| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 'System Check' Virus, die nächsten Schritte?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2012, 08:47
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  'System Check' Virus, die nächsten Schritte? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 09:59
| #17 |
 | 'System Check' Virus, die nächsten Schritte? TDSS-Killer Log:
__________________Code:
ATTFilter 10:55:39.0347 1504 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:55:39.0576 1504 ============================================================
10:55:39.0576 1504 Current date / time: 2012/03/30 10:55:39.0576
10:55:39.0576 1504 SystemInfo:
10:55:39.0576 1504
10:55:39.0576 1504 OS Version: 6.0.6002 ServicePack: 2.0
10:55:39.0576 1504 Product type: Workstation
10:55:39.0576 1504 ComputerName: TW-PC
10:55:39.0576 1504 UserName: TW
10:55:39.0576 1504 Windows directory: C:\Windows
10:55:39.0576 1504 System windows directory: C:\Windows
10:55:39.0576 1504 Processor architecture: Intel x86
10:55:39.0576 1504 Number of processors: 2
10:55:39.0576 1504 Page size: 0x1000
10:55:39.0576 1504 Boot type: Normal boot
10:55:39.0576 1504 ============================================================
10:55:40.0241 1504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:55:40.0263 1504 \Device\Harddisk0\DR0:
10:55:40.0263 1504 MBR used
10:55:40.0312 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x226D3F70, BlocksNum 0x2D59751
10:55:40.0312 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x226D3EF2
10:55:40.0349 1504 Initialize success
10:55:40.0349 1504 ============================================================
10:56:33.0829 2572 ============================================================
10:56:33.0829 2572 Scan started
10:56:33.0829 2572 Mode: Manual; SigCheck; TDLFS;
10:56:33.0829 2572 ============================================================
10:56:34.0391 2572 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:56:34.0547 2572 ACPI - ok
10:56:35.0280 2572 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:56:35.0311 2572 adp94xx - ok
10:56:35.0451 2572 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:56:35.0467 2572 adpahci - ok
10:56:35.0514 2572 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:56:35.0529 2572 adpu160m - ok
10:56:35.0561 2572 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:56:35.0576 2572 adpu320 - ok
10:56:35.0685 2572 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:56:35.0810 2572 AeLookupSvc - ok
10:56:36.0013 2572 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:56:36.0075 2572 AFD - ok
10:56:36.0216 2572 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:56:36.0216 2572 agp440 - ok
10:56:36.0419 2572 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:56:36.0434 2572 aic78xx - ok
10:56:36.0590 2572 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:56:36.0777 2572 ALG - ok
10:56:36.0996 2572 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:56:37.0011 2572 aliide - ok
10:56:37.0199 2572 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:56:37.0214 2572 amdagp - ok
10:56:37.0292 2572 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:56:37.0308 2572 amdide - ok
10:56:37.0401 2572 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:56:37.0448 2572 AmdK7 - ok
10:56:37.0479 2572 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:56:37.0542 2572 AmdK8 - ok
10:56:37.0651 2572 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:56:37.0682 2572 AntiVirSchedulerService - ok
10:56:37.0745 2572 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:56:37.0760 2572 AntiVirService - ok
10:56:37.0963 2572 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:56:38.0057 2572 Appinfo - ok
10:56:38.0259 2572 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:56:38.0275 2572 arc - ok
10:56:38.0447 2572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:56:38.0462 2572 arcsas - ok
10:56:38.0540 2572 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:56:38.0587 2572 AsyncMac - ok
10:56:38.0665 2572 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:56:38.0681 2572 atapi - ok
10:56:38.0868 2572 ATSWPDRV (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
10:56:38.0946 2572 ATSWPDRV - ok
10:56:39.0071 2572 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:56:39.0164 2572 AudioEndpointBuilder - ok
10:56:39.0195 2572 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:56:39.0211 2572 Audiosrv - ok
10:56:39.0507 2572 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
10:56:39.0507 2572 avgntflt - ok
10:56:39.0632 2572 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
10:56:39.0648 2572 avipbb - ok
10:56:39.0851 2572 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
10:56:39.0866 2572 avkmgr - ok
10:56:40.0069 2572 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:56:40.0131 2572 Beep - ok
10:56:40.0303 2572 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:56:40.0381 2572 BFE - ok
10:56:40.0537 2572 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:56:40.0584 2572 BITS - ok
10:56:40.0740 2572 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:56:40.0802 2572 blbdrive - ok
10:56:41.0645 2572 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:56:41.0738 2572 bowser - ok
10:56:41.0941 2572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:56:41.0972 2572 BrFiltLo - ok
10:56:42.0097 2572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:56:42.0175 2572 BrFiltUp - ok
10:56:42.0284 2572 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:56:42.0393 2572 Browser - ok
10:56:42.0487 2572 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:56:42.0737 2572 Brserid - ok
10:56:43.0033 2572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:56:43.0095 2572 BrSerWdm - ok
10:56:43.0142 2572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:56:43.0236 2572 BrUsbMdm - ok
10:56:43.0251 2572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:56:43.0314 2572 BrUsbSer - ok
10:56:43.0392 2572 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:56:43.0439 2572 BthEnum - ok
10:56:43.0485 2572 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
10:56:43.0517 2572 BTHMODEM - ok
10:56:43.0579 2572 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:56:43.0610 2572 BthPan - ok
10:56:43.0735 2572 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:56:43.0891 2572 BTHPORT - ok
10:56:43.0922 2572 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
10:56:43.0969 2572 BthServ - ok
10:56:44.0047 2572 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:56:44.0094 2572 BTHUSB - ok
10:56:44.0187 2572 Cam5607 (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys
10:56:44.0219 2572 Cam5607 - ok
10:56:44.0281 2572 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:56:44.0328 2572 cdfs - ok
10:56:44.0359 2572 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:56:44.0390 2572 cdrom - ok
10:56:44.0437 2572 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:56:44.0468 2572 CertPropSvc - ok
10:56:44.0546 2572 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:56:44.0562 2572 circlass - ok
10:56:44.0640 2572 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:56:44.0655 2572 CLFS - ok
10:56:44.0733 2572 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:56:44.0749 2572 clr_optimization_v2.0.50727_32 - ok
10:56:44.0874 2572 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:56:44.0921 2572 CmBatt - ok
10:56:44.0983 2572 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:56:44.0983 2572 cmdide - ok
10:56:45.0030 2572 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:56:45.0030 2572 Compbatt - ok
10:56:45.0045 2572 COMSysApp - ok
10:56:45.0061 2572 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:56:45.0077 2572 crcdisk - ok
10:56:45.0295 2572 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:56:45.0389 2572 Crusoe - ok
10:56:45.0513 2572 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:56:45.0545 2572 CryptSvc - ok
10:56:45.0669 2572 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
10:56:45.0701 2572 CVirtA - ok
10:56:45.0903 2572 CVPND (ea4300e53e5d4d1912ad04985f6264f0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
10:56:46.0059 2572 CVPND - ok
10:56:46.0247 2572 CVPNDRVA (34c345aaf390c12ae6e51b75198e8564) C:\Windows\system32\Drivers\CVPNDRVA.sys
10:56:46.0309 2572 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
10:56:46.0309 2572 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
10:56:46.0512 2572 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:56:46.0574 2572 DcomLaunch - ok
10:56:46.0746 2572 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:56:46.0793 2572 DfsC - ok
10:56:46.0995 2572 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:56:47.0105 2572 DFSR - ok
10:56:47.0276 2572 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:56:47.0323 2572 Dhcp - ok
10:56:47.0526 2572 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:56:47.0541 2572 disk - ok
10:56:47.0916 2572 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
10:56:47.0931 2572 DNE - ok
10:56:48.0087 2572 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:56:48.0150 2572 Dnscache - ok
10:56:48.0415 2572 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:56:48.0477 2572 dot3svc - ok
10:56:48.0711 2572 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:56:48.0821 2572 Dot4 - ok
10:56:49.0164 2572 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:56:49.0257 2572 Dot4Print - ok
10:56:49.0398 2572 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:56:49.0413 2572 dot4usb - ok
10:56:49.0601 2572 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:56:49.0647 2572 DPS - ok
10:56:49.0803 2572 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:56:49.0897 2572 drmkaud - ok
10:56:50.0193 2572 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:56:50.0240 2572 DXGKrnl - ok
10:56:50.0427 2572 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:56:50.0490 2572 E1G60 - ok
10:56:50.0568 2572 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:56:50.0630 2572 EapHost - ok
10:56:50.0724 2572 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:56:50.0724 2572 Ecache - ok
10:56:50.0864 2572 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:56:50.0880 2572 ehRecvr - ok
10:56:50.0911 2572 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:56:50.0958 2572 ehSched - ok
10:56:50.0973 2572 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:56:51.0005 2572 ehstart - ok
10:56:51.0114 2572 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:56:51.0129 2572 elxstor - ok
10:56:51.0192 2572 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:56:51.0285 2572 EMDMgmt - ok
10:56:51.0348 2572 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:56:51.0395 2572 ErrDev - ok
10:56:51.0441 2572 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:56:51.0488 2572 EventSystem - ok
10:56:51.0582 2572 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:56:51.0644 2572 exfat - ok
10:56:51.0675 2572 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:56:51.0722 2572 fastfat - ok
10:56:51.0785 2572 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:56:51.0863 2572 fdc - ok
10:56:51.0878 2572 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:56:51.0941 2572 fdPHost - ok
10:56:51.0956 2572 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:56:52.0034 2572 FDResPub - ok
10:56:52.0143 2572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:56:52.0159 2572 FileInfo - ok
10:56:52.0253 2572 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:56:52.0315 2572 Filetrace - ok
10:56:52.0409 2572 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:56:52.0455 2572 FLEXnet Licensing Service - ok
10:56:52.0658 2572 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:56:52.0736 2572 flpydisk - ok
10:56:52.0830 2572 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:56:52.0845 2572 FltMgr - ok
10:56:52.0955 2572 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:56:53.0001 2572 FontCache - ok
10:56:53.0157 2572 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:56:53.0173 2572 FontCache3.0.0.0 - ok
10:56:53.0313 2572 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:56:53.0376 2572 Fs_Rec - ok
10:56:53.0485 2572 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:56:53.0516 2572 gagp30kx - ok
10:56:53.0610 2572 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:56:53.0703 2572 gpsvc - ok
10:56:53.0781 2572 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:56:53.0906 2572 HdAudAddService - ok
10:56:54.0171 2572 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:56:54.0327 2572 HDAudBus - ok
10:56:54.0499 2572 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:56:54.0608 2572 HidBth - ok
10:56:54.0702 2572 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:56:54.0827 2572 HidIr - ok
10:56:54.0936 2572 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
10:56:55.0029 2572 hidserv - ok
10:56:55.0092 2572 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:56:55.0139 2572 HidUsb - ok
10:56:55.0263 2572 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:56:55.0341 2572 hkmsvc - ok
10:56:55.0497 2572 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
10:56:55.0529 2572 Hotkey ( UnsignedFile.Multi.Generic ) - warning
10:56:55.0529 2572 Hotkey - detected UnsignedFile.Multi.Generic (1)
10:56:55.0607 2572 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:56:55.0622 2572 HpCISSs - ok
10:56:55.0841 2572 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:56:55.0887 2572 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:56:55.0887 2572 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:56:55.0934 2572 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:56:55.0950 2572 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:56:55.0950 2572 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:56:55.0997 2572 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:56:56.0028 2572 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
10:56:56.0028 2572 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
10:56:56.0121 2572 hshld (27cb54c0346efd7b0536b0cb610131ae) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
10:56:56.0137 2572 hshld - ok
10:56:56.0355 2572 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
10:56:56.0355 2572 HssDrv - ok
10:56:56.0652 2572 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
10:56:56.0667 2572 HssSrv - ok
10:56:56.0745 2572 HssTrayService (92b08e09a54485f18959161686e4b65f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
10:56:56.0761 2572 HssTrayService - ok
10:56:56.0761 2572 HssWd - ok
10:56:56.0901 2572 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:56:56.0933 2572 HTTP - ok
10:56:57.0042 2572 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:56:57.0042 2572 i2omp - ok
10:56:57.0167 2572 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:56:57.0229 2572 i8042prt - ok
10:56:57.0323 2572 IAANTMON (72b53e9c8924949dec8f3799bcba2251) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:56:57.0338 2572 IAANTMON - ok
10:56:57.0494 2572 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
10:56:57.0510 2572 iaStor - ok
10:56:57.0619 2572 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:56:57.0635 2572 iaStorV - ok
10:56:57.0791 2572 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:56:57.0837 2572 idsvc - ok
10:56:57.0978 2572 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:56:58.0009 2572 iirsp - ok
10:56:58.0118 2572 IJPLMSVC (755519f49906b73c1fe9cbbf75e347ea) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
10:56:58.0134 2572 IJPLMSVC - ok
10:56:58.0399 2572 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:56:58.0461 2572 IKEEXT - ok
10:56:58.0664 2572 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
10:56:58.0820 2572 IntcAzAudAddService - ok
10:56:58.0914 2572 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:56:58.0929 2572 intelide - ok
10:56:59.0054 2572 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:56:59.0101 2572 intelppm - ok
10:56:59.0132 2572 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:56:59.0163 2572 IPBusEnum - ok
10:56:59.0241 2572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:56:59.0304 2572 IpFilterDriver - ok
10:56:59.0351 2572 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:56:59.0429 2572 iphlpsvc - ok
10:56:59.0444 2572 IpInIp - ok
10:56:59.0507 2572 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:56:59.0585 2572 IPMIDRV - ok
10:56:59.0616 2572 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:56:59.0647 2572 IPNAT - ok
10:56:59.0709 2572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:56:59.0741 2572 IRENUM - ok
10:56:59.0787 2572 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:56:59.0803 2572 isapnp - ok
10:56:59.0897 2572 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:56:59.0912 2572 iScsiPrt - ok
10:57:00.0099 2572 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:57:00.0115 2572 iteatapi - ok
10:57:00.0271 2572 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:57:00.0287 2572 iteraid - ok
10:57:00.0365 2572 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:57:00.0380 2572 kbdclass - ok
10:57:00.0443 2572 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:57:00.0505 2572 kbdhid - ok
10:57:00.0536 2572 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:57:00.0599 2572 KeyIso - ok
10:57:00.0661 2572 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:57:00.0692 2572 KSecDD - ok
10:57:00.0755 2572 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:57:00.0848 2572 KtmRm - ok
10:57:00.0911 2572 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
10:57:00.0989 2572 LanmanServer - ok
10:57:01.0098 2572 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:57:01.0160 2572 LanmanWorkstation - ok
10:57:01.0223 2572 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:57:01.0301 2572 lltdio - ok
10:57:01.0332 2572 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:57:01.0363 2572 lltdsvc - ok
10:57:01.0379 2572 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:57:01.0425 2572 lmhosts - ok
10:57:01.0488 2572 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:57:01.0488 2572 LSI_FC - ok
10:57:01.0535 2572 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:57:01.0535 2572 LSI_SAS - ok
10:57:01.0613 2572 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:57:01.0628 2572 LSI_SCSI - ok
10:57:02.0096 2572 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:57:02.0159 2572 luafv - ok
10:57:02.0237 2572 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
10:57:02.0252 2572 MBAMProtector - ok
10:57:02.0424 2572 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:57:02.0455 2572 MBAMService - ok
10:57:02.0673 2572 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:57:02.0705 2572 Mcx2Svc - ok
10:57:02.0845 2572 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:57:02.0861 2572 megasas - ok
10:57:02.0923 2572 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:57:02.0939 2572 MegaSR - ok
10:57:02.0985 2572 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:57:03.0032 2572 MMCSS - ok
10:57:03.0095 2572 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:57:03.0173 2572 Modem - ok
10:57:03.0204 2572 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:57:03.0251 2572 monitor - ok
10:57:03.0297 2572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:57:03.0313 2572 mouclass - ok
10:57:03.0329 2572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:57:03.0360 2572 mouhid - ok
10:57:03.0453 2572 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:57:03.0469 2572 MountMgr - ok
10:57:03.0625 2572 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:57:03.0641 2572 mpio - ok
10:57:03.0750 2572 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:57:03.0797 2572 mpsdrv - ok
10:57:03.0937 2572 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:57:03.0999 2572 MpsSvc - ok
10:57:04.0077 2572 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:57:04.0093 2572 Mraid35x - ok
10:57:04.0249 2572 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:57:04.0296 2572 MRxDAV - ok
10:57:04.0655 2572 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:57:04.0686 2572 mrxsmb - ok
10:57:05.0076 2572 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:57:05.0123 2572 mrxsmb10 - ok
10:57:05.0279 2572 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:57:05.0294 2572 mrxsmb20 - ok
10:57:05.0388 2572 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
10:57:05.0403 2572 msahci - ok
10:57:05.0435 2572 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:57:05.0435 2572 msdsm - ok
10:57:05.0575 2572 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:57:05.0637 2572 MSDTC - ok
10:57:05.0747 2572 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:57:05.0793 2572 Msfs - ok
10:57:05.0965 2572 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:57:05.0981 2572 msisadrv - ok
10:57:06.0137 2572 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:57:06.0168 2572 MSiSCSI - ok
10:57:06.0199 2572 msiserver - ok
10:57:06.0324 2572 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:57:06.0355 2572 MSKSSRV - ok
10:57:06.0417 2572 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:57:06.0449 2572 MSPCLOCK - ok
10:57:06.0480 2572 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:57:06.0511 2572 MSPQM - ok
10:57:06.0558 2572 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:57:06.0558 2572 MsRPC - ok
10:57:06.0620 2572 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:57:06.0636 2572 mssmbios - ok
10:57:06.0651 2572 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:57:06.0683 2572 MSTEE - ok
10:57:06.0745 2572 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:57:06.0761 2572 Mup - ok
10:57:06.0792 2572 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:57:06.0839 2572 napagent - ok
10:57:06.0932 2572 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:57:06.0963 2572 NativeWifiP - ok
10:57:06.0995 2572 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:57:07.0026 2572 NDIS - ok
10:57:07.0073 2572 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:57:07.0135 2572 NdisTapi - ok
10:57:07.0182 2572 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:57:07.0213 2572 Ndisuio - ok
10:57:07.0275 2572 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:57:07.0338 2572 NdisWan - ok
10:57:07.0385 2572 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:57:07.0416 2572 NDProxy - ok
10:57:07.0494 2572 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
10:57:07.0541 2572 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:57:07.0541 2572 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:57:07.0572 2572 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:57:07.0619 2572 NetBIOS - ok
10:57:07.0697 2572 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:57:07.0775 2572 netbt - ok
10:57:07.0821 2572 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:57:07.0837 2572 Netlogon - ok
10:57:07.0899 2572 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:57:07.0962 2572 Netman - ok
10:57:07.0977 2572 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:57:08.0009 2572 netprofm - ok
10:57:08.0149 2572 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:57:08.0149 2572 NetTcpPortSharing - ok
10:57:08.0539 2572 NETw4v32 (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:57:08.0664 2572 NETw4v32 - ok
10:57:08.0789 2572 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:57:08.0789 2572 nfrd960 - ok
10:57:08.0913 2572 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:57:08.0960 2572 NlaSvc - ok
10:57:09.0210 2572 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:57:09.0225 2572 Npfs - ok
10:57:09.0693 2572 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:57:09.0771 2572 nsi - ok
10:57:10.0052 2572 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:57:10.0130 2572 nsiproxy - ok
10:57:10.0411 2572 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:57:10.0458 2572 Ntfs - ok
10:57:10.0676 2572 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:57:10.0739 2572 ntrigdigi - ok
10:57:10.0832 2572 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:57:10.0848 2572 Null - ok
10:57:11.0222 2572 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:57:11.0924 2572 nvlddmkm - ok
10:57:12.0470 2572 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:57:12.0486 2572 nvraid - ok
10:57:12.0673 2572 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:57:12.0689 2572 nvstor - ok
10:57:14.0280 2572 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe
10:57:14.0389 2572 nvsvc - ok
10:57:14.0576 2572 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:57:14.0732 2572 nvUpdatusService - ok
10:57:14.0904 2572 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:57:14.0935 2572 nv_agp - ok
10:57:14.0982 2572 NwlnkFlt - ok
10:57:14.0997 2572 NwlnkFwd - ok
10:57:15.0278 2572 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:57:15.0341 2572 odserv - ok
10:57:15.0497 2572 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:57:15.0543 2572 ohci1394 - ok
10:57:15.0653 2572 omniserv (27915bdff44ca08e85da3d1ddb7b6ecd) C:\Program Files\Softex\OmniPass\OmniServ.exe
10:57:15.0668 2572 omniserv ( UnsignedFile.Multi.Generic ) - warning
10:57:15.0668 2572 omniserv - detected UnsignedFile.Multi.Generic (1)
10:57:15.0731 2572 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:57:15.0746 2572 ose - ok
10:57:15.0918 2572 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:57:15.0949 2572 p2pimsvc - ok
10:57:15.0980 2572 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:57:16.0011 2572 p2psvc - ok
10:57:16.0542 2572 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:57:16.0604 2572 Parport - ok
10:57:16.0713 2572 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:57:16.0729 2572 partmgr - ok
10:57:16.0791 2572 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:57:16.0885 2572 Parvdm - ok
10:57:17.0010 2572 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:57:17.0103 2572 PcaSvc - ok
10:57:17.0322 2572 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:57:17.0337 2572 pci - ok
10:57:17.0478 2572 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:57:17.0478 2572 pciide - ok
10:57:17.0774 2572 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:57:17.0805 2572 pcmcia - ok
10:57:17.0899 2572 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:57:18.0024 2572 PEAUTH - ok
10:57:18.0133 2572 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:57:18.0227 2572 pla - ok
10:57:18.0305 2572 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:57:18.0336 2572 PlugPlay - ok
10:57:18.0429 2572 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
10:57:18.0461 2572 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:57:18.0461 2572 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:57:18.0523 2572 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:57:18.0554 2572 PNRPAutoReg - ok
10:57:18.0601 2572 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:57:18.0679 2572 PNRPsvc - ok
10:57:18.0741 2572 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:57:18.0819 2572 PolicyAgent - ok
10:57:18.0913 2572 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:57:18.0944 2572 PptpMiniport - ok
10:57:18.0991 2572 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:57:19.0022 2572 Processor - ok
10:57:19.0069 2572 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:57:19.0116 2572 ProfSvc - ok
10:57:19.0131 2572 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:57:19.0147 2572 ProtectedStorage - ok
10:57:19.0178 2572 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:57:19.0209 2572 PSched - ok
10:57:19.0287 2572 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:57:19.0428 2572 ql2300 - ok
10:57:19.0459 2572 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:57:19.0475 2572 ql40xx - ok
10:57:19.0521 2572 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:57:19.0584 2572 QWAVE - ok
10:57:19.0615 2572 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:57:19.0646 2572 QWAVEdrv - ok
10:57:19.0677 2572 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:57:19.0740 2572 RasAcd - ok
10:57:19.0787 2572 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:57:19.0849 2572 RasAuto - ok
10:57:19.0896 2572 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:57:19.0943 2572 Rasl2tp - ok
10:57:19.0989 2572 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:57:20.0021 2572 RasMan - ok
10:57:20.0052 2572 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:57:20.0099 2572 RasPppoe - ok
10:57:20.0130 2572 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:57:20.0161 2572 RasSstp - ok
10:57:20.0192 2572 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:57:20.0208 2572 rdbss - ok
10:57:20.0255 2572 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:57:20.0286 2572 RDPCDD - ok
10:57:20.0317 2572 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:57:20.0348 2572 rdpdr - ok
10:57:20.0348 2572 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:57:20.0395 2572 RDPENCDD - ok
10:57:20.0457 2572 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:57:20.0520 2572 RDPWD - ok
10:57:20.0567 2572 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:57:20.0598 2572 RemoteAccess - ok
10:57:20.0645 2572 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:57:20.0660 2572 RemoteRegistry - ok
10:57:20.0754 2572 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:57:20.0785 2572 RFCOMM - ok
10:57:20.0925 2572 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:57:20.0925 2572 RichVideo - ok
10:57:21.0050 2572 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:57:21.0081 2572 RpcLocator - ok
10:57:21.0128 2572 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:57:21.0175 2572 RpcSs - ok
10:57:21.0222 2572 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:57:21.0269 2572 rspndr - ok
10:57:21.0300 2572 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:57:21.0331 2572 RTL8169 - ok
10:57:21.0378 2572 RTSTOR (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS
10:57:21.0425 2572 RTSTOR - ok
10:57:21.0440 2572 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:57:21.0456 2572 SamSs - ok
10:57:21.0518 2572 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:57:21.0518 2572 sbp2port - ok
10:57:21.0565 2572 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:57:21.0581 2572 SCardSvr - ok
10:57:21.0659 2572 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:57:21.0768 2572 Schedule - ok
10:57:21.0799 2572 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:57:21.0815 2572 SCPolicySvc - ok
10:57:21.0846 2572 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:57:21.0893 2572 SDRSVC - ok
10:57:21.0939 2572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:57:22.0002 2572 secdrv - ok
10:57:22.0017 2572 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:57:22.0049 2572 seclogon - ok
10:57:22.0080 2572 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:57:22.0127 2572 SENS - ok
10:57:22.0142 2572 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:57:22.0220 2572 Serenum - ok
10:57:22.0251 2572 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:57:22.0314 2572 Serial - ok
10:57:22.0345 2572 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:57:22.0376 2572 sermouse - ok
10:57:22.0439 2572 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:57:22.0470 2572 SessionEnv - ok
10:57:22.0501 2572 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:57:22.0532 2572 sffdisk - ok
10:57:22.0548 2572 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:57:22.0595 2572 sffp_mmc - ok
10:57:22.0626 2572 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:57:22.0657 2572 sffp_sd - ok
10:57:22.0719 2572 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
10:57:22.0751 2572 sfloppy - ok
10:57:22.0797 2572 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:57:22.0860 2572 SharedAccess - ok
10:57:22.0875 2572 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:57:22.0938 2572 ShellHWDetection - ok
10:57:23.0000 2572 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
10:57:23.0016 2572 Si3531 - ok
10:57:23.0031 2572 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:57:23.0047 2572 SiFilter - ok
10:57:23.0063 2572 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
10:57:23.0078 2572 SiRemFil - ok
10:57:23.0109 2572 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:57:23.0125 2572 sisagp - ok
10:57:23.0141 2572 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:57:23.0156 2572 SiSRaid2 - ok
10:57:23.0187 2572 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:57:23.0203 2572 SiSRaid4 - ok
10:57:23.0328 2572 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:57:23.0546 2572 slsvc - ok
10:57:23.0609 2572 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:57:23.0624 2572 SLUINotify - ok
10:57:23.0671 2572 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:57:23.0702 2572 Smb - ok
10:57:23.0733 2572 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:57:23.0749 2572 SNMPTRAP - ok
10:57:23.0780 2572 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:57:23.0780 2572 spldr - ok
10:57:23.0827 2572 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:57:23.0858 2572 Spooler - ok
10:57:23.0921 2572 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:57:23.0967 2572 srv - ok
10:57:24.0030 2572 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:57:24.0045 2572 srv2 - ok
10:57:24.0061 2572 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:57:24.0092 2572 srvnet - ok
10:57:24.0139 2572 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:57:24.0186 2572 SSDPSRV - ok
10:57:24.0217 2572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:57:24.0233 2572 ssmdrv - ok
10:57:24.0279 2572 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:57:24.0311 2572 SstpSvc - ok
10:57:24.0389 2572 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
10:57:24.0389 2572 StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:57:24.0389 2572 StarOpen - detected UnsignedFile.Multi.Generic (1)
10:57:24.0467 2572 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:57:24.0498 2572 StillCam - ok
10:57:24.0576 2572 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:57:24.0607 2572 stisvc - ok
10:57:24.0638 2572 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:57:24.0654 2572 swenum - ok
10:57:24.0701 2572 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:57:24.0747 2572 swprv - ok
10:57:24.0763 2572 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:57:24.0779 2572 Symc8xx - ok
10:57:24.0794 2572 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:57:24.0810 2572 Sym_hi - ok
10:57:24.0841 2572 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:57:24.0841 2572 Sym_u3 - ok
10:57:24.0888 2572 SynTP (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
10:57:24.0903 2572 SynTP - ok
10:57:24.0950 2572 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:57:25.0013 2572 SysMain - ok
10:57:25.0059 2572 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:57:25.0075 2572 TabletInputService - ok
10:57:25.0122 2572 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
10:57:25.0137 2572 taphss - ok
10:57:25.0184 2572 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:57:25.0215 2572 TapiSrv - ok
10:57:25.0247 2572 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:57:25.0278 2572 TBS - ok
10:57:25.0325 2572 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:57:25.0387 2572 Tcpip - ok
10:57:25.0449 2572 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:57:25.0512 2572 Tcpip6 - ok
10:57:25.0543 2572 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:57:25.0574 2572 tcpipreg - ok
10:57:25.0621 2572 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:57:25.0652 2572 TDPIPE - ok
10:57:25.0668 2572 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:57:25.0699 2572 TDTCP - ok
10:57:25.0730 2572 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:57:25.0761 2572 tdx - ok
10:57:25.0777 2572 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:57:25.0793 2572 TermDD - ok
10:57:25.0871 2572 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:57:25.0917 2572 TermService - ok
10:57:25.0964 2572 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:57:25.0980 2572 Themes - ok
10:57:26.0027 2572 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:57:26.0058 2572 THREADORDER - ok
10:57:26.0089 2572 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:57:26.0136 2572 TrkWks - ok
10:57:26.0198 2572 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:57:26.0229 2572 TrustedInstaller - ok
10:57:26.0276 2572 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:57:26.0307 2572 tssecsrv - ok
10:57:26.0323 2572 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:57:26.0370 2572 tunmp - ok
10:57:26.0385 2572 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:57:26.0401 2572 tunnel - ok
10:57:26.0432 2572 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:57:26.0432 2572 uagp35 - ok
10:57:26.0479 2572 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:57:26.0510 2572 udfs - ok
10:57:26.0557 2572 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:57:26.0604 2572 UI0Detect - ok
10:57:26.0619 2572 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:57:26.0635 2572 uliagpkx - ok
10:57:26.0682 2572 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:57:26.0697 2572 uliahci - ok
10:57:26.0713 2572 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:57:26.0729 2572 UlSata - ok
10:57:26.0760 2572 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:57:26.0775 2572 ulsata2 - ok
10:57:26.0807 2572 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:57:26.0853 2572 umbus - ok
10:57:26.0916 2572 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:57:26.0963 2572 upnphost - ok
10:57:26.0994 2572 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:57:27.0056 2572 usbccgp - ok
10:57:27.0087 2572 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:57:27.0165 2572 usbcir - ok
10:57:27.0197 2572 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:57:27.0228 2572 usbehci - ok
10:57:27.0259 2572 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:57:27.0290 2572 usbhub - ok
10:57:27.0321 2572 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:57:27.0384 2572 usbohci - ok
10:57:27.0431 2572 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:57:27.0462 2572 usbprint - ok
10:57:27.0509 2572 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:57:27.0540 2572 usbscan - ok
10:57:27.0587 2572 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:57:27.0618 2572 USBSTOR - ok
10:57:27.0680 2572 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:57:27.0711 2572 usbuhci - ok
10:57:27.0789 2572 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:57:27.0836 2572 usbvideo - ok
10:57:27.0930 2572 usnjsvc (9d19b042a4fd5c02195071ea2fe0c821) C:\Program Files\Windows Live\Messenger\usnsvc.exe
10:57:27.0945 2572 usnjsvc - ok
10:57:27.0992 2572 uxddrv - ok
10:57:28.0070 2572 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:57:28.0101 2572 UxSms - ok
10:57:28.0164 2572 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:57:28.0211 2572 vds - ok
10:57:28.0273 2572 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:57:28.0304 2572 vga - ok
10:57:28.0335 2572 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:57:28.0382 2572 VgaSave - ok
10:57:28.0398 2572 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:57:28.0413 2572 viaagp - ok
10:57:28.0429 2572 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:57:28.0476 2572 ViaC7 - ok
10:57:28.0491 2572 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:57:28.0507 2572 viaide - ok
10:57:28.0523 2572 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:57:28.0538 2572 volmgr - ok
10:57:28.0585 2572 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:57:28.0601 2572 volmgrx - ok
10:57:28.0647 2572 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:57:28.0663 2572 volsnap - ok
10:57:28.0710 2572 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:57:28.0725 2572 vsmraid - ok
10:57:28.0819 2572 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:57:28.0866 2572 VSS - ok
10:57:28.0913 2572 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:57:28.0928 2572 W32Time - ok
10:57:28.0959 2572 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:57:29.0037 2572 WacomPen - ok
10:57:29.0053 2572 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:29.0100 2572 Wanarp - ok
10:57:29.0100 2572 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:57:29.0131 2572 Wanarpv6 - ok
10:57:29.0162 2572 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:57:29.0193 2572 wcncsvc - ok
10:57:29.0225 2572 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:57:29.0256 2572 WcsPlugInService - ok
10:57:29.0271 2572 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:57:29.0287 2572 Wd - ok
10:57:29.0303 2572 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:57:29.0334 2572 Wdf01000 - ok
10:57:29.0381 2572 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:57:29.0443 2572 WdiServiceHost - ok
10:57:29.0459 2572 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:57:29.0505 2572 WdiSystemHost - ok
10:57:29.0537 2572 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:57:29.0583 2572 WebClient - ok
10:57:29.0630 2572 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
10:57:29.0677 2572 Wecsvc - ok
10:57:29.0693 2572 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:57:29.0724 2572 wercplsupport - ok
10:57:29.0771 2572 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:57:29.0802 2572 WerSvc - ok
10:57:29.0880 2572 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:57:29.0895 2572 WinDefend - ok
10:57:29.0911 2572 WinHttpAutoProxySvc - ok
10:57:29.0973 2572 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:57:30.0005 2572 Winmgmt - ok
10:57:30.0051 2572 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
10:57:30.0161 2572 WinRM - ok
10:57:30.0254 2572 WisLMSvc (f0fe933e27f1e2a83ff322a0693a4724) C:\Program Files\Launch Manager\WisLMSvc.exe
10:57:30.0254 2572 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
10:57:30.0254 2572 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
10:57:30.0301 2572 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:57:30.0363 2572 Wlansvc - ok
10:57:30.0410 2572 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
10:57:30.0457 2572 WLSetupSvc - ok
10:57:30.0551 2572 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:57:30.0582 2572 WmiAcpi - ok
10:57:30.0707 2572 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:57:30.0722 2572 wmiApSrv - ok
10:57:30.0816 2572 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:57:30.0941 2572 WMPNetworkSvc - ok
10:57:31.0034 2572 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:57:31.0081 2572 WPCSvc - ok
10:57:31.0143 2572 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:57:31.0175 2572 WPDBusEnum - ok
10:57:31.0237 2572 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:57:31.0253 2572 WpdUsb - ok
10:57:31.0299 2572 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:57:31.0331 2572 ws2ifsl - ok
10:57:31.0362 2572 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
10:57:31.0409 2572 wscsvc - ok
10:57:31.0409 2572 WSearch - ok
10:57:31.0518 2572 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:57:31.0611 2572 wuauserv - ok
10:57:31.0643 2572 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:57:31.0689 2572 WUDFRd - ok
10:57:31.0721 2572 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:57:31.0736 2572 wudfsvc - ok
10:57:31.0783 2572 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0
10:57:32.0095 2572 \Device\Harddisk0\DR0 - ok
10:57:32.0111 2572 Boot (0x1200) (b922b3ed56c8a034c41bdaae4ce48728) \Device\Harddisk0\DR0\Partition0
10:57:32.0111 2572 \Device\Harddisk0\DR0\Partition0 - ok
10:57:32.0126 2572 Boot (0x1200) (0f66965ce083ce3a9d3720cf0ca37bfe) \Device\Harddisk0\DR0\Partition1
10:57:32.0126 2572 \Device\Harddisk0\DR0\Partition1 - ok
10:57:32.0126 2572 ============================================================
10:57:32.0126 2572 Scan finished
10:57:32.0126 2572 ============================================================
10:57:32.0142 5172 Detected object count: 10
10:57:32.0142 5172 Actual detected object count: 10
10:57:45.0433 5172 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0433 5172 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0433 5172 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0433 5172 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0449 5172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0449 5172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0449 5172 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0449 5172 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0449 5172 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0449 5172 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0449 5172 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0449 5172 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0449 5172 omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0449 5172 omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0449 5172 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0449 5172 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0464 5172 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0464 5172 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:57:45.0464 5172 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:57:45.0464 5172 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.03.2012, 14:30
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
30.03.2012, 15:22
| #19 |
| | 'System Check' Virus, die nächsten Schritte? ComboFix.txt: Code:
ATTFilter ComboFix 12-03-30.06 - TW 30.03.2012 15:58:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1852 [GMT 2:00]
ausgeführt von:: c:\users\TW\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-30 ))))))))))))))))))))))))))))))
.
.
2012-03-30 11:23 . 2012-03-20 01:53 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2723853-4A1B-4C47-9679-38B1857CFF94}\mpengine.dll
2012-03-29 20:51 . 2012-03-29 20:51 -------- d-----w- C:\_OTL
2012-03-29 14:56 . 2012-03-29 14:56 -------- d-----w- c:\program files\ESET
2012-03-27 18:41 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 08:52 . 2012-03-25 08:52 -------- d-----w- c:\users\TW\AppData\Roaming\Malwarebytes
2012-03-25 08:51 . 2012-03-25 08:51 -------- d-----w- c:\programdata\Malwarebytes
2012-03-25 08:51 . 2012-03-27 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-14 12:09 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:09 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 12:09 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 12:09 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 12:09 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 12:09 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:09 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 12:09 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 11:20 . 2011-05-16 06:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 07:18 . 2009-11-18 17:34 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 10:32 . 2012-02-09 10:41 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-21 11:59 . 2011-03-25 18:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\TW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\TW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\TW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2009-11-23 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{410461DA-0306-4776-BF7D-646263BF5FB7}: NameServer = 10.71.104.1
FF - ProfilePath - c:\users\TW\AppData\Roaming\Mozilla\Firefox\Profiles\qp7rt71g.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-30 16:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3784)
c:\users\TW\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-30 16:14:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-30 14:14
.
Vor Suchlauf: 8 Verzeichnis(se), 62.536.663.040 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 62.158.897.152 Bytes frei
.
- - End Of File - - 1D868721FE4E8C6E1D7CC90ADFA46D66
|
|
30.03.2012, 15:45
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 21:37
| #21 | |
| | 'System Check' Virus, die nächsten Schritte?Zitat:
|
|
30.03.2012, 22:59
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Hm, vier Stunden ist schon recht lange, aber es ist doch nicht abgestürzt oder doch? Wenn ja: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2012, 22:59
| #23 | |
| | 'System Check' Virus, die nächsten Schritte?Zitat:
Gmer Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-30 18:30:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: 7b52ocld.exe; Driver: C:\Users\TW\AppData\Local\Temp\pgldipoc.sys
---- System - GMER 1.0.15 ----
SSDT CE81452E ZwCreateSection
SSDT CE814538 ZwRequestWaitReplyPort
SSDT CE814533 ZwSetContextThread
SSDT CE81453D ZwSetSecurityObject
SSDT CE814542 ZwSystemDebugControl
SSDT CE8144CF ZwTerminateProcess
INT 0x51 ? C29932D0
INT 0x52 ? C59A4550
INT 0x61 ? C5D522D0
INT 0x62 ? C59A4050
INT 0x71 ? C5D52550
INT 0x72 ? C2993550
INT 0x82 ? C29937D0
INT 0x92 ? C2993A50
INT 0xA2 ? C59A4A50
INT 0xB0 ? C59A42D0
INT 0xB1 ? C2993CD0
INT 0xB2 ? C59A47D0
INT 0xB3 ? C59A4CD0
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 E2AFE998 4 Bytes [2E, 45, 81, CE]
.text ntkrnlpa.exe!KeSetEvent + 539 E2AFECBC 4 Bytes [38, 45, 81, CE] {CMP [EBP-0x7f], AL; INTO }
.text ntkrnlpa.exe!KeSetEvent + 56D E2AFECF0 4 Bytes [33, 45, 81, CE] {XOR EAX, [EBP-0x7f]; INTO }
.text ntkrnlpa.exe!KeSetEvent + 5D1 E2AFED54 4 Bytes [3D, 45, 81, CE]
.text ntkrnlpa.exe!KeSetEvent + 619 E2AFED9C 4 Bytes [42, 45, 81, CE]
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73BFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a6523dd
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a6523dd@002567525762 0x39 0x0D 0x70 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a6523dd (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a3a6523dd@002567525762 0x39 0x0D 0x70 0xD7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@{!s!\30!r!{!`!t!c!i!\24!t!j!s!y!s!\24! 19583823
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:41:59 on 30.03.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "Dynamically loaded UxdDrv" (uxddrv) - ? - f:\DIAGNOSE\WSTGER32\2PART\uxddrv.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "pgldipoc" (pgldipoc) - ? - C:\Users\TW\AppData\Local\Temp\pgldipoc.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - ? - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll (File not found) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - ? - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll (File not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - ? - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll (File not found) {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\TW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0" "Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpf3l70w.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70w.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe (File found, but it contains no detailed information) "Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Service" (hshld) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (File found, but it contains no detailed information) "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Inkjet Printer/Scanner Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-30 18:43:53
-----------------------------
18:43:53.761 OS Version: Windows 6.0.6002 Service Pack 2
18:43:53.761 Number of processors: 2 586 0xF0D
18:43:53.761 ComputerName: TW-PC UserName: TW
18:43:56.070 Initialize success
18:45:21.069 AVAST engine defs: 12033000
18:46:07.605 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:46:07.605 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
18:46:08.338 Disk 0 MBR read successfully
18:46:08.416 Disk 0 MBR scan
18:46:08.525 Disk 0 unknown MBR code
18:46:08.525 Disk 0 Partition - 00 0F Extended LBA 23218 MB offset 577584945
18:46:08.603 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 282023 MB offset 63
18:46:08.790 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 23218 MB offset 577585008
18:46:09.336 Disk 0 scanning sectors +625137345
18:46:09.929 Disk 0 scanning C:\Windows\system32\drivers
18:47:37.960 Service scanning
18:48:03.450 Modules scanning
18:49:13.104 Disk 0 trace - called modules:
18:49:13.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:49:13.135 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc4239ac8]
18:49:13.135 3 CLASSPNP.SYS[c8dae8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xc334f028]
18:49:14.071 AVAST engine scan C:\Windows
18:50:43.740 AVAST engine scan C:\Windows\system32
19:22:05.680 AVAST engine scan C:\Windows\system32\drivers
19:30:05.255 AVAST engine scan C:\Users\TW
23:13:46.144 AVAST engine scan C:\ProgramData
23:52:10.601 Scan finished successfully
23:53:11.660 Disk 0 MBR has been saved successfully to "C:\Users\TW\Desktop\MBR.dat"
23:53:11.691 The log file has been saved successfully to "C:\Users\TW\Desktop\aswMBR.txt"
 |
|
30.03.2012, 23:00
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Oh, da haben wir zufällig gleichzeitig gespamt  Zitat:
Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2012, 22:15
| #25 | |
| | 'System Check' Virus, die nächsten Schritte?Zitat:
hat diesmal etwas länger gedauert, hatte probleme mit meiner langsamen festplatte und der datensicherung... hier der log nach dem fix, hoffe das ist alles richtig, weil es so schnell ging... Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 19:11:36
-----------------------------
19:11:36.022 OS Version: Windows 6.0.6002 Service Pack 2
19:11:36.022 Number of processors: 2 586 0xF0D
19:11:36.037 ComputerName: TW-PC UserName: TW
19:12:05.444 Initialize success
19:13:44.665 AVAST engine defs: 12040301
19:15:37.424 Verifying
19:15:47.439 Disk 0 Windows 600 MBR fixed successfully
19:16:48.180 Disk 0 MBR has been saved successfully to "C:\Users\TW\Desktop\MBR.dat"
19:16:48.180 The log file has been saved successfully to "C:\Users\TW\Desktop\aswMBR-fix.txt"
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 22:26:56
-----------------------------
22:26:56.211 OS Version: Windows 6.0.6002 Service Pack 2
22:26:56.211 Number of processors: 2 586 0xF0D
22:26:56.211 ComputerName: TW-PC UserName: TW
22:26:57.583 Initialize success
22:27:03.214 AVAST engine defs: 12040301
22:27:06.022 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:27:06.022 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
22:27:06.038 Disk 0 MBR read successfully
22:27:06.038 Disk 0 MBR scan
22:27:06.038 Disk 0 Windows VISTA default MBR code
22:27:06.038 Disk 0 Partition - 00 0F Extended LBA 23218 MB offset 577584945
22:27:06.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 282023 MB offset 63
22:27:06.100 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 23218 MB offset 577585008
22:27:06.100 Disk 0 scanning sectors +625137345
22:27:06.194 Disk 0 scanning C:\Windows\system32\drivers
22:27:18.875 Service scanning
22:27:41.461 Modules scanning
22:27:46.047 Disk 0 trace - called modules:
22:27:46.047 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:27:46.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xc411aac8]
22:27:46.063 3 CLASSPNP.SYS[c8dad8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xc333e028]
22:27:47.654 AVAST engine scan C:\Windows
22:27:54.954 AVAST engine scan C:\Windows\system32
22:31:52.750 AVAST engine scan C:\Windows\system32\drivers
22:32:28.423 AVAST engine scan C:\Users\TW
22:58:19.550 AVAST engine scan C:\ProgramData
23:02:05.881 Scan finished successfully
23:04:15.175 Disk 0 MBR has been saved successfully to "C:\Users\TW\Desktop\MBR.dat"
23:04:15.175 The log file has been saved successfully to "C:\Users\TW\Desktop\aswMBRneu.txt"
|
|
04.04.2012, 11:42
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2012, 18:51
| #27 | |
| | 'System Check' Virus, die nächsten Schritte?Zitat:
Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.29.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 TW :: TW-PC [Administrator] Schutz: Aktiviert 04.04.2012 14:51:58 mbam-log-2012-04-04 (14-51-58).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 430121 Laufzeit: 1 Stunde(n), 9 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/04/2012 at 07:43 PM
Application Version : 5.0.1146
Core Rules Database Version : 8415
Trace Rules Database Version: 6227
Scan type : Complete Scan
Total Scan Time : 02:01:21
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 719
Memory threats detected : 0
Registry items scanned : 37129
Registry threats detected : 0
File items scanned : 227140
File threats detected : 141
Adware.Tracking Cookie
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@ads.pointroll[1].txt [ /ads.pointroll ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@advertising[1].txt [ /advertising ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@adx.chip[1].txt [ /adx.chip ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@adxpose[1].txt [ /adxpose ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@apmebf[1].txt [ /apmebf ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@ar.atwola[2].txt [ /ar.atwola ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@atdmt[2].txt [ /atdmt ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@atwola[2].txt [ /atwola ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@content.yieldmanager[4].txt [ /content.yieldmanager ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@doubleclick[1].txt [ /doubleclick ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@eas.apm.emediate[2].txt [ /eas.apm.emediate ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@insightexpressai[1].txt [ /insightexpressai ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@lego.112.2o7[1].txt [ /lego.112.2o7 ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@media6degrees[1].txt [ /media6degrees ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@mediabrandsww[1].txt [ /mediabrandsww ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@mediaplex[2].txt [ /mediaplex ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@pointroll[2].txt [ /pointroll ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@questionmarket[2].txt [ /questionmarket ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@r1-ads.ace.advertising[1].txt [ /r1-ads.ace.advertising ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@ru4[2].txt [ /ru4 ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@smartadserver[1].txt [ /smartadserver ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@smartadserver[2].txt [ /smartadserver ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@warnerbros.112.2o7[1].txt [ /warnerbros.112.2o7 ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\tw@yieldmanager[1].txt [ /yieldmanager ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\R0NPOGGZ.txt [ /ads.creative-serving.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\JOOCEDX7.txt [ /zanox-affiliate.de ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\4GIXY7J3.txt [ /fastclick.net ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\T3SPUG0Q.txt [ /apmebf.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\66H7YUHC.txt [ /tracking.quisma.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\F15RYAYA.txt [ /smartadserver.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\AMYLGMZU.txt [ /dyntracker.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\655RDVIF.txt [ /mediaplex.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\57P4YMZN.txt [ /zanox.com ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\O6MLPYGC.txt [ /doubleclick.net ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\S3VL0DPJ.txt [ /www.zanox-affiliate.de ]
C:\Users\TW\AppData\Roaming\Microsoft\Windows\Cookies\46KQMNEC.txt [ /atdmt.com ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\T61YAB3N.txt [ Cookie:test@apmebf.com/ ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\W935GRY2.txt [ Cookie:test@mediaplex.com/ ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\0DPDNA2C.txt [ Cookie:test@smartadserver.com/ ]
C:\USERS\TEST\AppData\Roaming\Microsoft\Windows\Cookies\T00G4EVI.txt [ Cookie:test@dyntracker.com/ ]
C:\USERS\TEST\Cookies\T61YAB3N.txt [ Cookie:test@apmebf.com/ ]
C:\USERS\TEST\Cookies\W935GRY2.txt [ Cookie:test@mediaplex.com/ ]
C:\USERS\TEST\Cookies\0DPDNA2C.txt [ Cookie:test@smartadserver.com/ ]
C:\USERS\TEST\Cookies\T00G4EVI.txt [ Cookie:test@dyntracker.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\OT7BQ2LH.txt [ Cookie:tw@zanox-affiliate.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5DZ716Y.txt [ Cookie:tw@im.banner.t-online.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\3J17ZHAL.txt [ Cookie:tw@unitymedia.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@zedo[1].txt [ Cookie:tw@zedo.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\JG0P9PZF.txt [ Cookie:tw@adfarm1.adition.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@content.yieldmanager[3].txt [ Cookie:tw@content.yieldmanager.com/ak/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\K01SN64D.txt [ Cookie:tw@apmebf.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\O5JQ3V6D.txt [ Cookie:tw@ad.yieldmanager.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@tracking.hannoversche[1].txt [ Cookie:tw@tracking.hannoversche.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@adbrite[1].txt [ Cookie:tw@adbrite.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@eas.apm.emediate[2].txt [ Cookie:tw@eas.apm.emediate.eu/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUKH21XD.txt [ Cookie:tw@tracking.quisma.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@adtech[1].txt [ Cookie:tw@adtech.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\7WT2M4E2.txt [ Cookie:tw@webmasterplan.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@smartadserver[1].txt [ Cookie:tw@smartadserver.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@ads.quartermedia[2].txt [ Cookie:tw@ads.quartermedia.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@ad.adition[2].txt [ Cookie:tw@ad.adition.net/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\QCDXTQQN.txt [ Cookie:tw@a.revenuemax.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@mediabrandsww[1].txt [ Cookie:tw@mediabrandsww.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\G1K9R5OG.txt [ Cookie:tw@mediaplex.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@adx.chip[1].txt [ Cookie:tw@adx.chip.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\1VVP59QN.txt [ Cookie:tw@zanox.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@imrworldwide[2].txt [ Cookie:tw@imrworldwide.com/cgi-bin ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@insightexpressai[1].txt [ Cookie:tw@insightexpressai.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@questionmarket[2].txt [ Cookie:tw@questionmarket.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RZC1ZUZ.txt [ Cookie:tw@tracking.mindshare.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZSX4OYE0.txt [ Cookie:tw@ad3.adfarm1.adition.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\LCGM27I9.txt [ Cookie:tw@www.goldbachmedia.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\DRWE9L1P.txt [ Cookie:tw@tto2.traffictrack.de/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\E36DFQ1R.txt [ Cookie:tw@ad.zanox.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@adxpose[1].txt [ Cookie:tw@adxpose.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@advertising[2].txt [ Cookie:tw@advertising.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\E17RYXHH.txt [ Cookie:tw@doubleclick.net/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\L5KFX4GN.txt [ Cookie:tw@atdmt.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@media6degrees[1].txt [ Cookie:tw@media6degrees.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\IE0Q30KO.txt [ Cookie:tw@serving-sys.com/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\4EQSMK3N.txt [ Cookie:tw@olympiaverlag.122.2o7.net/ ]
C:\USERS\TW\AppData\Roaming\Microsoft\Windows\Cookies\Low\tw@fastclick[1].txt [ Cookie:tw@fastclick.net/ ]
C:\USERS\TW\Cookies\JOOCEDX7.txt [ Cookie:tw@zanox-affiliate.de/ ]
C:\USERS\TW\Cookies\4GIXY7J3.txt [ Cookie:tw@fastclick.net/ ]
C:\USERS\TW\Cookies\T3SPUG0Q.txt [ Cookie:tw@apmebf.com/ ]
C:\USERS\TW\Cookies\66H7YUHC.txt [ Cookie:tw@tracking.quisma.com/ ]
C:\USERS\TW\Cookies\F15RYAYA.txt [ Cookie:tw@smartadserver.com/ ]
C:\USERS\TW\Cookies\AMYLGMZU.txt [ Cookie:tw@dyntracker.com/ ]
C:\USERS\TW\Cookies\655RDVIF.txt [ Cookie:tw@mediaplex.com/ ]
C:\USERS\TW\Cookies\57P4YMZN.txt [ Cookie:tw@zanox.com/ ]
C:\USERS\TW\Cookies\O6MLPYGC.txt [ Cookie:tw@doubleclick.net/ ]
C:\USERS\TW\Cookies\S3VL0DPJ.txt [ Cookie:tw@www.zanox-affiliate.de/ ]
C:\USERS\TW\Cookies\46KQMNEC.txt [ Cookie:tw@atdmt.com/ ]
ia.media-imdb.com [ C:\USERS\TW\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5C2Y5J2B ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@AD.ADC-SERV[2].TXT [ /AD.ADC-SERV ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@WWW.ACTIVE-TRACKING[2].TXT [ /WWW.ACTIVE-TRACKING ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@RU4[1].TXT [ /RU4 ]
C:\USERS\TW\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\TW@YIELDMANAGER[2].TXT [ /YIELDMANAGER ]
.imrworldwide.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.cbs.112.2o7.net [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.lego.112.2o7.net [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.usatoday1.112.2o7.net [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
tracking100.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
www.moviepilot.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
a.visualrevenue.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
www.moviepilot.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.moviepilot.de [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.stats.complex.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\TW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QP7RT71G.DEFAULT\COOKIES.SQLITE ]
|
|
04.04.2012, 22:16
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2012, 08:32
| #29 |
| | 'System Check' Virus, die nächsten Schritte? Danke für diese Informationen, werde mich mal die Tage genauer damit beschäftigen. Und vielen vielen Dank für die kompetente und schnelle Hilfe im Allgemeinen!  Ich kann gar nicht sagen wie dankbar ich dafür bin und wie sehr mir von dir geholfen wurde, also ein großes !!!Zum Abschluss noch ein paar Fragen, und zwar was kann/sollte ich von den ganzen Programmen, die ich wegen dem Virus runterladen musste, wieder entfernen? |
|
05.04.2012, 10:09
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 'System Check' Virus, die nächsten Schritte? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu 'System Check' Virus, die nächsten Schritte? |
| anti-malware, antivirus, anzeige, anzeigen, avira, beseitigt, check, fenster, free, funde, gen, konnte, laptop, malwarebytes, neue, neuen, ordner, programm, sichtbar, system, systemwiederherstellung, sytem, verstecken, virus, warnungen |
Linear-Darstellung
