generic (1)
15:54:59.0453 2392 TosIde - ok
15:54:59.0468 2392 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:54:59.0546 2392 Udfs - ok
15:54:59.0562 2392 ultra - ok
15:54:59.0593 2392 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
15:54:59.0687 2392 Update - ok
15:54:59.0718 2392 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:54:59.0796 2392 usbccgp - ok
15:54:59.0828 2392 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:54:59.0906 2392 usbehci - ok
15:54:59.0921 2392 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:55:00.0000 2392 usbhub - ok
15:55:00.0031 2392 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:55:00.0109 2392 usbprint - ok
15:55:00.0140 2392 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:55:00.0218 2392 usbscan - ok
15:55:00.0234 2392 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:55:00.0312 2392 USBSTOR - ok
15:55:00.0343 2392 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:55:00.0406 2392 usbuhci - ok
15:55:00.0421 2392 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:55:00.0484 2392 VgaSave - ok
15:55:00.0500 2392 ViaIde - ok
15:55:00.0546 2392 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
15:55:00.0609 2392 VolSnap - ok
15:55:00.0640 2392 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:55:00.0718 2392 Wanarp - ok
15:55:00.0734 2392 WDICA - ok
15:55:00.0765 2392 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
15:55:00.0859 2392 wdmaud - ok
15:55:00.0906 2392 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:55:00.0984 2392 winachsf - ok
15:55:01.0031 2392 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:55:01.0093 2392 WmiAcpi - ok
15:55:01.0156 2392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:55:01.0171 2392 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
15:55:01.0171 2392 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
15:55:01.0265 2392 Boot (0x1200) (df29eaea2fe837ef94e966c2783bfc3a) \Device\Harddisk0\DR0\Partition0
15:55:01.0265 2392 \Device\Harddisk0\DR0\Partition0 - ok
15:55:01.0296 2392 Boot (0x1200) (062ef18456445e3981da25cac058f93c) \Device\Harddisk0\DR0\Partition1
15:55:01.0296 2392 \Device\Harddisk0\DR0\Partition1 - ok
15:55:01.0296 2392 ============================================================
15:55:01.0296 2392 Scan finished
15:55:01.0296 2392 ============================================================
15:55:01.0406 2372 Detected object count: 5
15:55:01.0406 2372 Actual detected object count: 5
15:57:07.0203 2372 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:07.0203 2372 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:07.0203 2372 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:07.0203 2372 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:07.0203 2372 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:07.0203 2372 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:07.0203 2372 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
15:57:07.0203 2372 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:57:07.0203 2372 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - skipped by user
15:57:07.0203 2372 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Skip
Thx |
|
10.02.2012, 17:00
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.pscZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.02.2012, 18:47
| #11 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.pscCode:
ATTFilter 18:31:14.0796 3176 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
18:31:15.0265 3176 ============================================================
18:31:15.0265 3176 Current date / time: 2012/02/10 18:31:15.0265
18:31:15.0265 3176 SystemInfo:
18:31:15.0265 3176
18:31:15.0265 3176 OS Version: 5.1.2600 ServicePack: 2.0
18:31:15.0265 3176 Product type: Workstation
18:31:15.0265 3176 ComputerName: LOCOBICI
18:31:15.0265 3176 UserName: Kathrin
18:31:15.0265 3176 Windows directory: C:\WINDOWS
18:31:15.0265 3176 System windows directory: C:\WINDOWS
18:31:15.0265 3176 Processor architecture: Intel x86
18:31:15.0265 3176 Number of processors: 1
18:31:15.0265 3176 Page size: 0x1000
18:31:15.0265 3176 Boot type: Normal boot
18:31:15.0265 3176 ============================================================
18:31:16.0593 3176 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:31:16.0593 3176 \Device\Harddisk0\DR0:
18:31:16.0593 3176 MBR used
18:31:16.0593 3176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1388AFC
18:31:16.0609 3176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B7A, BlocksNum 0x8181A86
18:31:16.0656 3176 Initialize success
18:31:16.0656 3176 ============================================================
18:31:23.0562 3504 ============================================================
18:31:23.0562 3504 Scan started
18:31:23.0562 3504 Mode: Manual; SigCheck; TDLFS;
18:31:23.0562 3504 ============================================================
18:31:24.0281 3504 Abiosdsk - ok
18:31:24.0312 3504 abp480n5 - ok
18:31:24.0359 3504 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:31:24.0984 3504 ACPI - ok
18:31:25.0078 3504 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:31:25.0156 3504 ACPIEC - ok
18:31:25.0187 3504 adpu160m - ok
18:31:25.0218 3504 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
18:31:25.0281 3504 aec - ok
18:31:25.0312 3504 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
18:31:25.0390 3504 AFD - ok
18:31:25.0406 3504 Aha154x - ok
18:31:25.0421 3504 aic78u2 - ok
18:31:25.0437 3504 aic78xx - ok
18:31:25.0453 3504 AliIde - ok
18:31:25.0468 3504 amsint - ok
18:31:25.0500 3504 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:31:25.0578 3504 Arp1394 - ok
18:31:25.0593 3504 asc - ok
18:31:25.0593 3504 asc3350p - ok
18:31:25.0609 3504 asc3550 - ok
18:31:25.0656 3504 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:31:25.0734 3504 AsyncMac - ok
18:31:25.0781 3504 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:31:25.0843 3504 atapi - ok
18:31:25.0859 3504 Atdisk - ok
18:31:25.0890 3504 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:31:25.0953 3504 Atmarpc - ok
18:31:26.0000 3504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:31:26.0078 3504 audstub - ok
18:31:26.0156 3504 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
18:31:26.0156 3504 avgio - ok
18:31:26.0187 3504 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:31:26.0187 3504 avgntflt - ok
18:31:26.0218 3504 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:31:26.0234 3504 avipbb - ok
18:31:26.0281 3504 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:31:26.0312 3504 b57w2k - ok
18:31:26.0390 3504 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:31:26.0500 3504 BCM43XX - ok
18:31:26.0531 3504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:31:26.0625 3504 Beep - ok
18:31:26.0656 3504 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
18:31:26.0734 3504 BthEnum - ok
18:31:26.0781 3504 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
18:31:26.0859 3504 BTHMODEM - ok
18:31:26.0890 3504 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
18:31:26.0968 3504 BthPan - ok
18:31:27.0000 3504 BTHPORT (0b9ace3462420fd48eb5d91868c88b75) C:\WINDOWS\system32\Drivers\BTHport.sys
18:31:27.0078 3504 BTHPORT - ok
18:31:27.0109 3504 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
18:31:27.0171 3504 BTHUSB - ok
18:31:27.0218 3504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:31:27.0312 3504 cbidf2k - ok
18:31:27.0328 3504 cd20xrnt - ok
18:31:27.0375 3504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:31:27.0453 3504 Cdaudio - ok
18:31:27.0484 3504 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:31:27.0578 3504 Cdfs - ok
18:31:27.0593 3504 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:31:27.0656 3504 Cdrom - ok
18:31:27.0671 3504 Changer - ok
18:31:27.0718 3504 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:31:27.0796 3504 CmBatt - ok
18:31:27.0796 3504 CmdIde - ok
18:31:27.0828 3504 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:31:27.0937 3504 Compbatt - ok
18:31:27.0953 3504 Cpqarray - ok
18:31:27.0968 3504 dac2w2k - ok
18:31:27.0968 3504 dac960nt - ok
18:31:28.0000 3504 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:31:28.0093 3504 Disk - ok
18:31:28.0125 3504 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
18:31:28.0218 3504 dmboot - ok
18:31:28.0234 3504 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
18:31:28.0328 3504 dmio - ok
18:31:28.0359 3504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:31:28.0437 3504 dmload - ok
18:31:28.0468 3504 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:31:28.0531 3504 DMusic - ok
18:31:28.0546 3504 dpti2o - ok
18:31:28.0562 3504 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:31:28.0656 3504 drmkaud - ok
18:31:28.0671 3504 ewusbnet - ok
18:31:28.0703 3504 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:31:28.0765 3504 Fastfat - ok
18:31:28.0796 3504 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
18:31:28.0875 3504 Fdc - ok
18:31:28.0890 3504 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
18:31:28.0984 3504 Fips - ok
18:31:29.0000 3504 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:31:29.0078 3504 Flpydisk - ok
18:31:29.0125 3504 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
18:31:29.0187 3504 FltMgr - ok
18:31:29.0218 3504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:31:29.0296 3504 Fs_Rec - ok
18:31:29.0312 3504 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:31:29.0406 3504 Ftdisk - ok
18:31:29.0437 3504 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:31:29.0515 3504 Gpc - ok
18:31:29.0546 3504 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
18:31:29.0546 3504 grmnusb ( UnsignedFile.Multi.Generic ) - warning
18:31:29.0546 3504 grmnusb - detected UnsignedFile.Multi.Generic (1)
18:31:29.0593 3504 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:31:29.0609 3504 HDAudBus - ok
18:31:29.0656 3504 HidBth (358f471549acf2ee0d7a25fa55def726) C:\WINDOWS\system32\DRIVERS\hidbth.sys
18:31:29.0734 3504 HidBth - ok
18:31:29.0781 3504 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:31:29.0890 3504 HidUsb - ok
18:31:29.0906 3504 hpn - ok
18:31:29.0937 3504 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:31:29.0968 3504 HSFHWAZL - ok
18:31:30.0015 3504 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:31:30.0078 3504 HSF_DPV - ok
18:31:30.0125 3504 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
18:31:30.0203 3504 HTTP - ok
18:31:30.0218 3504 hwdatacard - ok
18:31:30.0234 3504 hwusbdev - ok
18:31:30.0250 3504 i2omgmt - ok
18:31:30.0265 3504 i2omp - ok
18:31:30.0296 3504 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:31:30.0375 3504 i8042prt - ok
18:31:30.0750 3504 ialm (12c7f8d581c4a9f126f5f8f5683a1c29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:31:31.0109 3504 ialm - ok
18:31:31.0125 3504 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:31:31.0203 3504 Imapi - ok
18:31:31.0218 3504 ini910u - ok
18:31:31.0375 3504 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:31:31.0593 3504 IntcAzAudAddService - ok
18:31:31.0593 3504 IntelIde - ok
18:31:31.0640 3504 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:31:31.0718 3504 intelppm - ok
18:31:31.0734 3504 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
18:31:31.0828 3504 ip6fw - ok
18:31:31.0859 3504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:31:31.0937 3504 IpFilterDriver - ok
18:31:31.0968 3504 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:31:32.0046 3504 IpInIp - ok
18:31:32.0078 3504 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:31:32.0140 3504 IpNat - ok
18:31:32.0171 3504 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:31:32.0234 3504 IPSec - ok
18:31:32.0265 3504 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
18:31:32.0343 3504 irda - ok
18:31:32.0375 3504 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:31:32.0453 3504 IRENUM - ok
18:31:32.0500 3504 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:31:32.0593 3504 isapnp - ok
18:31:32.0640 3504 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:31:32.0718 3504 Kbdclass - ok
18:31:32.0765 3504 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:31:32.0843 3504 kbdhid - ok
18:31:32.0875 3504 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
18:31:32.0968 3504 kmixer - ok
18:31:32.0984 3504 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
18:31:33.0078 3504 KSecDD - ok
18:31:33.0093 3504 lbrtfdc - ok
18:31:33.0140 3504 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:31:33.0140 3504 mdmxsdk - ok
18:31:33.0187 3504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:31:33.0281 3504 mnmdd - ok
18:31:33.0312 3504 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
18:31:33.0375 3504 Modem - ok
18:31:33.0406 3504 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:31:33.0468 3504 Mouclass - ok
18:31:33.0515 3504 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:31:33.0593 3504 mouhid - ok
18:31:33.0625 3504 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:31:33.0687 3504 MountMgr - ok
18:31:33.0703 3504 mraid35x - ok
18:31:33.0734 3504 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:31:33.0812 3504 MRxDAV - ok
18:31:33.0859 3504 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:31:33.0937 3504 MRxSmb - ok
18:31:33.0968 3504 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:31:34.0046 3504 Msfs - ok
18:31:34.0093 3504 MSIRCOMM (ee55f5c64417cc369866d7eafe9b07ab) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
18:31:34.0156 3504 MSIRCOMM - ok
18:31:34.0187 3504 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:31:34.0250 3504 MSKSSRV - ok
18:31:34.0265 3504 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:31:34.0359 3504 MSPCLOCK - ok
18:31:34.0390 3504 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:31:34.0453 3504 MSPQM - ok
18:31:34.0484 3504 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:31:34.0546 3504 mssmbios - ok
18:31:34.0578 3504 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:31:34.0656 3504 Mup - ok
18:31:34.0687 3504 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:31:34.0765 3504 NDIS - ok
18:31:34.0796 3504 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:31:34.0875 3504 NdisTapi - ok
18:31:34.0890 3504 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:31:34.0953 3504 Ndisuio - ok
18:31:34.0984 3504 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:31:35.0046 3504 NdisWan - ok
18:31:35.0078 3504 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:31:35.0171 3504 NDProxy - ok
18:31:35.0203 3504 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:31:35.0281 3504 NetBIOS - ok
18:31:35.0312 3504 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:31:35.0375 3504 NetBT - ok
18:31:35.0421 3504 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:31:35.0500 3504 NIC1394 - ok
18:31:35.0531 3504 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:31:35.0609 3504 Npfs - ok
18:31:35.0625 3504 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
18:31:35.0687 3504 NSCIRDA - ok
18:31:35.0734 3504 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
18:31:35.0843 3504 Ntfs - ok
18:31:35.0875 3504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:31:35.0953 3504 Null - ok
18:31:36.0000 3504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:31:36.0078 3504 NwlnkFlt - ok
18:31:36.0093 3504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:31:36.0203 3504 NwlnkFwd - ok
18:31:36.0218 3504 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:31:36.0312 3504 ohci1394 - ok
18:31:36.0343 3504 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
18:31:36.0421 3504 Parport - ok
18:31:36.0453 3504 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:31:36.0531 3504 PartMgr - ok
18:31:36.0562 3504 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:31:36.0656 3504 ParVdm - ok
18:31:36.0687 3504 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
18:31:36.0765 3504 PCI - ok
18:31:36.0781 3504 PCIDump - ok
18:31:36.0812 3504 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:31:36.0906 3504 PCIIde - ok
18:31:36.0937 3504 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:31:37.0031 3504 Pcmcia - ok
18:31:37.0046 3504 PDCOMP - ok
18:31:37.0046 3504 PDFRAME - ok
18:31:37.0062 3504 PDRELI - ok
18:31:37.0078 3504 PDRFRAME - ok
18:31:37.0093 3504 perc2 - ok
18:31:37.0109 3504 perc2hib - ok
18:31:37.0171 3504 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:31:37.0234 3504 PptpMiniport - ok
18:31:37.0265 3504 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
18:31:37.0343 3504 Processor - ok
18:31:37.0375 3504 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:31:37.0453 3504 PSched - ok
18:31:37.0484 3504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:31:37.0578 3504 Ptilink - ok
18:31:37.0609 3504 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:31:37.0625 3504 PxHelp20 - ok
18:31:37.0625 3504 ql1080 - ok
18:31:37.0640 3504 Ql10wnt - ok
18:31:37.0656 3504 ql12160 - ok
18:31:37.0671 3504 ql1240 - ok
18:31:37.0687 3504 ql1280 - ok
18:31:37.0703 3504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:31:37.0796 3504 RasAcd - ok
18:31:37.0828 3504 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:31:37.0890 3504 Rasirda - ok
18:31:37.0906 3504 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:31:37.0968 3504 Rasl2tp - ok
18:31:38.0000 3504 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:31:38.0078 3504 RasPppoe - ok
18:31:38.0109 3504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:31:38.0234 3504 Raspti - ok
18:31:38.0359 3504 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:31:38.0453 3504 Rdbss - ok
18:31:38.0468 3504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:31:38.0562 3504 RDPCDD - ok
18:31:38.0609 3504 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
18:31:38.0687 3504 RDPWD - ok
18:31:38.0703 3504 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:31:38.0781 3504 redbook - ok
18:31:38.0812 3504 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
18:31:38.0906 3504 RFCOMM - ok
18:31:38.0953 3504 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:31:39.0015 3504 sdbus - ok
18:31:39.0046 3504 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:31:39.0140 3504 Secdrv - ok
18:31:39.0171 3504 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
18:31:39.0265 3504 Serial - ok
18:31:39.0281 3504 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:31:39.0375 3504 Sfloppy - ok
18:31:39.0390 3504 Simbad - ok
18:31:39.0437 3504 snapman (79555b34913cb5d1ea429d295c5a17ac) C:\WINDOWS\system32\DRIVERS\snapman.sys
18:31:39.0453 3504 snapman ( UnsignedFile.Multi.Generic ) - warning
18:31:39.0453 3504 snapman - detected UnsignedFile.Multi.Generic (1)
18:31:39.0468 3504 Sparrow - ok
18:31:39.0484 3504 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
18:31:39.0562 3504 splitter - ok
18:31:39.0593 3504 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:31:39.0671 3504 sr - ok
18:31:39.0703 3504 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
18:31:39.0781 3504 Srv - ok
18:31:39.0812 3504 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:31:39.0812 3504 ssmdrv - ok
18:31:39.0843 3504 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:31:39.0921 3504 swenum - ok
18:31:39.0984 3504 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:31:40.0078 3504 swmidi - ok
18:31:40.0093 3504 symc810 - ok
18:31:40.0109 3504 symc8xx - ok
18:31:40.0125 3504 sym_hi - ok
18:31:40.0125 3504 sym_u3 - ok
18:31:40.0156 3504 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:31:40.0218 3504 sysaudio - ok
18:31:40.0250 3504 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:31:40.0328 3504 Tcpip - ok
18:31:40.0359 3504 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:31:40.0421 3504 TDPIPE - ok
18:31:40.0453 3504 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:31:40.0515 3504 TDTCP - ok
18:31:40.0562 3504 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
18:31:40.0578 3504 teamviewervpn - ok
18:31:40.0593 3504 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:31:40.0687 3504 TermDD - ok
18:31:40.0718 3504 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys
18:31:40.0750 3504 tifm21 - ok
18:31:40.0781 3504 tifsfilter (18f20c81f84599bf457ed640891aad99) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:31:40.0796 3504 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
18:31:40.0796 3504 tifsfilter - detected UnsignedFile.Multi.Generic (1)
18:31:40.0828 3504 timounter (7c31f485c2f8ce976280c86f3cb13d6c) C:\WINDOWS\system32\DRIVERS\timntr.sys
18:31:40.0843 3504 timounter ( UnsignedFile.Multi.Generic ) - warning
18:31:40.0843 3504 timounter - detected UnsignedFile.Multi.Generic (1)
18:31:40.0859 3504 TosIde - ok
18:31:40.0890 3504 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:31:40.0953 3504 Udfs - ok
18:31:40.0968 3504 ultra - ok
18:31:41.0015 3504 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
18:31:41.0109 3504 Update - ok
18:31:41.0156 3504 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:31:41.0218 3504 usbccgp - ok
18:31:41.0250 3504 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:31:41.0312 3504 usbehci - ok
18:31:41.0328 3504 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:31:41.0406 3504 usbhub - ok
18:31:41.0437 3504 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:31:41.0515 3504 usbprint - ok
18:31:41.0562 3504 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:31:41.0640 3504 usbscan - ok
18:31:41.0656 3504 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:31:41.0718 3504 USBSTOR - ok
18:31:41.0781 3504 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:31:41.0843 3504 usbuhci - ok
18:31:41.0859 3504 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:31:41.0921 3504 VgaSave - ok
18:31:41.0937 3504 ViaIde - ok
18:31:41.0984 3504 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
18:31:42.0046 3504 VolSnap - ok
18:31:42.0078 3504 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:31:42.0156 3504 Wanarp - ok
18:31:42.0171 3504 WDICA - ok
18:31:42.0203 3504 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
18:31:42.0281 3504 wdmaud - ok
18:31:42.0343 3504 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:31:42.0390 3504 winachsf - ok
18:31:42.0421 3504 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:31:42.0500 3504 WmiAcpi - ok
18:31:42.0546 3504 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:31:42.0890 3504 \Device\Harddisk0\DR0 - ok
18:31:42.0890 3504 Boot (0x1200) (df29eaea2fe837ef94e966c2783bfc3a) \Device\Harddisk0\DR0\Partition0
18:31:42.0890 3504 \Device\Harddisk0\DR0\Partition0 - ok
18:31:42.0890 3504 Boot (0x1200) (062ef18456445e3981da25cac058f93c) \Device\Harddisk0\DR0\Partition1
18:31:42.0906 3504 \Device\Harddisk0\DR0\Partition1 - ok
18:31:42.0906 3504 ============================================================
18:31:42.0906 3504 Scan finished
18:31:42.0906 3504 ============================================================
18:31:43.0015 3500 Detected object count: 4
18:31:43.0015 3500 Actual detected object count: 4
18:50:16.0968 3500 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:16.0968 3500 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:17.0000 3500 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:17.0000 3500 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:17.0000 3500 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:17.0000 3500 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:17.0000 3500 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:17.0000 3500 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.02.2012, 19:32
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.02.2012, 11:48
| #13 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Combofix Logfile: Code:
ATTFilter ComboFix 12-02-10.03 - Kathrin 11.02.2012 11:39:22.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Kathrin\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Kathrin\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\sponsoring\sponsor.html
c:\programme\xp-AntiSpy\sponsoring\sponsor.url
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\ST6UNST.000
c:\windows\system\Color
c:\windows\system32\Desktop_.ini
d:\eigene dateien\Downloads\CT2776682_BrotherSoft_Extreme.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSUPDATE
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-11 bis 2012-02-11 ))))))))))))))))))))))))))))))
.
.
2012-02-10 16:23 . 2012-02-10 16:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 15:40 . 2012-02-08 15:40 -------- d-----w- c:\programme\ESET
2012-02-02 19:08 . 2012-02-02 19:08 -------- d-----w- c:\windows\system32\LogFiles
2012-02-02 17:53 . 2012-02-02 19:12 -------- d-----w- c:\programme\Microsoft Bootvis
2012-02-02 15:45 . 2012-02-02 15:45 -------- d-----w- c:\programme\Recuva
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 21:54 . 2010-06-15 11:39 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-01 21:54 . 2010-06-15 11:39 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-10 14:24 . 2008-10-19 16:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
.
c:\dokumente und einstellungen\Kathrin\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Zattoo\\Zattoo2.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Dokumente und Einstellungen\\Kathrin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"d:\\TOOLS\\Shutdown\\RDShutdown.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.06.2010 12:39 136360]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [10.12.2010 13:14 25088]
S4 gupdate1c9f6a68a773be6;Google Update Service (gupdate1c9f6a68a773be6);c:\programme\Google\Update\GoogleUpdate.exe [26.06.2009 22:39 133104]
.
Inhalt des "geplante Tasks" Ordners
.
2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cad8f95b29da2a.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-06-26 21:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Citavi Picker... - file://c:\programme\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: An vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
FF - ProfilePath - c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Mozilla\Firefox\Profiles\ku2k4wjz.default\
FF - prefs.js: browser.startup.homepage - www.web.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Citavi Picker: {8AA36F4F-6DC7-4c06-77AF-5035170634FE} - c:\programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.auto - false
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.enabled - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1328138980
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1328138980
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1328138980
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1328138980
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1328181857
FF - user.js: browser.download.lastDir - d:\\TOOLS
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.manager.closeWhenDone - true
FF - user.js: browser.download.save_converter_index - 0
FF - user.js: browser.download.useDownloadDir - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 1
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.importDefaults - false
FF - user.js: browser.places.leftPaneFolderId - -1
FF - user.js: browser.places.migratePostDataAnnotations - false
FF - user.js: browser.places.smartBookmarksVersion - 1
FF - user.js: browser.places.updateRecentTagsUri - false
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.update - false
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - www.web.de
FF - user.js: browser.startup.homepage_override.mstone - rv:1.9.0.11
FF - user.js: browser.startup.page - 0
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: citaviReloadIsbnPerferences - false
FF - user.js: citaviReloadPerferences - false
FF - user.js: dom.max_script_run_time - 1800
FF - user.js: extensions.enabledItems - {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.05.21,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - user.js: extensions.lastAppVersion - 3.0.11
FF - user.js: extensions.update.enabled - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: intl.charsetmenu.browser.cache - UTF-8, us-ascii, ISO-8859-9, windows-1252, ISO-8859-15
FF - user.js: network.cookie.lifetimePolicy - 2
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: print.print_printer - Canon MP550 series Printer
FF - user.js: print.printer_Canon_MP550_series_Printer.print_bgcolor - false
FF - user.js: print.printer_Canon_MP550_series_Printer.print_bgimages - false
FF - user.js: print.printer_Canon_MP550_series_Printer.print_command -
FF - user.js: print.printer_Canon_MP550_series_Printer.print_downloadfonts - false
FF - user.js: print.printer_Canon_MP550_series_Printer.print_edge_bottom - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_edge_left - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_edge_right - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_edge_top - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_evenpages - true
FF - user.js: print.printer_Canon_MP550_series_Printer.print_footercenter -
FF - user.js: print.printer_Canon_MP550_series_Printer.print_footerleft - &PT
FF - user.js: print.printer_Canon_MP550_series_Printer.print_footerright - &D
FF - user.js: print.printer_Canon_MP550_series_Printer.print_headercenter -
FF - user.js: print.printer_Canon_MP550_series_Printer.print_headerleft - &T
FF - user.js: print.printer_Canon_MP550_series_Printer.print_headerright - &U
FF - user.js: print.printer_Canon_MP550_series_Printer.print_in_color - true
FF - user.js: print.printer_Canon_MP550_series_Printer.print_margin_bottom - 0.5
FF - user.js: print.printer_Canon_MP550_series_Printer.print_margin_left - 0.5
FF - user.js: print.printer_Canon_MP550_series_Printer.print_margin_right - 0.5
FF - user.js: print.printer_Canon_MP550_series_Printer.print_margin_top - 0.5
FF - user.js: print.printer_Canon_MP550_series_Printer.print_oddpages - true
FF - user.js: print.printer_Canon_MP550_series_Printer.print_orientation - 1
FF - user.js: print.printer_Canon_MP550_series_Printer.print_pagedelay - 500
FF - user.js: print.printer_Canon_MP550_series_Printer.print_paper_data - 9
FF - user.js: print.printer_Canon_MP550_series_Printer.print_paper_height - 11,00
FF - user.js: print.printer_Canon_MP550_series_Printer.print_paper_size_type - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_paper_size_unit - 1
FF - user.js: print.printer_Canon_MP550_series_Printer.print_paper_width - 8,50
FF - user.js: print.printer_Canon_MP550_series_Printer.print_reversed - false
FF - user.js: print.printer_Canon_MP550_series_Printer.print_scaling - 1,00
FF - user.js: print.printer_Canon_MP550_series_Printer.print_shrink_to_fit - true
FF - user.js: print.printer_Canon_MP550_series_Printer.print_to_file - false
FF - user.js: print.printer_Canon_MP550_series_Printer.print_to_filename -
FF - user.js: print.printer_Canon_MP550_series_Printer.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Canon_MP550_series_Printer.print_unwriteable_margin_top - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_bgcolor - false
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_bgimages - false
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_command -
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_downloadfonts - false
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_edge_bottom - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_edge_left - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_edge_right - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_edge_top - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_evenpages - true
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_footercenter -
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_footerleft - &PT
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_footerright - &D
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_headercenter -
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_headerleft - &T
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_headerright - &U
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_in_color - true
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_margin_bottom - 0.5
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_margin_left - 0.5
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_margin_right - 0.5
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_margin_top - 0.5
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_oddpages - true
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_orientation - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_pagedelay - 500
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_paper_data - 9
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_paper_height - 11,00
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_paper_size_type - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_paper_size_unit - 1
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_paper_width - 8,50
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_reversed - false
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_scaling - 1,00
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_shrink_to_fit - true
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_to_file - false
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_to_filename -
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_EPSON_Stylus_C64_Series.print_unwriteable_margin_top - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_bgcolor - false
FF - user.js: print.printer_PDF-XChange_3.0.print_bgimages - false
FF - user.js: print.printer_PDF-XChange_3.0.print_command -
FF - user.js: print.printer_PDF-XChange_3.0.print_downloadfonts - false
FF - user.js: print.printer_PDF-XChange_3.0.print_edge_bottom - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_edge_left - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_edge_right - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_edge_top - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_evenpages - true
FF - user.js: print.printer_PDF-XChange_3.0.print_footercenter -
FF - user.js: print.printer_PDF-XChange_3.0.print_footerleft - &PT
FF - user.js: print.printer_PDF-XChange_3.0.print_footerright - &D
FF - user.js: print.printer_PDF-XChange_3.0.print_headercenter -
FF - user.js: print.printer_PDF-XChange_3.0.print_headerleft - &T
FF - user.js: print.printer_PDF-XChange_3.0.print_headerright - &U
FF - user.js: print.printer_PDF-XChange_3.0.print_in_color - true
FF - user.js: print.printer_PDF-XChange_3.0.print_margin_bottom - 0.5
FF - user.js: print.printer_PDF-XChange_3.0.print_margin_left - 0.5
FF - user.js: print.printer_PDF-XChange_3.0.print_margin_right - 0.5
FF - user.js: print.printer_PDF-XChange_3.0.print_margin_top - 0.5
FF - user.js: print.printer_PDF-XChange_3.0.print_oddpages - true
FF - user.js: print.printer_PDF-XChange_3.0.print_orientation - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_pagedelay - 500
FF - user.js: print.printer_PDF-XChange_3.0.print_paper_data - 9
FF - user.js: print.printer_PDF-XChange_3.0.print_paper_height - 11,00
FF - user.js: print.printer_PDF-XChange_3.0.print_paper_size_type - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_paper_size_unit - 1
FF - user.js: print.printer_PDF-XChange_3.0.print_paper_width - 8,50
FF - user.js: print.printer_PDF-XChange_3.0.print_reversed - false
FF - user.js: print.printer_PDF-XChange_3.0.print_scaling - 1,00
FF - user.js: print.printer_PDF-XChange_3.0.print_shrink_to_fit - true
FF - user.js: print.printer_PDF-XChange_3.0.print_to_file - false
FF - user.js: print.printer_PDF-XChange_3.0.print_to_filename -
FF - user.js: print.printer_PDF-XChange_3.0.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_unwriteable_margin_left - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_unwriteable_margin_right - 0
FF - user.js: print.printer_PDF-XChange_3.0.print_unwriteable_margin_top - 0
FF - user.js: privacy.item.cookies - true
FF - user.js: privacy.sanitize.didShutdownSanitize - true
FF - user.js: privacy.sanitize.sanitizeOnShutdown - true
FF - user.js: reloadSearchPlugins - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1330730385
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-11 11:46
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2720)
c:\dokumente und einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-11 11:50:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-11 10:49
.
Vor Suchlauf: 3.140.960.256 Bytes frei
Nach Suchlauf: 3.001.352.192 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - AF09F072000F4B01BD14726672D27209
|
|
12.02.2012, 13:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2012, 14:59
| #15 |
| | Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc Ok. Hier die neuesten Logs. Das ist ja wirklich ein längerer Prozess. Danke, dass du da am Ball bleibst und Schritt für Schritt die ganze Sache durchziehst. Gruß radler OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:14:55 on 12.02.2012 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Unable to get information Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore1cad8f95b29da2a.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis TrueImage Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys "Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "grmnusb" (grmnusb) - "GARMIN Corp." - C:\WINDOWS\System32\drivers\grmnusb.sys "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (File not found) "Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\WINDOWS\System32\DRIVERS\ewusbdev.sys (File not found) "HUAWEI USB-NDIS miniport" (ewusbnet) - ? - C:\WINDOWS\System32\DRIVERS\ewusbnet.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft | File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Programme\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Programme\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll (File found, but it contains no detailed information) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1328958700812 {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {609D670F-B735-4da7-AC6D-F3BD358E325E} "Citavi Picker" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {07A11D74-9D25-4fea-A833-8B0D76A5577A} "Send to Mindjet MindManager" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Nuance PDF" - "Zeon Corporation" - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {609D670F-B735-4da7-AC6D-F3BD358E325E} "Asz.Citavi.IEPicker.IEPickerButton" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {07A11D74-9D25-4fea-A833-8B0D76A5577A} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} "ZeonIEEventHelper Class" - "Zeon Corporation" - C:\Programme\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Kathrin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL "PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- GMER Logfile: Code:
ATTFilter GMER 1.0.15.14966 - hxxp://www.gmer.net
Rootkit scan 2012-02-12 14:32:03
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT BA7DA884 ZwClose
SSDT BA7DA83E ZwCreateKey
SSDT BA7DA88E ZwCreateSection
SSDT BA7DA834 ZwCreateThread
SSDT BA7DA843 ZwDeleteKey
SSDT BA7DA84D ZwDeleteValueKey
SSDT BA7DA87F ZwDuplicateObject
SSDT BA7DA852 ZwLoadKey
SSDT BA7DA820 ZwOpenProcess
SSDT BA7DA825 ZwOpenThread
SSDT BA7DA85C ZwReplaceKey
SSDT BA7DA857 ZwRestoreKey
SSDT BA7DA893 ZwSetContextThread
SSDT BA7DA848 ZwSetValueKey
SSDT BA7DA82F ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b136dc
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b136dc@000fde80ae7b 0x72 0x80 0x51 0x05 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b136dc
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b136dc@000fde80ae7b 0x72 0x80 0x51 0x05 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 14:32:24
-----------------------------
14:32:24.265 OS Version: Windows 5.1.2600 Service Pack 2
14:32:24.265 Number of processors: 1 586 0x1601
14:32:24.265 ComputerName: LOCOBICI UserName: Kathrin
14:32:24.453 Initialize success
14:35:27.578 AVAST engine defs: 12021200
14:37:55.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:37:55.093 Disk 0 Vendor: WDC_WD800BEVS-22RST0 04.01G04 Size: 76319MB BusType: 3
14:37:55.140 Disk 0 MBR read successfully
14:37:55.140 Disk 0 MBR scan
14:37:55.187 Disk 0 Windows XP default MBR code
14:37:55.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10001 MB offset 63
14:37:55.187 Disk 0 Partition - 00 05 Extended 66307 MB offset 20482875
14:37:55.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 66307 MB offset 20482938
14:37:55.203 Disk 0 scanning sectors +156280320
14:37:55.234 Disk 0 malicious Win32:MBRoot code @ sector 156280323 !
14:37:55.265 Disk 0 scanning C:\WINDOWS\system32\drivers
14:38:05.421 Service scanning
14:38:06.265 Modules scanning
14:38:10.328 Disk 0 trace - called modules:
14:38:10.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:38:10.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d72ab8]
14:38:10.343 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000007e[0x89d97710]
14:38:10.343 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89d95d98]
14:38:10.671 AVAST engine scan C:\WINDOWS
14:38:18.562 AVAST engine scan C:\WINDOWS\system32
14:39:37.906 AVAST engine scan C:\WINDOWS\system32\drivers
14:39:47.531 AVAST engine scan C:\Dokumente und Einstellungen\Kathrin
14:45:49.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\MBR.dat"
14:45:49.046 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 14:32:24
-----------------------------
14:32:24.265 OS Version: Windows 5.1.2600 Service Pack 2
14:32:24.265 Number of processors: 1 586 0x1601
14:32:24.265 ComputerName: LOCOBICI UserName: Kathrin
14:32:24.453 Initialize success
14:35:27.578 AVAST engine defs: 12021200
14:37:55.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:37:55.093 Disk 0 Vendor: WDC_WD800BEVS-22RST0 04.01G04 Size: 76319MB BusType: 3
14:37:55.140 Disk 0 MBR read successfully
14:37:55.140 Disk 0 MBR scan
14:37:55.187 Disk 0 Windows XP default MBR code
14:37:55.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10001 MB offset 63
14:37:55.187 Disk 0 Partition - 00 05 Extended 66307 MB offset 20482875
14:37:55.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 66307 MB offset 20482938
14:37:55.203 Disk 0 scanning sectors +156280320
14:37:55.234 Disk 0 malicious Win32:MBRoot code @ sector 156280323 !
14:37:55.265 Disk 0 scanning C:\WINDOWS\system32\drivers
14:38:05.421 Service scanning
14:38:06.265 Modules scanning
14:38:10.328 Disk 0 trace - called modules:
14:38:10.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:38:10.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d72ab8]
14:38:10.343 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000007e[0x89d97710]
14:38:10.343 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89d95d98]
14:38:10.671 AVAST engine scan C:\WINDOWS
14:38:18.562 AVAST engine scan C:\WINDOWS\system32
14:39:37.906 AVAST engine scan C:\WINDOWS\system32\drivers
14:39:47.531 AVAST engine scan C:\Dokumente und Einstellungen\Kathrin
14:45:49.031 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\MBR.dat"
14:45:49.046 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\aswMBR.txt"
14:45:59.281 AVAST engine scan C:\Dokumente und Einstellungen\All Users
14:46:33.906 Scan finished successfully
14:49:49.484 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\MBR.dat"
14:49:49.484 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-12 14:52:01
-----------------------------
14:52:01.703 OS Version: Windows 5.1.2600 Service Pack 2
14:52:01.703 Number of processors: 1 586 0x1601
14:52:01.703 ComputerName: LOCOBICI UserName: Kathrin
14:52:02.015 Initialize success
14:52:06.890 AVAST engine defs: 12021200
14:52:26.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:52:26.593 Disk 0 Vendor: WDC_WD800BEVS-22RST0 04.01G04 Size: 76319MB BusType: 3
14:52:26.640 Disk 0 MBR read successfully
14:52:26.640 Disk 0 MBR scan
14:52:26.640 Disk 0 Windows XP default MBR code
14:52:26.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 10001 MB offset 63
14:52:26.640 Disk 0 Partition - 00 05 Extended 66307 MB offset 20482875
14:52:26.671 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 66307 MB offset 20482938
14:52:26.671 Disk 0 scanning sectors +156280320
14:52:26.703 Disk 0 malicious Win32:MBRoot code @ sector 156280323 !
14:52:26.734 Disk 0 scanning C:\WINDOWS\system32\drivers
14:52:36.250 Service scanning
14:52:37.078 Modules scanning
14:52:41.156 Disk 0 trace - called modules:
14:52:41.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:52:41.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d72ab8]
14:52:41.203 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\0000007e[0x89d97710]
14:52:41.203 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x89d95d98]
14:52:41.640 AVAST engine scan C:\WINDOWS
14:52:48.765 AVAST engine scan C:\WINDOWS\system32
14:54:12.671 AVAST engine scan C:\WINDOWS\system32\drivers
14:54:22.859 AVAST engine scan C:\Dokumente und Einstellungen\Kathrin
14:59:19.078 AVAST engine scan C:\Dokumente und Einstellungen\All Users
14:59:45.953 Scan finished successfully
15:00:02.078 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\MBR.dat"
15:00:02.078 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kathrin\Desktop\aswMBR.txt"
|
|
| Themen zu Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc |
| acronis, avira, cache, datei, driver, einstellungen, einträge, files, folge, fund, gefährlich, meldung, microsoft, opera, regeln, registry, scan, service, services, software, suche, version, virus, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
