| |
| |||||||
Log-Analyse und Auswertung: SMART HDD VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.04.2012, 13:55
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  SMART HDD Virus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
[2012.01.25 22:24:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.04.24 21:29:57 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012.04.24 21:29:45 | 000,000,000 | ---D | M] (AF-HSS Community Toolbar) -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}
[2009.05.01 03:19:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com
[2012.04.21 09:19:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin-1.xml
[2011.08.10 17:33:00 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin-2.xml
[2011.08.10 17:33:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin.gif
[2011.09.05 19:31:59 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin.xml
[2012.01.26 20:38:44 | 000,002,492 | ---- | M] () -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\ixquick-https.xml
[2012.03.08 20:03:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.18 20:34:11 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\prxtbAF-H.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2877927179-643342259-2355712644-1005\..\Toolbar\WebBrowser: (AF-HSS Toolbar) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Programme\AF-HSS\prxtbAF-H.dll (Conduit Ltd.)
O4 - HKLM..\Run: [hjOouWQXnIVMkvP.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hjOouWQXnIVMkvP.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5555176a-e511-11db-8eb6-00197d701563}\Shell - "" = AutoRun
O33 - MountPoints2\{5555176a-e511-11db-8eb6-00197d701563}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5555176a-e511-11db-8eb6-00197d701563}\Shell\AutoRun\command - "" = E:\pushinst.exe
[2012.04.21 09:40:05 | 000,000,184 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-EwmfT2yvtLhHB7r
[2012.04.21 09:40:05 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-EwmfT2yvtLhHB7
[2012.04.21 09:39:58 | 000,000,256 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EwmfT2yvtLhHB7
[2007.04.06 09:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\ICQ Toolbar
@Alternate Data Stream - 108 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B623B5B8
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.04.2012, 14:35
| #17 |
 | SMART HDD Virus Hab alles so durchlaufen lassen.
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Prefs.js: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" removed from browser.search.defaulturl
Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr
Prefs.js: "moz2-ytff-" removed from browser.search.param.yahoo-fr-cjkt
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\modules folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\modules folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\components folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\{f0381dbd-e018-4e07-ae40-d96ab15083f0} folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com\platform folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com\components folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\extensions\moveplayer@movenetworks.com folder moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin.gif moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\icqplugin.xml moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\searchplugins\ixquick-https.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{f0381dbd-e018-4e07-ae40-d96ab15083f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0381dbd-e018-4e07-ae40-d96ab15083f0}\ deleted successfully.
File HSS\prxtbAF-H.dll not found.
Registry value HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-2877927179-643342259-2355712644-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0381DBD-E018-4E07-AE40-D96AB15083F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}\ not found.
File HSS\prxtbAF-H.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hjOouWQXnIVMkvP.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5555176a-e511-11db-8eb6-00197d701563}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5555176a-e511-11db-8eb6-00197d701563}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5555176a-e511-11db-8eb6-00197d701563}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5555176a-e511-11db-8eb6-00197d701563}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5555176a-e511-11db-8eb6-00197d701563}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5555176a-e511-11db-8eb6-00197d701563}\ not found.
File E:\pushinst.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-EwmfT2yvtLhHB7r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-EwmfT2yvtLhHB7 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EwmfT2yvtLhHB7 moved successfully.
C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\ICQ Toolbar folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B623B5B8 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4580831 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154986669 bytes
User: Sam
->Temp folder emptied: 19087412 bytes
->Temporary Internet Files folder emptied: 14846766 bytes
->Java cache emptied: 19808743 bytes
->FireFox cache emptied: 175381065 bytes
->Google Chrome cache emptied: 6268478 bytes
->Apple Safari cache emptied: 1831936 bytes
->Flash cache emptied: 3833234 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2953095 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42120 bytes
RecycleBin emptied: 11649286 bytes
Total Files Cleaned = 396,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: Sam
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.1 log created on 04292012_152811
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
30.04.2012, 12:20
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART HDD Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
30.04.2012, 14:31
| #19 |
| | SMART HDD Virus Hier die logs: Code:
ATTFilter 15:23:00.0734 3696 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:23:01.0062 3696 ============================================================
15:23:01.0062 3696 Current date / time: 2012/04/30 15:23:01.0062
15:23:01.0062 3696 SystemInfo:
15:23:01.0062 3696
15:23:01.0062 3696 OS Version: 5.1.2600 ServicePack: 3.0
15:23:01.0062 3696 Product type: Workstation
15:23:01.0062 3696 ComputerName: TINA
15:23:01.0062 3696 UserName: Sam
15:23:01.0062 3696 Windows directory: C:\WINDOWS
15:23:01.0062 3696 System windows directory: C:\WINDOWS
15:23:01.0062 3696 Processor architecture: Intel x86
15:23:01.0062 3696 Number of processors: 2
15:23:01.0062 3696 Page size: 0x1000
15:23:01.0062 3696 Boot type: Normal boot
15:23:01.0062 3696 ============================================================
15:23:02.0640 3696 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:23:02.0656 3696 ============================================================
15:23:02.0656 3696 \Device\Harddisk0\DR0:
15:23:02.0671 3696 MBR partitions:
15:23:02.0671 3696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x94E7137
15:23:02.0671 3696 ============================================================
15:23:02.0890 3696 C: <-> \Device\Harddisk0\DR0\Partition0
15:23:02.0906 3696 ============================================================
15:23:02.0906 3696 Initialize success
15:23:02.0906 3696 ============================================================
15:23:30.0500 1848 ============================================================
15:23:30.0500 1848 Scan started
15:23:30.0500 1848 Mode: Manual; SigCheck; TDLFS;
15:23:30.0500 1848 ============================================================
15:23:30.0765 1848 22f6a6a7-fb36-431b-a8d2-f1784bfa8728 - ok
15:23:30.0859 1848 Abiosdsk - ok
15:23:30.0875 1848 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:23:33.0046 1848 abp480n5 - ok
15:23:33.0109 1848 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:23:33.0359 1848 ACPI - ok
15:23:33.0453 1848 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:23:33.0593 1848 ACPIEC - ok
15:23:33.0687 1848 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:23:33.0703 1848 AdobeFlashPlayerUpdateSvc - ok
15:23:33.0734 1848 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:23:33.0859 1848 adpu160m - ok
15:23:33.0906 1848 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:23:34.0078 1848 aec - ok
15:23:34.0125 1848 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:23:34.0234 1848 AFD - ok
15:23:34.0250 1848 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:23:34.0421 1848 agp440 - ok
15:23:34.0531 1848 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:23:34.0703 1848 agpCPQ - ok
15:23:34.0812 1848 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:23:34.0906 1848 Aha154x - ok
15:23:34.0921 1848 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:23:35.0078 1848 aic78u2 - ok
15:23:35.0078 1848 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:23:35.0234 1848 aic78xx - ok
15:23:35.0281 1848 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
15:23:35.0406 1848 Alerter - ok
15:23:35.0437 1848 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
15:23:35.0578 1848 ALG - ok
15:23:35.0609 1848 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:23:35.0718 1848 AliIde - ok
15:23:35.0750 1848 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:23:35.0906 1848 alim1541 - ok
15:23:35.0937 1848 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:23:36.0093 1848 amdagp - ok
15:23:36.0109 1848 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:23:36.0187 1848 amsint - ok
15:23:36.0296 1848 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
15:23:36.0328 1848 AntiVirSchedulerService - ok
15:23:36.0359 1848 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:23:36.0375 1848 AntiVirService - ok
15:23:36.0406 1848 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:23:36.0484 1848 ApfiltrService - ok
15:23:36.0515 1848 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:23:36.0546 1848 APPDRV ( UnsignedFile.Multi.Generic ) - warning
15:23:36.0546 1848 APPDRV - detected UnsignedFile.Multi.Generic (1)
15:23:36.0640 1848 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:23:36.0656 1848 Apple Mobile Device - ok
15:23:36.0687 1848 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
15:23:36.0890 1848 AppMgmt - ok
15:23:37.0000 1848 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:23:37.0140 1848 Arp1394 - ok
15:23:37.0156 1848 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:23:37.0296 1848 asc - ok
15:23:37.0328 1848 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:23:37.0406 1848 asc3350p - ok
15:23:37.0453 1848 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:23:37.0625 1848 asc3550 - ok
15:23:37.0812 1848 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:23:37.0859 1848 aspnet_state - ok
15:23:37.0875 1848 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:23:38.0015 1848 AsyncMac - ok
15:23:38.0046 1848 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:23:38.0187 1848 atapi - ok
15:23:38.0187 1848 Atdisk - ok
15:23:38.0265 1848 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:23:38.0453 1848 Atmarpc - ok
15:23:38.0578 1848 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
15:23:38.0718 1848 AudioSrv - ok
15:23:38.0750 1848 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:23:38.0906 1848 audstub - ok
15:23:38.0953 1848 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:23:39.0515 1848 avgntflt - ok
15:23:39.0625 1848 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:23:39.0656 1848 avipbb - ok
15:23:39.0687 1848 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:23:39.0718 1848 avkmgr - ok
15:23:39.0750 1848 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
15:23:39.0953 1848 AVMWAN - ok
15:23:40.0093 1848 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:23:40.0218 1848 BCM43XX - ok
15:23:40.0234 1848 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:23:40.0296 1848 bcm4sbxp - ok
15:23:40.0328 1848 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:23:40.0468 1848 Beep - ok
15:23:40.0515 1848 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
15:23:40.0750 1848 BITS - ok
15:23:40.0843 1848 Bluetooth Hid Switch Service (b26e18adaa16e507166e3b61e79a1e25) C:\Programme\BlueTooth\HidSwitchService\HidSw.exe
15:23:40.0875 1848 Bluetooth Hid Switch Service ( UnsignedFile.Multi.Generic ) - warning
15:23:40.0875 1848 Bluetooth Hid Switch Service - detected UnsignedFile.Multi.Generic (1)
15:23:40.0968 1848 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
15:23:41.0000 1848 Bonjour Service - ok
15:23:41.0046 1848 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
15:23:41.0171 1848 Browser - ok
15:23:41.0203 1848 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:23:41.0390 1848 cbidf - ok
15:23:41.0390 1848 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:23:41.0546 1848 cbidf2k - ok
15:23:41.0656 1848 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:23:41.0734 1848 cd20xrnt - ok
15:23:41.0765 1848 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:23:41.0906 1848 Cdaudio - ok
15:23:41.0953 1848 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:23:42.0062 1848 Cdfs - ok
15:23:42.0093 1848 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:23:42.0250 1848 Cdrom - ok
15:23:42.0250 1848 Changer - ok
15:23:42.0281 1848 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
15:23:42.0421 1848 CiSvc - ok
15:23:42.0453 1848 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
15:23:42.0578 1848 ClipSrv - ok
15:23:42.0671 1848 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:23:42.0750 1848 clr_optimization_v2.0.50727_32 - ok
15:23:42.0781 1848 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:23:42.0921 1848 CmBatt - ok
15:23:42.0968 1848 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:23:43.0125 1848 CmdIde - ok
15:23:43.0140 1848 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:23:43.0343 1848 Compbatt - ok
15:23:43.0343 1848 COMSysApp - ok
15:23:43.0390 1848 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:23:43.0531 1848 Cpqarray - ok
15:23:43.0562 1848 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
15:23:43.0703 1848 CryptSvc - ok
15:23:43.0750 1848 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:23:43.0906 1848 dac2w2k - ok
15:23:43.0937 1848 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:23:44.0109 1848 dac960nt - ok
15:23:44.0156 1848 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:23:44.0281 1848 DcomLaunch - ok
15:23:44.0328 1848 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
15:23:44.0468 1848 Dhcp - ok
15:23:44.0515 1848 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:23:44.0687 1848 Disk - ok
15:23:44.0687 1848 dmadmin - ok
15:23:44.0843 1848 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
15:23:45.0109 1848 dmboot - ok
15:23:45.0140 1848 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
15:23:45.0250 1848 dmio - ok
15:23:45.0312 1848 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:23:45.0453 1848 dmload - ok
15:23:45.0500 1848 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
15:23:45.0609 1848 dmserver - ok
15:23:45.0640 1848 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:23:45.0765 1848 DMusic - ok
15:23:45.0796 1848 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
15:23:45.0890 1848 Dnscache - ok
15:23:45.0937 1848 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
15:23:46.0062 1848 Dot3svc - ok
15:23:46.0109 1848 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:23:46.0234 1848 dpti2o - ok
15:23:46.0296 1848 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:23:46.0421 1848 drmkaud - ok
15:23:46.0484 1848 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
15:23:46.0484 1848 DSproct ( UnsignedFile.Multi.Generic ) - warning
15:23:46.0484 1848 DSproct - detected UnsignedFile.Multi.Generic (1)
15:23:46.0515 1848 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:23:46.0656 1848 E100B - ok
15:23:46.0703 1848 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
15:23:46.0828 1848 EapHost - ok
15:23:46.0875 1848 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
15:23:47.0000 1848 ERSvc - ok
15:23:47.0046 1848 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:23:47.0093 1848 Eventlog - ok
15:23:47.0140 1848 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
15:23:47.0187 1848 EventSystem - ok
15:23:47.0234 1848 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:23:47.0359 1848 Fastfat - ok
15:23:47.0406 1848 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:23:47.0515 1848 FastUserSwitchingCompatibility - ok
15:23:47.0578 1848 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
15:23:47.0796 1848 Fax - ok
15:23:47.0890 1848 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:23:48.0000 1848 Fdc - ok
15:23:48.0015 1848 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
15:23:48.0156 1848 Fips - ok
15:23:48.0187 1848 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:23:48.0328 1848 Flpydisk - ok
15:23:48.0390 1848 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:23:48.0531 1848 FltMgr - ok
15:23:48.0671 1848 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:23:48.0687 1848 FontCache3.0.0.0 - ok
15:23:48.0718 1848 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:23:48.0859 1848 Fs_Rec - ok
15:23:48.0890 1848 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:23:49.0031 1848 Ftdisk - ok
15:23:49.0078 1848 FWLANUSB (b45f1df1cce34e2af422f0ed78cd70ef) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
15:23:49.0171 1848 FWLANUSB - ok
15:23:49.0234 1848 fxusbase (ceaee19e1cb8e12e33cf5be90b39eb6d) C:\WINDOWS\system32\DRIVERS\fxusbase.sys
15:23:49.0484 1848 fxusbase - ok
15:23:49.0531 1848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:23:49.0546 1848 GEARAspiWDM - ok
15:23:49.0578 1848 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
15:23:49.0593 1848 ggflt - ok
15:23:49.0625 1848 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
15:23:49.0640 1848 ggsemc - ok
15:23:49.0656 1848 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:23:49.0796 1848 Gpc - ok
15:23:49.0843 1848 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:23:49.0984 1848 HDAudBus - ok
15:23:50.0062 1848 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:23:50.0218 1848 helpsvc - ok
15:23:50.0218 1848 HidServ - ok
15:23:50.0328 1848 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:23:50.0500 1848 HidUsb - ok
15:23:50.0531 1848 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
15:23:50.0703 1848 hkmsvc - ok
15:23:50.0718 1848 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:23:50.0843 1848 hpn - ok
15:23:50.0921 1848 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
15:23:51.0062 1848 HSF_DPV - ok
15:23:51.0078 1848 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
15:23:51.0125 1848 HSXHWAZL - ok
15:23:51.0171 1848 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:23:51.0265 1848 HTTP - ok
15:23:51.0296 1848 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
15:23:51.0437 1848 HTTPFilter - ok
15:23:51.0468 1848 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:23:51.0609 1848 i2omgmt - ok
15:23:51.0625 1848 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:23:51.0765 1848 i2omp - ok
15:23:51.0796 1848 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:23:51.0937 1848 i8042prt - ok
15:23:52.0046 1848 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:23:52.0265 1848 ialm - ok
15:23:52.0359 1848 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:23:52.0375 1848 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:23:52.0375 1848 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:23:52.0546 1848 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:23:52.0609 1848 idsvc - ok
15:23:52.0703 1848 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:23:52.0843 1848 Imapi - ok
15:23:52.0875 1848 ImapiService - ok
15:23:52.0890 1848 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:23:53.0031 1848 ini910u - ok
15:23:53.0062 1848 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:23:53.0203 1848 IntelIde - ok
15:23:53.0250 1848 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:23:53.0390 1848 intelppm - ok
15:23:53.0406 1848 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:23:53.0515 1848 Ip6Fw - ok
15:23:53.0531 1848 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:23:53.0656 1848 IpFilterDriver - ok
15:23:53.0718 1848 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:23:53.0843 1848 IpInIp - ok
15:23:53.0890 1848 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:23:54.0046 1848 IpNat - ok
15:23:54.0171 1848 iPod Service (49918803b661367023bf325cf602afdc) C:\Programme\iPod\bin\iPodService.exe
15:23:54.0234 1848 iPod Service - ok
15:23:54.0265 1848 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:23:54.0406 1848 IPSec - ok
15:23:54.0421 1848 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:23:54.0593 1848 IRENUM - ok
15:23:54.0625 1848 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:23:54.0781 1848 isapnp - ok
15:23:54.0906 1848 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Programme\Java\jre6\bin\jqs.exe
15:23:54.0937 1848 JavaQuickStarterService - ok
15:23:54.0953 1848 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:23:55.0109 1848 Kbdclass - ok
15:23:55.0140 1848 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:23:55.0296 1848 kmixer - ok
15:23:55.0406 1848 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:23:55.0515 1848 KSecDD - ok
15:23:55.0562 1848 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
15:23:55.0687 1848 lanmanserver - ok
15:23:55.0718 1848 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
15:23:55.0781 1848 lanmanworkstation - ok
15:23:55.0781 1848 lbrtfdc - ok
15:23:55.0828 1848 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
15:23:56.0031 1848 LmHosts - ok
15:23:56.0062 1848 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:23:56.0109 1848 mdmxsdk - ok
15:23:56.0156 1848 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
15:23:56.0265 1848 Messenger - ok
15:23:56.0328 1848 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
15:23:56.0343 1848 Microsoft Office Groove Audit Service - ok
15:23:56.0390 1848 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:23:56.0531 1848 mnmdd - ok
15:23:56.0578 1848 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
15:23:56.0734 1848 mnmsrvc - ok
15:23:56.0765 1848 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
15:23:56.0921 1848 Modem - ok
15:23:56.0937 1848 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:23:57.0093 1848 Mouclass - ok
15:23:57.0203 1848 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:23:57.0343 1848 mouhid - ok
15:23:57.0359 1848 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:23:57.0484 1848 MountMgr - ok
15:23:57.0500 1848 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:23:57.0609 1848 mraid35x - ok
15:23:57.0656 1848 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:23:57.0781 1848 MRxDAV - ok
15:23:57.0843 1848 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:23:57.0968 1848 MRxSmb - ok
15:23:58.0000 1848 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
15:23:58.0140 1848 MSDTC - ok
15:23:58.0156 1848 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:23:58.0296 1848 Msfs - ok
15:23:58.0296 1848 MSIServer - ok
15:23:58.0328 1848 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:23:58.0515 1848 MSKSSRV - ok
15:23:58.0531 1848 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:23:58.0656 1848 MSPCLOCK - ok
15:23:58.0656 1848 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:23:58.0796 1848 MSPQM - ok
15:23:58.0828 1848 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:23:58.0968 1848 mssmbios - ok
15:23:59.0000 1848 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:23:59.0046 1848 Mup - ok
15:23:59.0078 1848 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
15:23:59.0218 1848 napagent - ok
15:23:59.0390 1848 NBService (89844c3d3a7aae8999e229c88e452633) C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
15:23:59.0484 1848 NBService ( UnsignedFile.Multi.Generic ) - warning
15:23:59.0484 1848 NBService - detected UnsignedFile.Multi.Generic (1)
15:23:59.0531 1848 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:23:59.0703 1848 NDIS - ok
15:23:59.0734 1848 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:23:59.0812 1848 NdisTapi - ok
15:23:59.0828 1848 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:24:00.0031 1848 Ndisuio - ok
15:24:00.0140 1848 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:24:00.0281 1848 NdisWan - ok
15:24:00.0312 1848 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:24:00.0375 1848 NDProxy - ok
15:24:00.0406 1848 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:24:00.0531 1848 NetBIOS - ok
15:24:00.0562 1848 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:24:00.0781 1848 NetBT - ok
15:24:00.0828 1848 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:24:00.0953 1848 NetDDE - ok
15:24:00.0953 1848 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:24:01.0062 1848 NetDDEdsdm - ok
15:24:01.0171 1848 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:24:01.0296 1848 Netlogon - ok
15:24:01.0328 1848 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
15:24:01.0468 1848 Netman - ok
15:24:01.0562 1848 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:24:01.0593 1848 NetTcpPortSharing - ok
15:24:01.0640 1848 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:24:01.0812 1848 NIC1394 - ok
15:24:01.0937 1848 NICCONFIGSVC (8a6fa8e0b302df2496802aafda5ce810) C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
15:24:02.0000 1848 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - warning
15:24:02.0000 1848 NICCONFIGSVC - detected UnsignedFile.Multi.Generic (1)
15:24:02.0046 1848 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
15:24:02.0109 1848 Nla - ok
15:24:02.0187 1848 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
15:24:02.0234 1848 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
15:24:02.0234 1848 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
15:24:02.0265 1848 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:24:02.0421 1848 Npfs - ok
15:24:02.0484 1848 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:24:02.0734 1848 Ntfs - ok
15:24:02.0828 1848 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:24:02.0937 1848 NtLmSsp - ok
15:24:03.0000 1848 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
15:24:03.0203 1848 NtmsSvc - ok
15:24:03.0250 1848 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:24:03.0421 1848 Null - ok
15:24:03.0546 1848 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:24:03.0765 1848 nv - ok
15:24:03.0843 1848 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:24:04.0015 1848 NwlnkFlt - ok
15:24:04.0109 1848 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:24:04.0296 1848 NwlnkFwd - ok
15:24:04.0500 1848 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
15:24:04.0531 1848 odserv - ok
15:24:04.0578 1848 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:24:04.0703 1848 ohci1394 - ok
15:24:04.0750 1848 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
15:24:04.0781 1848 ose - ok
15:24:04.0812 1848 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
15:24:05.0000 1848 Parport - ok
15:24:05.0000 1848 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:24:05.0109 1848 PartMgr - ok
15:24:05.0218 1848 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
15:24:05.0359 1848 ParVdm - ok
15:24:05.0375 1848 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
15:24:05.0515 1848 PCI - ok
15:24:05.0515 1848 PCIDump - ok
15:24:05.0531 1848 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:24:05.0671 1848 PCIIde - ok
15:24:05.0703 1848 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:24:05.0875 1848 Pcmcia - ok
15:24:05.0875 1848 PDCOMP - ok
15:24:05.0875 1848 PDFRAME - ok
15:24:05.0890 1848 PDRELI - ok
15:24:05.0890 1848 PDRFRAME - ok
15:24:05.0984 1848 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:24:06.0140 1848 perc2 - ok
15:24:06.0234 1848 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:24:06.0390 1848 perc2hib - ok
15:24:06.0437 1848 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:24:06.0453 1848 PlugPlay - ok
15:24:06.0484 1848 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:24:06.0609 1848 PolicyAgent - ok
15:24:06.0640 1848 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:24:06.0781 1848 PptpMiniport - ok
15:24:06.0781 1848 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:24:06.0890 1848 ProtectedStorage - ok
15:24:06.0984 1848 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:24:07.0125 1848 PSched - ok
15:24:07.0171 1848 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:24:07.0312 1848 Ptilink - ok
15:24:07.0359 1848 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:24:07.0359 1848 PxHelp20 - ok
15:24:07.0390 1848 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\WINDOWS\system32\Drivers\PzWDM.sys
15:24:07.0406 1848 PzWDM ( UnsignedFile.Multi.Generic ) - warning
15:24:07.0406 1848 PzWDM - detected UnsignedFile.Multi.Generic (1)
15:24:07.0468 1848 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:24:07.0609 1848 ql1080 - ok
15:24:07.0625 1848 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:24:07.0781 1848 Ql10wnt - ok
15:24:07.0875 1848 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:24:08.0015 1848 ql12160 - ok
15:24:08.0125 1848 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:24:08.0265 1848 ql1240 - ok
15:24:08.0375 1848 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:24:08.0546 1848 ql1280 - ok
15:24:08.0562 1848 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:24:08.0765 1848 RasAcd - ok
15:24:08.0859 1848 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
15:24:09.0000 1848 RasAuto - ok
15:24:09.0031 1848 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:24:09.0171 1848 Rasl2tp - ok
15:24:09.0218 1848 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
15:24:09.0343 1848 RasMan - ok
15:24:09.0375 1848 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:24:09.0546 1848 RasPppoe - ok
15:24:09.0578 1848 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:24:09.0718 1848 Raspti - ok
15:24:09.0828 1848 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:24:10.0000 1848 Rdbss - ok
15:24:10.0031 1848 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:24:10.0171 1848 RDPCDD - ok
15:24:10.0234 1848 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:24:10.0406 1848 rdpdr - ok
15:24:10.0453 1848 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:24:10.0515 1848 RDPWD - ok
15:24:10.0562 1848 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
15:24:10.0703 1848 RDSessMgr - ok
15:24:10.0750 1848 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:24:10.0953 1848 redbook - ok
15:24:11.0031 1848 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
15:24:11.0171 1848 RemoteAccess - ok
15:24:11.0218 1848 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
15:24:11.0359 1848 RemoteRegistry - ok
15:24:11.0421 1848 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
15:24:11.0562 1848 RpcLocator - ok
15:24:11.0625 1848 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:24:11.0671 1848 RpcSs - ok
15:24:11.0734 1848 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
15:24:11.0875 1848 RSVP - ok
15:24:11.0906 1848 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:24:12.0046 1848 SamSs - ok
15:24:12.0140 1848 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
15:24:12.0296 1848 SCardSvr - ok
15:24:12.0406 1848 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
15:24:12.0562 1848 Schedule - ok
15:24:12.0609 1848 sdcplh (dac1594437cd44ff57fafc71256fe7f3) C:\WINDOWS\system32\drivers\sdcplh.sys
15:24:12.0640 1848 sdcplh ( UnsignedFile.Multi.Generic ) - warning
15:24:12.0640 1848 sdcplh - detected UnsignedFile.Multi.Generic (1)
15:24:12.0687 1848 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:24:12.0859 1848 Secdrv - ok
15:24:12.0953 1848 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
15:24:13.0093 1848 seclogon - ok
15:24:13.0125 1848 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
15:24:13.0250 1848 SENS - ok
15:24:13.0296 1848 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:24:13.0406 1848 serenum - ok
15:24:13.0421 1848 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
15:24:13.0578 1848 Serial - ok
15:24:13.0609 1848 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:24:13.0750 1848 Sfloppy - ok
15:24:13.0812 1848 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
15:24:13.0984 1848 SharedAccess - ok
15:24:14.0031 1848 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:24:14.0062 1848 ShellHWDetection - ok
15:24:14.0078 1848 Simbad - ok
15:24:14.0109 1848 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:24:14.0250 1848 sisagp - ok
15:24:14.0312 1848 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:24:14.0406 1848 Sparrow - ok
15:24:14.0453 1848 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:24:14.0562 1848 splitter - ok
15:24:14.0593 1848 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:24:14.0671 1848 Spooler - ok
15:24:14.0718 1848 sptd (73205bd9a388639c210636793fe3fd61) C:\WINDOWS\System32\Drivers\sptd.sys
15:24:14.0765 1848 sptd - ok
15:24:14.0796 1848 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
15:24:14.0921 1848 sr - ok
15:24:15.0000 1848 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
15:24:15.0125 1848 srservice - ok
15:24:15.0187 1848 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:24:15.0296 1848 Srv - ok
15:24:15.0328 1848 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
15:24:15.0453 1848 SSDPSRV - ok
15:24:15.0500 1848 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:24:15.0500 1848 ssmdrv - ok
15:24:15.0593 1848 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
15:24:15.0750 1848 STHDA - ok
15:24:15.0796 1848 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
15:24:15.0953 1848 stisvc - ok
15:24:16.0015 1848 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:24:16.0156 1848 swenum - ok
15:24:16.0187 1848 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:24:16.0296 1848 swmidi - ok
15:24:16.0296 1848 SwPrv - ok
15:24:16.0421 1848 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:24:16.0562 1848 symc810 - ok
15:24:16.0578 1848 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:24:16.0718 1848 symc8xx - ok
15:24:16.0718 1848 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:24:16.0843 1848 sym_hi - ok
15:24:16.0859 1848 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:24:16.0968 1848 sym_u3 - ok
15:24:17.0078 1848 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:24:17.0187 1848 sysaudio - ok
15:24:17.0250 1848 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
15:24:17.0375 1848 SysmonLog - ok
15:24:17.0453 1848 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
15:24:17.0593 1848 TapiSrv - ok
15:24:17.0656 1848 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:24:17.0718 1848 Tcpip - ok
15:24:17.0750 1848 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:24:17.0890 1848 TDPIPE - ok
15:24:17.0906 1848 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:24:18.0031 1848 TDTCP - ok
15:24:18.0046 1848 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:24:18.0187 1848 TermDD - ok
15:24:18.0234 1848 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
15:24:18.0390 1848 TermService - ok
15:24:18.0437 1848 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:24:18.0453 1848 Themes - ok
15:24:18.0484 1848 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
15:24:18.0625 1848 TlntSvr - ok
15:24:18.0640 1848 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
15:24:18.0640 1848 toshidpt ( UnsignedFile.Multi.Generic ) - warning
15:24:18.0640 1848 toshidpt - detected UnsignedFile.Multi.Generic (1)
15:24:18.0671 1848 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
15:24:18.0796 1848 TosIde - ok
15:24:18.0812 1848 tosporte (aeb0a824ddb4f3cc7b476174c8692d47) C:\WINDOWS\system32\DRIVERS\tosporte.sys
15:24:18.0828 1848 tosporte ( UnsignedFile.Multi.Generic ) - warning
15:24:18.0828 1848 tosporte - detected UnsignedFile.Multi.Generic (1)
15:24:18.0890 1848 Tosrfbd (c1e77b1033969ea316c76f61adff2ad1) C:\WINDOWS\system32\Drivers\tosrfbd.sys
15:24:18.0921 1848 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
15:24:18.0921 1848 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
15:24:18.0921 1848 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
15:24:18.0937 1848 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
15:24:18.0937 1848 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
15:24:18.0968 1848 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
15:24:18.0968 1848 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
15:24:18.0968 1848 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
15:24:18.0984 1848 Tosrfhid (7dfd6b1077b3ff19877fd67a04fed2a2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
15:24:19.0000 1848 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
15:24:19.0000 1848 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
15:24:19.0000 1848 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
15:24:19.0031 1848 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
15:24:19.0031 1848 tosrfnds - detected UnsignedFile.Multi.Generic (1)
15:24:19.0062 1848 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
15:24:19.0093 1848 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
15:24:19.0093 1848 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
15:24:19.0125 1848 Tosrfusb (730a65f13398a1737f1a78a7b1620ec6) C:\WINDOWS\system32\Drivers\tosrfusb.sys
15:24:19.0156 1848 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
15:24:19.0156 1848 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
15:24:19.0187 1848 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
15:24:19.0343 1848 TrkWks - ok
15:24:19.0390 1848 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:24:19.0562 1848 Udfs - ok
15:24:19.0609 1848 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:24:19.0671 1848 ultra - ok
15:24:19.0718 1848 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:24:19.0906 1848 Update - ok
15:24:19.0953 1848 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
15:24:20.0093 1848 upnphost - ok
15:24:20.0109 1848 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
15:24:20.0234 1848 UPS - ok
15:24:20.0281 1848 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:24:20.0359 1848 USBAAPL - ok
15:24:20.0390 1848 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:24:20.0515 1848 usbccgp - ok
15:24:20.0531 1848 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:24:20.0671 1848 usbehci - ok
15:24:20.0687 1848 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:24:20.0843 1848 usbhub - ok
15:24:20.0890 1848 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:24:21.0062 1848 usbprint - ok
15:24:21.0171 1848 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:24:21.0296 1848 usbscan - ok
15:24:21.0312 1848 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:24:21.0437 1848 USBSTOR - ok
15:24:21.0453 1848 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:24:21.0578 1848 usbuhci - ok
15:24:21.0609 1848 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:24:21.0781 1848 VgaSave - ok
15:24:21.0812 1848 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:24:21.0953 1848 viaagp - ok
15:24:22.0031 1848 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:24:22.0171 1848 ViaIde - ok
15:24:22.0187 1848 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
15:24:22.0359 1848 VolSnap - ok
15:24:22.0421 1848 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
15:24:22.0593 1848 VSS - ok
15:24:22.0625 1848 w32time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
15:24:22.0796 1848 w32time - ok
15:24:22.0796 1848 w810bus - ok
15:24:22.0812 1848 w810mdfl - ok
15:24:22.0812 1848 w810mdm - ok
15:24:22.0828 1848 w810mgmt - ok
15:24:22.0828 1848 w810obex - ok
15:24:22.0937 1848 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:24:23.0109 1848 Wanarp - ok
15:24:23.0250 1848 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:24:23.0296 1848 Wdf01000 - ok
15:24:23.0296 1848 WDICA - ok
15:24:23.0343 1848 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:24:23.0546 1848 wdmaud - ok
15:24:23.0593 1848 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
15:24:23.0718 1848 WebClient - ok
15:24:23.0781 1848 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
15:24:23.0875 1848 winachsf - ok
15:24:23.0953 1848 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:24:24.0125 1848 winmgmt - ok
15:24:24.0140 1848 wltrysvc - ok
15:24:24.0203 1848 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:24:24.0312 1848 WmdmPmSN - ok
15:24:24.0375 1848 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
15:24:24.0453 1848 Wmi - ok
15:24:24.0515 1848 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:24:24.0671 1848 WmiAcpi - ok
15:24:24.0796 1848 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:24:25.0000 1848 WmiApSrv - ok
15:24:25.0203 1848 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
15:24:25.0312 1848 WMPNetworkSvc - ok
15:24:25.0359 1848 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:24:25.0390 1848 WpdUsb - ok
15:24:25.0421 1848 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
15:24:25.0562 1848 wscsvc - ok
15:24:25.0593 1848 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
15:24:25.0781 1848 wuauserv - ok
15:24:25.0828 1848 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:24:25.0859 1848 WudfPf - ok
15:24:25.0890 1848 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:24:25.0921 1848 WudfRd - ok
15:24:25.0953 1848 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:24:26.0000 1848 WudfSvc - ok
15:24:26.0078 1848 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
15:24:26.0265 1848 WZCSVC - ok
15:24:26.0312 1848 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
15:24:26.0515 1848 xmlprov - ok
15:24:26.0593 1848 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:24:26.0843 1848 \Device\Harddisk0\DR0 - ok
15:24:26.0843 1848 Boot (0x1200) (a967b5e9b40089b82fb4a9d49a598a3a) \Device\Harddisk0\DR0\Partition0
15:24:26.0843 1848 \Device\Harddisk0\DR0\Partition0 - ok
15:24:26.0843 1848 ============================================================
15:24:26.0843 1848 Scan finished
15:24:26.0843 1848 ============================================================
15:24:26.0984 0436 Detected object count: 18
15:24:26.0984 0436 Actual detected object count: 18
15:26:44.0343 0436 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0343 0436 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0359 0436 Bluetooth Hid Switch Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0390 0436 Bluetooth Hid Switch Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0390 0436 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0390 0436 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0390 0436 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0390 0436 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0390 0436 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0390 0436 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0390 0436 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0390 0436 NICCONFIGSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0390 0436 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0390 0436 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 PzWDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 PzWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 sdcplh ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 sdcplh ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0406 0436 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0406 0436 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0421 0436 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0421 0436 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0421 0436 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0421 0436 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0421 0436 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0421 0436 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:44.0421 0436 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:44.0421 0436 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:08.0015 3732 Deinitialize success
|
|
30.04.2012, 17:27
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART HDD Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2012, 18:34
| #21 |
| | SMART HDD Virus Hallo! Hier die Ergebnisse: Code:
ATTFilter ComboFix 12-05-01.02 - Sam 01.05.2012 19:15:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1014.508 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sam\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\1.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\2229.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\2260.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\a.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\b.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\c.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\d.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\e.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\f.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\g.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\h.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\i.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\j.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\k.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\l.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\m.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\n.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\o.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\p.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\q.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\r.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\s.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\t.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\u.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\v.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\w.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\wlu.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\x.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\y.txt
c:\dokumente und einstellungen\Sam\Anwendungsdaten\PriceGong\Data\z.txt
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-04-01 bis 2012-05-01 ))))))))))))))))))))))))))))))
.
.
2012-04-29 13:28 . 2012-04-29 13:28 -------- d-----w- C:\_OTL
2012-04-28 06:41 . 2012-04-28 06:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-28 06:41 . 2012-04-28 06:41 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-25 19:17 . 2012-04-25 19:17 -------- d-----w- c:\programme\ESET
2012-04-24 18:39 . 2012-04-24 18:39 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-04-24 18:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-22 19:29 . 2012-04-22 19:29 -------- d-----w- c:\dokumente und einstellungen\Sam\Anwendungsdaten\Malwarebytes
2012-04-22 19:28 . 2012-04-22 19:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-04-02 16:38 . 2012-04-13 21:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 06:41 . 2010-04-29 07:49 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 21:21 . 2011-06-20 19:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:00 . 2004-08-13 12:40 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-13 12:40 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-08-13 12:40 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2004-08-13 12:40 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-13 12:40 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-13 12:40 385024 ---ha-w- c:\windows\system32\html.iec
2012-02-15 18:24 . 2012-01-08 13:54 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 09:57 . 2004-08-13 12:40 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-03-17 20:29 . 2012-03-08 18:03 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Sam\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Sam\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Sam\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\Sam\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-31 1392640]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"AVMWlanClient"="c:\programme\avmwlanstick\FRITZWLANMini.exe" [2006-06-23 343552]
"Apoint"="c:\programme\Apoint\Apoint.exe" [2005-10-07 176128]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Sam\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Sam\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MediaChecker.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\MediaChecker.lnk
backup=c:\windows\pss\MediaChecker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Sam^Startmenü^Programme^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\Sam\Startmenü\Programme\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
2007-11-30 13:48 789144 ----a-w- c:\programme\HOTALBUMMyBOX\MBBalloon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2 (0x2)
"Fax"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ModemOnHold"=c:\programme\NetWaiting\netwaiting.exe
"DellSupport"="c:\programme\Dell Support\DSAgnt.exe" /startup
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SigmatelSysTrayApp"=stsystra.exe
"Dell QuickSet"=c:\programme\Dell\QuickSet\quickset.exe
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe"
"SunJavaUpdateSched"=c:\programme\Java\jre1.5.0_06\bin\jusched.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
"BuildBU"=c:\dell\bldbubg.exe
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\LimeWire\\LimeWire.exe"=
"c:\\Programme\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Dokumente und Einstellungen\\Sam\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [31.12.2008 15:31 15172]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [08.01.2012 15:54 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.01.2012 15:54 86224]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [11.03.2007 18:59 37568]
S3 22f6a6a7-fb36-431b-a8d2-f1784bfa8728;22f6a6a7-fb36-431b-a8d2-f1784bfa8728;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 18:38 253088]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [07.04.2007 16:07 264704]
S3 fxusbase;AVM ISDN-Connector FRITZ!X USB;c:\windows\system32\drivers\fxusbase.sys [11.03.2007 18:59 454912]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.06.2011 21:29 13224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.05.2007 18:17 639224]
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:21]
.
2012-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2010-01-24 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Macromed\Shockwave 10\nssstub.exe [2010-01-23 18:05]
.
2012-05-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.220.1
FF - ProfilePath - c:\dokumente und einstellungen\Sam\Anwendungsdaten\Mozilla\Firefox\Profiles\mkt5m6xy.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ixquick
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
BHO-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
MSConfigStartUp-Sony Ericsson PC Companion - c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-01 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-05-01 19:27:59
ComboFix-quarantined-files.txt 2012-05-01 17:27
.
Vor Suchlauf: 5 Verzeichnis(se), 10.183.925.760 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 10.346.721.280 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ACAB764A38581613FA9AE7502D81B138
|
|
01.05.2012, 19:07
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART HDD Virus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 06:23
| #23 |
| | SMART HDD Virus Hier OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 07:19:59 on 02.05.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Install_NSS.job" - "Symantec Corporation" - C:\WINDOWS\system32\Macromed\Shockwave 10\nssstub.exe "WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl "BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl "NicConfigSvc.cpl" - "Dell Inc." - C:\WINDOWS\system32\NicConfigSvc.cpl "stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "22f6a6a7-fb36-431b-a8d2-f1784bfa8728" (22f6a6a7-fb36-431b-a8d2-f1784bfa8728) - ? - D:\Player\cds300.dll (File not found) "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys "Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys "Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys "Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys "Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys "Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys "Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys "Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys "catchme" (catchme) - ? - C:\DOKUME~1\Sam\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DSproct" (DSproct) - "GTek Technologies Ltd." - C:\Programme\Dell Support\GTAction\triggers\DSproct.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "pxtdipow" (pxtdipow) - ? - C:\DOKUME~1\Sam\LOKALE~1\Temp\pxtdipow.sys (Hidden registry entry, rootkit activity | File not found) "PzWDM" (PzWDM) - "Prassi Technology" - C:\WINDOWS\System32\Drivers\PzWDM.sys "sdcplh" (sdcplh) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\drivers\sdcplh.sys "Sony Ericsson W810 Driver driver (WDM)" (w810bus) - ? - C:\WINDOWS\System32\DRIVERS\w810bus.sys (File not found) "Sony Ericsson W810 USB WMC Device Management Drivers (WDM)" (w810mgmt) - ? - C:\WINDOWS\System32\DRIVERS\w810mgmt.sys (File not found) "Sony Ericsson W810 USB WMC Modem Driver" (w810mdm) - ? - C:\WINDOWS\System32\DRIVERS\w810mdm.sys (File not found) "Sony Ericsson W810 USB WMC Modem Filter" (w810mdfl) - ? - C:\WINDOWS\System32\DRIVERS\w810mdfl.sys (File not found) "Sony Ericsson W810 USB WMC OBEX Interface" (w810obex) - ? - C:\WINDOWS\System32\DRIVERS\w810obex.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\WINDOWS\Downloaded Program Files\popcaploader.dll (File not found) / hxxp://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Verzenden naar OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\BAE\BAE.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Sam\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe "Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - ? - C:\WINDOWS\system32\imapi.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "NICCONFIGSVC" (NICCONFIGSVC) - "Dell Inc." - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
02.05.2012, 13:49
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART HDD Virus Was ist mit den anderen Logs?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 17:40
| #25 |
| | SMART HDD Virus Kommen noch. Sorry hab nicht besonders viel Zeit im Moment. Avira hat sich wieder gemeldet: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 2. Mai 2012 23:58 Es wird nach 3731602 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 3) [5.1.2600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : TINA Versionsinformationen: BUILD.DAT : 12.0.0.898 41963 Bytes 31.01.2012 13:51:00 AVSCAN.EXE : 12.1.0.20 492496 Bytes 15.02.2012 18:24:28 AVSCAN.DLL : 12.1.0.18 65744 Bytes 15.02.2012 18:24:26 LUKE.DLL : 12.1.0.19 68304 Bytes 15.02.2012 18:24:29 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15.02.2012 18:24:31 AVREG.DLL : 12.1.0.36 229128 Bytes 06.04.2012 08:48:35 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 18:35:15 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 16:43:52 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 17:24:55 VBASE005.VDF : 7.11.26.45 2048 Bytes 28.03.2012 17:24:58 VBASE006.VDF : 7.11.26.46 2048 Bytes 28.03.2012 17:24:58 VBASE007.VDF : 7.11.26.47 2048 Bytes 28.03.2012 17:24:58 VBASE008.VDF : 7.11.26.48 2048 Bytes 28.03.2012 17:24:58 VBASE009.VDF : 7.11.26.49 2048 Bytes 28.03.2012 17:24:59 VBASE010.VDF : 7.11.26.50 2048 Bytes 28.03.2012 17:24:59 VBASE011.VDF : 7.11.26.51 2048 Bytes 28.03.2012 17:25:00 VBASE012.VDF : 7.11.26.52 2048 Bytes 28.03.2012 17:25:00 VBASE013.VDF : 7.11.26.53 2048 Bytes 28.03.2012 17:25:00 VBASE014.VDF : 7.11.26.107 221696 Bytes 30.03.2012 09:17:50 VBASE015.VDF : 7.11.26.179 224768 Bytes 02.04.2012 16:30:51 VBASE016.VDF : 7.11.26.241 142336 Bytes 04.04.2012 18:32:47 VBASE017.VDF : 7.11.27.41 247808 Bytes 08.04.2012 20:00:54 VBASE018.VDF : 7.11.27.107 161280 Bytes 12.04.2012 20:00:53 VBASE019.VDF : 7.11.27.159 148992 Bytes 13.04.2012 20:00:58 VBASE020.VDF : 7.11.27.201 207360 Bytes 17.04.2012 18:43:16 VBASE021.VDF : 7.11.28.3 237568 Bytes 19.04.2012 20:00:21 VBASE022.VDF : 7.11.28.49 193536 Bytes 20.04.2012 07:13:30 VBASE023.VDF : 7.11.28.99 195072 Bytes 23.04.2012 18:30:25 VBASE024.VDF : 7.11.28.133 247808 Bytes 24.04.2012 18:30:26 VBASE025.VDF : 7.11.28.183 186880 Bytes 26.04.2012 04:25:15 VBASE026.VDF : 7.11.28.235 166400 Bytes 30.04.2012 12:42:46 VBASE027.VDF : 7.11.28.236 2048 Bytes 30.04.2012 12:42:46 VBASE028.VDF : 7.11.28.237 2048 Bytes 30.04.2012 12:42:47 VBASE029.VDF : 7.11.28.238 2048 Bytes 30.04.2012 12:42:47 VBASE030.VDF : 7.11.28.239 2048 Bytes 30.04.2012 12:42:47 VBASE031.VDF : 7.11.29.12 120320 Bytes 02.05.2012 16:33:07 Engineversion : 8.2.10.58 AEVDF.DLL : 8.1.2.2 106868 Bytes 09.01.2012 18:35:41 AESCRIPT.DLL : 8.1.4.18 455034 Bytes 27.04.2012 04:25:30 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 19:30:37 AESBX.DLL : 8.2.5.5 606579 Bytes 12.03.2012 18:30:03 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06 AEPACK.DLL : 8.2.16.9 807287 Bytes 31.03.2012 09:19:31 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27.04.2012 04:25:29 AEHEUR.DLL : 8.1.4.21 4682102 Bytes 27.04.2012 04:25:28 AEHELP.DLL : 8.1.20.0 254326 Bytes 27.04.2012 04:25:18 AEGEN.DLL : 8.1.5.28 422260 Bytes 27.04.2012 04:25:18 AEEXP.DLL : 8.1.0.33 82293 Bytes 27.04.2012 04:25:30 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01 AECORE.DLL : 8.1.25.6 201078 Bytes 15.03.2012 18:28:52 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 13:59:41 AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 13:59:38 AVREP.DLL : 12.1.0.17 179408 Bytes 11.10.2011 13:59:38 AVARKT.DLL : 12.1.0.23 209360 Bytes 15.02.2012 18:24:26 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 13:59:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 13:59:51 AVSMTP.DLL : 12.1.0.17 62928 Bytes 11.10.2011 13:59:39 NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 13:59:47 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 11.10.2011 14:00:00 RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 14:00:00 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\TEMP\AVGUARD_4fa16165\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Mittwoch, 2. Mai 2012 23:58 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'aswMBR.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AdobeUpdater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HidFind.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMBgMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FRITZWLANMini.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WLTRAY.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NICCONFIGSVC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'bcmwltry.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WLTRYSVC.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Dokumente und Einstellungen\Sam\Lokale Einstellungen\temp\_avast4_\unp161386943.tmp' C:\Dokumente und Einstellungen\Sam\Lokale Einstellungen\temp\_avast4_\unp161386943.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen Beginne mit der Desinfektion: C:\Dokumente und Einstellungen\Sam\Lokale Einstellungen\temp\_avast4_\unp161386943.tmp [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [WARNUNG] Die Datei wurde ignoriert. Ende des Suchlaufs: Mittwoch, 2. Mai 2012 23:58 Benötigte Zeit: 00:20 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 684 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 683 Dateien ohne Befall 1 Archive wurden durchsucht 1 Warnungen 0 Hinweise Die Suchergebnisse werden an den Guard übermittelt. Hier noch aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-02 23:50:12
-----------------------------
23:50:12.421 OS Version: Windows 5.1.2600 Service Pack 3
23:50:12.421 Number of processors: 2 586 0xE08
23:50:12.421 ComputerName: TINA UserName: Sam
23:50:12.796 Initialize success
23:55:06.765 AVAST engine defs: 12050201
23:55:53.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:55:53.421 Disk 0 Vendor: ST980825AS 8.04 Size: 76319MB BusType: 3
23:55:53.453 Disk 0 MBR read successfully
23:55:53.453 Disk 0 MBR scan
23:55:53.703 Disk 0 Windows XP default MBR code
23:55:53.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
23:55:53.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 160650
23:55:53.812 Disk 0 scanning sectors +156296385
23:55:53.921 Disk 0 scanning C:\WINDOWS\system32\drivers
23:56:25.312 Service scanning
23:56:25.984 Service 22f6a6a7-fb36-431b-a8d2-f1784bfa8728 D:\Player\cds300.dll **LOCKED** 21
23:56:50.125 Modules scanning
23:56:56.906 Disk 0 trace - called modules:
23:56:56.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys atapi.sys pciide.sys PCIIDEX.SYS
23:56:56.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa4ab8]
23:56:56.984 3 CLASSPNP.SYS[f75bdfd7] -> nt!IofCallDriver -> \Device\0000007e[0x86f8a818]
23:56:57.000 5 ACPI.sys[f7453620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ef9940]
23:56:57.015 \Driver\atapi[0x86f5e510] -> IRP_MJ_DEVICE_CONTROL -> sdcplh.sys[0xf7734a08]
23:56:57.031 \Driver\atapi[0x86f5e510] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sdcplh.sys[0xf7734684]
23:56:57.796 AVAST engine scan C:\WINDOWS
23:57:33.484 AVAST engine scan C:\WINDOWS\system32
00:02:48.125 AVAST engine scan C:\WINDOWS\system32\drivers
00:03:13.250 AVAST engine scan C:\Dokumente und Einstellungen\Sam
00:04:43.875 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sam\Desktop\MBR.dat"
00:04:44.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sam\Desktop\aswMBR.txt"
|
|
05.05.2012, 13:21
| #26 |
| | SMART HDD Virus Wie stehts denn mit dem Virus? |
|
06.05.2012, 18:17
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART HDD VirusZitat:
Was ist mit GMER, ging das nicht weil es abstürzte?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2012, 06:07
| #28 |
| | SMART HDD Virus Hab irgendwie immer Probleme die logs wieder zu finden. Hier GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-07 07:02:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980825AS rev.8.04
Running: nh36eyqg.exe; Driver: C:\DOKUME~1\Sam\LOKALE~1\Temp\pxtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT F7BFED74 ZwClose
SSDT F7BFED2E ZwCreateKey
SSDT F7BFED7E ZwCreateSection
SSDT F7BFED24 ZwCreateThread
SSDT F7BFED33 ZwDeleteKey
SSDT F7BFED3D ZwDeleteValueKey
SSDT F7BFED6F ZwDuplicateObject
SSDT F7BFED42 ZwLoadKey
SSDT F7BFED10 ZwOpenProcess
SSDT F7BFED15 ZwOpenThread
SSDT F7BFED97 ZwQueryValueKey
SSDT F7BFED4C ZwReplaceKey
SSDT F7BFED88 ZwRequestWaitReplyPort
SSDT F7BFED47 ZwRestoreKey
SSDT F7BFED83 ZwSetContextThread
SSDT F7BFED8D ZwSetSecurityObject
SSDT F7BFED38 ZwSetValueKey
SSDT F7BFED92 ZwSystemDebugControl
SSDT F7BFED1F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xF791930E]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \FileSystem\Fastfat \Fat A8E27D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
---- EOF - GMER 1.0.15 ----
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-07 07:02:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980825AS rev.8.04
Running: nh36eyqg.exe; Driver: C:\DOKUME~1\Sam\LOKALE~1\Temp\pxtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT F7BFED74 ZwClose
SSDT F7BFED2E ZwCreateKey
SSDT F7BFED7E ZwCreateSection
SSDT F7BFED24 ZwCreateThread
SSDT F7BFED33 ZwDeleteKey
SSDT F7BFED3D ZwDeleteValueKey
SSDT F7BFED6F ZwDuplicateObject
SSDT F7BFED42 ZwLoadKey
SSDT F7BFED10 ZwOpenProcess
SSDT F7BFED15 ZwOpenThread
SSDT F7BFED97 ZwQueryValueKey
SSDT F7BFED4C ZwReplaceKey
SSDT F7BFED88 ZwRequestWaitReplyPort
SSDT F7BFED47 ZwRestoreKey
SSDT F7BFED83 ZwSetContextThread
SSDT F7BFED8D ZwSetSecurityObject
SSDT F7BFED38 ZwSetValueKey
SSDT F7BFED92 ZwSystemDebugControl
SSDT F7BFED1F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\PzWDM.sys entry point in "init" section [0xF791930E]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort0 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdePort1 sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sdcplh.sys (SDCPLH/Macrovision Europe Ltd)
Device \FileSystem\Fastfat \Fat A8E27D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA1 0x12 0xA9 0x72 ...
---- EOF - GMER 1.0.15 ----
|
|
07.05.2012, 09:54
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SMART HDD VirusZitat:
Mach danach bitte ein neues Log mit OSAM und mit aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2012, 16:59
| #30 |
| | SMART HDD Virus Hallo! Da ich nicht richtig sicher war, ob das so richtig ist. Habe ich bisher nur deaktiviert und dann OSAM nochmal laufen lassen. Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:57:35 on 07.05.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Install_NSS.job" - "Symantec Corporation" - C:\WINDOWS\system32\Macromed\Shockwave 10\nssstub.exe "WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl "BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl "NicConfigSvc.cpl" - "Dell Inc." - C:\WINDOWS\system32\NicConfigSvc.cpl "stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - C:\WINDOWS\System32\drivers\TosRfSnd.sys "Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys "Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosporte.sys "Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfbnp.sys "Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfbd.sys "Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - C:\WINDOWS\System32\Drivers\tosrfcom.sys "Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys "Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - C:\WINDOWS\System32\Drivers\tosrfusb.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DSproct" (DSproct) - "GTek Technologies Ltd." - C:\Programme\Dell Support\GTAction\triggers\DSproct.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "PzWDM" (PzWDM) - "Prassi Technology" - C:\WINDOWS\System32\Drivers\PzWDM.sys "sdcplh" (sdcplh) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\drivers\sdcplh.sys "Sony Ericsson W810 Driver driver (WDM)" (w810bus) - ? - C:\WINDOWS\System32\DRIVERS\w810bus.sys (File not found) "Sony Ericsson W810 USB WMC Device Management Drivers (WDM)" (w810mgmt) - ? - C:\WINDOWS\System32\DRIVERS\w810mgmt.sys (File not found) "Sony Ericsson W810 USB WMC Modem Driver" (w810mdm) - ? - C:\WINDOWS\System32\DRIVERS\w810mdm.sys (File not found) "Sony Ericsson W810 USB WMC Modem Filter" (w810mdfl) - ? - C:\WINDOWS\System32\DRIVERS\w810mdfl.sys (File not found) "Sony Ericsson W810 USB WMC OBEX Interface" (w810obex) - ? - C:\WINDOWS\System32\DRIVERS\w810obex.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - C:\WINDOWS\System32\drivers\Toshidpt.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\WINDOWS\Downloaded Program Files\popcaploader.dll (File not found) / hxxp://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Verzenden naar OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\BAE\BAE.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Sam\Startmenü\Programme\Autostart\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Sam\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin GmbH" - C:\Programme\avmwlanstick\FRITZWLANMini.exe "Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "IMAPI-CD-Brenn-COM-Dienste" (ImapiService) - ? - C:\WINDOWS\system32\imapi.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "NBService" (NBService) - "Nero AG" - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe "NICCONFIGSVC" (NICCONFIGSVC) - "Dell Inc." - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-07 18:06:12
-----------------------------
18:06:12.656 OS Version: Windows 5.1.2600 Service Pack 3
18:06:12.656 Number of processors: 2 586 0xE08
18:06:12.656 ComputerName: TINA UserName: Sam
18:06:13.203 Initialize success
18:11:23.453 AVAST engine defs: 12050700
18:14:33.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:14:34.000 Disk 0 Vendor: ST980825AS 8.04 Size: 76319MB BusType: 3
18:14:34.031 Disk 0 MBR read successfully
18:14:34.031 Disk 0 MBR scan
18:14:34.078 Disk 0 Windows XP default MBR code
18:14:34.078 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
18:14:34.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76238 MB offset 160650
18:14:34.125 Disk 0 scanning sectors +156296385
18:14:34.218 Disk 0 scanning C:\WINDOWS\system32\drivers
18:14:55.046 Service scanning
18:15:16.250 Modules scanning
18:15:20.390 Disk 0 trace - called modules:
18:15:20.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys atapi.sys pciide.sys PCIIDEX.SYS
18:15:20.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87173ab8]
18:15:20.437 3 CLASSPNP.SYS[f753dfd7] -> nt!IofCallDriver -> \Device\0000007e[0x87172f18]
18:15:20.437 5 ACPI.sys[f7384620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87181940]
18:15:20.453 \Driver\atapi[0x87166510] -> IRP_MJ_DEVICE_CONTROL -> sdcplh.sys[0xf7634a08]
18:15:20.453 \Driver\atapi[0x87166510] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sdcplh.sys[0xf7634684]
18:15:20.906 AVAST engine scan C:\WINDOWS
18:16:03.000 AVAST engine scan C:\WINDOWS\system32
18:18:57.593 AVAST engine scan C:\WINDOWS\system32\drivers
18:19:17.312 AVAST engine scan C:\Dokumente und Einstellungen\Sam
18:24:27.640 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Sam\Desktop\MBR.dat"
18:24:27.640 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Sam\Desktop\aswMBR2.txt"
|
|
| Themen zu SMART HDD Virus |
| adobe, af-hss toolbar, antivir, avira, bonjour, computer, cpu, desktop, einstellungen, email, fehlermeldung, firefox, flash player, format, internet, mozilla, plug-in, problem, scan, software, stick, svchost, system, usb, virus, windows, windows internet, windows xp |
Linear-Darstellung
