| |
| |||||||
Log-Analyse und Auswertung: Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.08.2009, 11:14
| #1 |
 |  Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... Hallo, wäre nett wenn mir jemand sagen könnte ob irgendwo Viren im System sitzen: seit einiger Zeit verhält sich mein Laptop seltsam, Virenscans (Antivir) stürzen ab, er ist teilweise sehr langsam, beim Video-Streaming hakt das Bild in regelmäßigen Abständen extrem und auf einer Externen Festplatte hat Antivir nach dem Anschließen Viren endeckt (der hier wars: In der Datei 'H:\Downloads\inst(2).exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Datei löschen). Teilweise ließ sich nach Programmabsturz auch der Taskmanager über Strg+Alt+Entf nicht aufrufen. ("Das Sicherheitsdialogfenster kann nicht erstellt werden." (nur sinngemäß)) Das ist aber in letzter Zeit nicht mehr aufgetreten. Außerdem Bluescreens "DRIVER POWER STATE FAILURE" sowie selbständiges Neustarten. Dr. Web hat im abgesicherten Modus alle Festplatten samt externen gescannt und keine Viren gefunden. Wenn ich mbr.exe vom Desktop starte reagiert der Laptop nicht mehr... Vielen Dank für Eure Mühe Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:36:50, on 03.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe D:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Windows\System32\WLTRAY.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Trillian\trillian.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\svchost.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe D:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\system32\svchost.exe D:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\System32\svchost.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\svchost.exe D:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\blaxXxun\Documents\Downloads\9egd2it2.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\blaxXxun\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10156 bytes Geändert von blaxXxun (03.08.2009 um 11:29 Uhr) |
|
03.08.2009, 12:00
| #2 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... MAV ist eben abgeschmiert beim Scan...hier ist der log vom letzten der noch durchgegangen ist:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2535
Windows 6.0.6001 Service Pack 1
31.07.2009 21:23:38
mbam-log-2009-07-31 (21-23-38).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 345064
Laufzeit: 5 hour(s), 0 minute(s), 42 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
03.08.2009, 13:02
| #3 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... CCleaner, MAV und SUPERAntiSpyware sind wärend der Suche abgestürzt...
__________________ |
|
03.08.2009, 16:56
| #4 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... und einmal das RSIT: Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by blaxXxun at 2009-08-03 17:50:51 Microsoft® Windows Vista™ Business Service Pack 1 System drive C: has 2 GB (9%) free of 26 GB Total RAM: 3062 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:17, on 03.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\WLTRAY.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe D:\Program Files\DAEMON Tools Lite\daemon.exe D:\Program Files\Trillian\trillian.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe D:\Program Files\Hotspot Shield\bin\openvpnas.exe D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\svchost.exe D:\Program Files\Spyware Doctor\pctsAuxs.exe D:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe D:\Program Files\Spyware Doctor\pctsTray.exe D:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Windows\system32\svchost.exe D:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wuauclt.exe C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\blaxXxun\AppData\Local\Google\Chrome\Application\chrome.exe D:\Program Files\SUPERAntiSpyware\f8156a32-6b6c-4c1a-9bed-fa9f7323779a.exe D:\Program Files\Microsoft Office\Office12\POWERPNT.EXE C:\Users\blaxXxun\Documents\Downloads\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe D:\Program Files\Trend Micro\HijackThis\blaxXxun.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - D:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\blaxXxun\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Startup: Trillian.lnk = D:\Program Files\Trillian\trillian.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10244 bytes ======Scheduled tasks folder====== C:\Windows\tasks\1-Klick-Wartung.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010233468-2457039331-4255296512-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2010233468-2457039331-4255296512-1000UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - D:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-12 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] Hotspot Shield Class - D:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-07-18 218160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-12-14 159744] "Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2009-01-20 3563520] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-04 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-04 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-04 133656] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552] "Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-02-04 4907008] "SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-03-20 1451304] "Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "ISTray"=D:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "LogitechQuickCamRibbon"=D:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432] "QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560] "Google Update"=C:\Users\blaxXxun\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-05 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] D:\Program Files\Logitech\QuickCam\Quickcam.exe /hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] D:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise] D:\Program Files\Voipwise.com\Voipwise\voipwise.exe -nosplash -minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk] C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk] C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-08-22 6144] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^blaxXxun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] D:\PROGRA~1\MICROS~1\Office12\ONENOTEM.EXE [2008-10-25 98696] C:\Users\blaxXxun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Trillian.lnk - D:\Program Files\Trillian\trillian.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-02-04 200704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83eb7b62-d89e-11dc-9d32-001c23525248}] shell\AutoRun\command - G:\START.EXE readme.HTM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bab720ed-09a3-11de-8351-c8cffa6774c7}] shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d969cf86-6fb0-11dd-b94d-9395323aa5ad}] shell\AutoRun\command - I:\Setup.EXE |
|
03.08.2009, 16:58
| #5 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... Fortsetzung RSIT: Code:
ATTFilter ======File associations====== .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .js - edit - .js - open - .txt - open - ======List of files/folders created in the last 1 months====== 2009-08-03 17:50:51 ----D---- C:\rsit 2009-08-02 17:18:12 ----D---- D:\Program Files\QuickTime 2009-08-02 17:18:12 ----D---- C:\ProgramData\Apple Computer 2009-08-02 17:16:22 ----D---- D:\Program Files\Apple Software Update 2009-08-02 17:16:22 ----D---- C:\ProgramData\Apple 2009-07-29 10:36:46 ----A---- C:\Windows\system32\mshtml.dll 2009-07-29 10:36:45 ----A---- C:\Windows\system32\wininet.dll 2009-07-29 10:36:45 ----A---- C:\Windows\system32\urlmon.dll 2009-07-29 10:36:45 ----A---- C:\Windows\system32\iertutil.dll 2009-07-29 10:36:45 ----A---- C:\Windows\system32\ieframe.dll 2009-07-29 10:36:44 ----A---- C:\Windows\system32\occache.dll 2009-07-29 10:36:44 ----A---- C:\Windows\system32\msfeeds.dll 2009-07-29 10:36:44 ----A---- C:\Windows\system32\iedkcs32.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\msfeedssync.exe 2009-07-29 10:36:43 ----A---- C:\Windows\system32\msfeedsbs.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\jsproxy.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\ieUnatt.exe 2009-07-29 10:36:43 ----A---- C:\Windows\system32\ieui.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\iesysprep.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\iesetup.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\iernonce.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\iepeers.dll 2009-07-29 10:36:43 ----A---- C:\Windows\system32\ie4uinit.exe 2009-07-25 19:36:25 ----D---- D:\Program Files\Trend Micro 2009-07-18 13:43:35 ----D---- C:\Hotspot Shield 2009-07-18 13:43:13 ----D---- D:\Program Files\Hotspot Shield 2009-07-17 21:08:32 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2009-07-17 21:08:18 ----D---- D:\Program Files\SUPERAntiSpyware 2009-07-17 21:08:18 ----D---- C:\Users\blaxXxun\AppData\Roaming\SUPERAntiSpyware.com 2009-07-15 22:48:34 ----D---- D:\Program Files\ICQ6.5 2009-07-15 15:16:18 ----A---- C:\Windows\system32\t2embed.dll 2009-07-15 15:16:18 ----A---- C:\Windows\system32\fontsub.dll 2009-07-15 15:16:18 ----A---- C:\Windows\system32\dciman32.dll 2009-07-15 15:16:18 ----A---- C:\Windows\system32\atmfd.dll 2009-07-10 19:32:10 ----D---- C:\Users\blaxXxun\AppData\Roaming\Malwarebytes 2009-07-10 19:32:01 ----D---- D:\Program Files\Malwarebytes' Anti-Malware 2009-07-10 19:32:01 ----D---- C:\ProgramData\Malwarebytes ======List of files/folders modified in the last 1 months====== 2009-08-03 17:50:41 ----D---- C:\Windows\temp 2009-08-03 14:15:30 ----AD---- C:\ProgramData\TEMP 2009-08-03 14:06:15 ----D---- C:\Windows\System32 2009-08-03 14:06:15 ----D---- C:\Windows\inf 2009-08-03 14:06:15 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-08-03 14:00:21 ----D---- C:\Windows\system32\drivers 2009-08-03 12:37:28 ----D---- C:\Users\blaxXxun\AppData\Roaming\EndNote 2009-08-03 04:10:25 ----D---- D:\Program Files\Spyware Doctor 2009-08-03 02:24:09 ----A---- C:\Windows\ntbtlog.txt 2009-08-02 17:31:54 ----D---- D:\Program Files\Mozilla Firefox 2009-08-02 17:22:38 ----SHD---- C:\Windows\Installer 2009-08-02 17:22:17 ----SHD---- C:\System Volume Information 2009-08-02 17:21:35 ----D---- D:\Program Files\Winamp 2009-08-02 17:21:22 ----D---- C:\Windows\Prefetch 2009-08-02 17:20:56 ----D---- C:\Users\blaxXxun\AppData\Roaming\Winamp 2009-08-02 17:18:12 ----HD---- C:\ProgramData 2009-08-02 17:16:25 ----D---- C:\Windows\system32\Tasks 2009-08-01 10:46:42 ----D---- D:\Program Files\Microsoft Silverlight 2009-08-01 01:29:19 ----D---- C:\Users\blaxXxun\AppData\Roaming\Skype 2009-08-01 00:08:55 ----D---- C:\Users\blaxXxun\AppData\Roaming\skypePM 2009-07-30 02:05:06 ----D---- C:\Windows\system32\migration 2009-07-30 02:05:05 ----D---- D:\Program Files\Internet Explorer 2009-07-30 01:40:57 ----D---- C:\Windows\winsxs 2009-07-30 01:39:47 ----D---- D:\Program Files\Trillian 2009-07-29 17:41:23 ----D---- C:\Windows\Minidump 2009-07-29 17:41:04 ----D---- C:\Windows 2009-07-29 10:36:00 ----D---- C:\Windows\system32\catroot2 2009-07-29 10:36:00 ----D---- C:\Windows\system32\catroot 2009-07-17 21:06:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-07-17 20:47:12 ----D---- C:\Windows\system32\config 2009-07-15 22:49:19 ----D---- D:\Program Files\ICQ6 2009-07-15 19:32:11 ----D---- C:\Program Files\Common Files\LogiShrd 2009-07-15 19:31:57 ----D---- D:\Program Files\Logitech 2009-07-15 19:27:59 ----D---- C:\ProgramData\Microsoft Help 2009-07-07 17:10:56 ----A---- C:\Windows\system32\mrt.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720] R1 SASDIFSV;SASDIFSV; \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968] R1 SASKUTIL;SASKUTIL; \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-03-24 55640] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-04-17 306299] R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2009-01-20 18424] R3 BCM43XX;Treiber für Dell Wireless WLAN Karte; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-06-02 1207288] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328] R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2009-06-01 33840] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-04 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-02-04 2054872] R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2009-04-30 25624] R3 LVRS;Logicool RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2009-04-30 264856] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752] R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-02-14 48472] R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sd.sys [2008-02-14 43480] R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2009-04-30 13336] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2686872] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 106496] R3 SASENUM;SASENUM; \??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-03-20 208688] R3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136] R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S1 OMCI;OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [] S3 aid89bee;aid89bee; C:\Windows\system32\drivers\aid89bee.sys [] S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-12-14 155136] S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2008-02-06 95384] S3 LVUVC;QuickCam for Notebooks Pro(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2008-02-06 4658456] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872] S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-21 31616] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-09 185089] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; D:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 HotspotShieldService;Hotspot Shield Service; D:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256] R2 HssSrv;Hotspot Shield Routing Service; D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 154136] R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2008-02-14 65536] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-12 75064] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-03-12 189784] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] R2 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2009-01-20 24064] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-22 655624] S3 getPlus(R) Helper;getPlus(R) Helper; D:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176] S3 HssTrayService;Hotspot Shield Tray Service; D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-11-28 361728] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504] S4 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2008-02-04 77824] S4 CVPND;Cisco Systems, Inc. VPN Service; D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608] S4 gusvc;Google Updater Service; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 168432] S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] -----------------EOF----------------- |
|
03.08.2009, 17:00
| #6 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...Code:
ATTFilter info.txt logfile of random's system information tool 1.06 2009-08-03 17:51:21
======Uninstall list======
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->D:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aspell 0.6 Dictionary (Language: de)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-de.exe"
Aspell 0.6 Dictionary (Language: en)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-en.exe"
Aspell 0.6 Dictionary (Language: pt_BR)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-pt_BR.exe"
Aspell Data-->"C:\ProgramData\Aspell\Uninstall-AspellData.exe"
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->D:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->D:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Cisco Systems VPN Client 5.0.03.0530-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dienstprogramm für Dell Wireless WLAN Karte-->"D:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="D:\Program Files\Dell\Dell Wireless WLAN Card"
DivX Codec-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->D:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EndNote X2-->MsiExec.exe /I{002B1E90-3241-4D45-8831-E89020F8E7E6}
EPSON Scan-->D:\Program Files\epson\escndv\setup\setup.exe /r
EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\Setup.exe" -l0x7
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotspot Shield 1.17-->D:\Program Files\Hotspot Shield\Uninstall.exe
ICQ6.5-->"D:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.6.2 (Full)-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech QuickCam-Treiberpaket-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Logitech Webcam Software-->MsiExec.exe /I{AC96671C-2001-432C-9826-5266D84EF1DC}
LyX 1.5.6-1-->"D:\Program Files\LyX15\Uninstall-LyX.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MiKTeX 2.7-->"D:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "D:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
Mozilla Firefox (3.5.1)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Trial-->MsiExec.exe /X{8410B358-107A-4FB7-AB2B-6FD952F15A8F}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++-->D:\Program Files\Notepad++\uninstall.exe
O2Micro Flash Memory Card Reader Driver (x86)-->MsiExec.exe /X{372B31CF-77FB-4E29-860C-A0EA2985AB7F}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x9
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Photosynth 2.0.1519.16-->MsiExec.exe /X{366E24C6-9097-4F63-BF42-3F3EF356A960}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{DE08F927-6261-4A43-8D50-FCFDB3EFAC6D}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7 -removeonly
Reference Manager 11.0.1-->MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SPORE™-->"D:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly
Spyware Doctor 6.0-->D:\Program Files\Spyware Doctor\unins000.exe /LOG
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"D:\Program Files\Teamspeak2_RC2\unins000.exe"
TeXnicCenter Version 1 Beta 7.50-->"D:\Program Files\TeXnicCenter\unins000.exe"
Trillian-->D:\Program Files\Trillian\trillian.exe /uninstall
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:D:\Program Files\TweakVI\Uninstall\uninstall.xml"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {40EDB4D3-A95E-413F-9578-F2E01A3D209B}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->D:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Fotogalerie-->MsiExec.exe /X{119B7481-0216-40D2-A5CC-C3E1F461ECC1}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{ED636101-1959-4360-8BF7-209436E7DEE4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile-Gerätecenter: Treiberupdate-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
Windows Mobile-Gerätecenter-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR-->D:\Program Files\WinRAR\uninstall.exe
XnView 1.94.2-->"D:\Program Files\XnView\unins000.exe"
Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
|
|
03.08.2009, 17:07
| #7 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...Code:
ATTFilter ======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
AS: SUPERAntiSpyware
======System event log======
Computer Name: blaxXxun-lt
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 97221
Source Name: Service Control Manager
Time Written: 20090803122006.000000-000
Event Type: Informationen
User:
Computer Name: blaxXxun-lt
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 97222
Source Name: Service Control Manager
Time Written: 20090803133142.000000-000
Event Type: Informationen
User:
Computer Name: blaxXxun-lt
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 97223
Source Name: Service Control Manager
Time Written: 20090803134812.000000-000
Event Type: Informationen
User:
Computer Name: blaxXxun-lt
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 97224
Source Name: Service Control Manager
Time Written: 20090803145457.000000-000
Event Type: Informationen
User:
Computer Name: blaxXxun-lt
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 97225
Source Name: Service Control Manager
Time Written: 20090803151127.000000-000
Event Type: Informationen
User:
=====Application event log=====
Computer Name: blaxXxun-lt
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 20330
Source Name: SecurityCenter
Time Written: 20090803120038.000000-000
Event Type: Informationen
User:
Computer Name: blaxXxun-lt
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 20331
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090803120059.055351-000
Event Type: Informationen
User: blaxXxun-lt\blaxXxun
Computer Name: blaxXxun-lt
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 20332
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090803120108.397351-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: blaxXxun-lt
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 20333
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090803120615.000000-000
Event Type: Informationen
User:
Computer Name: blaxXxun-lt
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden erfolgreich geladen. Die Eintragsdaten im Datenbereich enthalten die neuen Indexwerte, die diesem Dienst zugeordnet sind.
Record Number: 20334
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090803120615.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: blaxXxun-lt
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090803155115.706351-000
Event Type: Überwachung gescheitert
User:
Computer Name: blaxXxun-lt
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090803155115.740351-000
Event Type: Überwachung gescheitert
User:
Computer Name: blaxXxun-lt
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090803155115.775351-000
Event Type: Überwachung gescheitert
User:
Computer Name: blaxXxun-lt
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090803155115.808351-000
Event Type: Überwachung gescheitert
User:
Computer Name: blaxXxun-lt
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 29913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090803155115.843351-000
Event Type: Überwachung gescheitert
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;D:\Program Files\MiKTeX 2.7\miktex\bin;D:\Program Files\QuickTime\QTSystem;D:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
03.08.2009, 17:18
| #8 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... vielleicht reicht das ja an info für den anfang, sagt bescheid wenn ich noch was tun kann. ps: ich hab auch eine ubuntu partition, bringt es was von da aus zu scannen da mir unter vista die scans ja immer abschmieren bzw. nichts finden? |
|
05.08.2009, 09:45
| #9 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... mittlerweile wird es echt unangenehm da sich der laptop teilweise auch einfach so ohne virenscan aufhängt, genauer gesagt der explorer nach ner Zeit nicht mehr reagiert und auch nicht über den Taskmanager neuzustarten ist...(Strg+Alt+Entf tut sich nichts) wäre also sehr dankbar wenn mir vielleicht schonmal jemand sagen könnte was ich noch tun kann um euch bei der arbeit zu helfen.... mfg blaxXxun |
|
06.08.2009, 09:17
| #10 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... hier mal der GMER log... und das sind jetzt alles rootkits?  Code:
ATTFilter GMER 1.0.15.15011 [6vi52lsr.exe] - http://www.gmer.net
Rootkit scan 2009-08-06 09:50:53
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x82F0A282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x82F0A474]
SSDT 8D1C0834 ZwCreateThread
SSDT 8D1C0820 ZwOpenProcess
SSDT 8D1C0825 ZwOpenThread
SSDT 8D1C082F ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x82F0A67C]
INT 0x52 ? 86D90F00
INT 0x72 ? 85578BF8
INT 0x72 ? 85578BF8
INT 0x72 ? 85578BF8
INT 0x72 ? 86D90F00
INT 0x72 ? 86D90F00
INT 0x72 ? 85578BF8
INT 0x82 ? 85578BF8
INT 0x92 ? 85578BF8
INT 0xB2 ? 86D90F00
INT 0xB2 ? 86D90F00
INT 0xB3 ? 86D90F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetTimerEx + 43C 828B8A00 3 Bytes [82, A2, F0]
.text ntkrnlpa.exe!KeSetTimerEx + 440 828B8A04 3 Bytes [74, A4, F0]
.text ntkrnlpa.exe!KeSetTimerEx + 454 828B8A18 4 Bytes [34, 08, 1C, 8D] {XOR AL, 0x8; SBB AL, 0x8d}
.text ntkrnlpa.exe!KeSetTimerEx + 624 828B8BE8 4 Bytes [20, 08, 1C, 8D] {AND [EAX], CL; SBB AL, 0x8d}
.text ntkrnlpa.exe!KeSetTimerEx + 640 828B8C04 4 Bytes [25, 08, 1C, 8D]
.text ...
? System32\Drivers\spzc.sys Das System kann den angegebenen Pfad nicht finden. !
PAGE ataport.SYS!DllUnload 82EAAB2E 5 Bytes JMP 855781D8
.text USBPORT.SYS!DllUnload 8EF4246F 5 Bytes JMP 86D904E0
.text anlmrebd.SYS 8EF72000 22 Bytes [26, 02, BC, 82, 10, 01, BC, ...]
.text anlmrebd.SYS 8EF72017 103 Bytes [00, 32, C7, 79, 80, 3D, C5, ...]
.text anlmrebd.SYS 8EF7207F 41 Bytes [82, A2, DA, 80, 82, EB, DB, ...]
.text anlmrebd.SYS 8EF720A9 35 Bytes [30, 85, 82, A0, 27, 85, 82, ...]
.text anlmrebd.SYS 8EF720CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 98D7703F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 98D77130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 98D77137 2214 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 98D779DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2436 98D77A0E 44 Bytes [05, 00, 00, 39, 54, 8D, D0, ...]
PAGE ...
? C:\Windows\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtClose 77B57F48 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtClose + 4 77B57F4C 2 Bytes [35, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateFile 77B58008 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateFile + 4 77B5800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateKey 77B58048 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateKey + 4 77B5804C 2 Bytes [05, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcess 77B580C8 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcess + 4 77B580CC 2 Bytes [29, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcessEx 77B580D8 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateProcessEx + 4 77B580DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateSection 77B580F8 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateSection + 4 77B580FC 2 Bytes [23, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteKey 77B583F8 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteKey + 4 77B583FC 2 Bytes [0B, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteValueKey 77B58428 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtDeleteValueKey + 4 77B5842C 2 Bytes [11, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtRenameKey 77B58CF8 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtRenameKey + 4 77B58CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetInformationFile 77B58F18 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetInformationFile + 4 77B58F1C 2 Bytes [20, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetValueKey 77B59088 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtSetValueKey + 4 77B5908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtTerminateProcess 77B59128 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtTerminateProcess + 4 77B5912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFile 77B59278 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFile + 4 77B5927C 2 Bytes [1A, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFileGather 77B59288 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteFileGather + 4 77B5928C 2 Bytes [1D, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteVirtualMemory 77B592A8 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtWriteVirtualMemory + 4 77B592AC 2 Bytes [32, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateUserProcess 77B59438 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] ntdll.dll!NtCreateUserProcess + 4 77B5943C 2 Bytes [26, 5F]
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] kernel32.dll!LoadLibraryExW 76D330C3 6 Bytes JMP 5F070F5A
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] USER32.dll!SetWindowsHookExW 77C97B69 6 Bytes JMP 5F3B0F5A
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2576] USER32.dll!SetWindowsHookExA 77CBBB0E 6 Bytes JMP 5F370F5A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806936D2] \SystemRoot\System32\Drivers\spzc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80693040] \SystemRoot\System32\Drivers\spzc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806937FC] \SystemRoot\System32\Drivers\spzc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806930BE] \SystemRoot\System32\Drivers\spzc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069313C] \SystemRoot\System32\Drivers\spzc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3048] \SystemRoot\System32\Drivers\spzc.sys
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\anlmrebd.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A17BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A598C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A1D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A0F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A17599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A0E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A4B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A1D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A1012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A10095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A071F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A9D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A375E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A0DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A0668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A066BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1164] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A11E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
|
|
06.08.2009, 09:19
| #11 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...Code:
ATTFilter ---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85F1A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{AFB5F73C-64CF-475A-84A1-17C3F30B0D47} 879C71F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8557A1F8
Device \Driver\usbuhci \Device\USBPDO-0 86DD51F8
Device \Driver\sptd \Device\2429122321 spzc.sys
Device \Driver\usbuhci \Device\USBPDO-1 86DD51F8
Device \Driver\usbehci \Device\USBPDO-2 86DBD1F8
Device \Driver\usbuhci \Device\USBPDO-3 86DD51F8
Device \Driver\usbuhci \Device\USBPDO-4 86DD51F8
Device \Driver\usbuhci \Device\USBPDO-5 86DD51F8
Device \Driver\usbehci \Device\USBPDO-6 86DBD1F8
Device \Driver\volmgr \Device\HarddiskVolume1 8557A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
Device \Driver\cdrom \Device\CdRom0 85FB41F8
Device \Driver\volmgr \Device\HarddiskVolume2 8557A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F181F8
Device \Driver\atapi \Device\Ide\IdePort0 85F181F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85F181F8
Device \Driver\atapi \Device\Ide\IdePort1 85F181F8
Device \Driver\atapi \Device\Ide\IdePort2 85F181F8
Device \Driver\atapi \Device\Ide\IdePort3 85F181F8
Device \Driver\atapi \Device\Ide\IdePort4 85F181F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85F191F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85F191F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85F191F8
Device \Driver\cdrom \Device\CdRom1 85FB41F8
Device \Driver\volmgr \Device\HarddiskVolume3 8557A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
Device \Driver\volmgr \Device\HarddiskVolume4 8557A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
Device \Driver\cdrom \Device\CdRom2 85FB41F8
Device \Driver\volmgr \Device\HarddiskVolume5 8557A1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
Device \Driver\netbt \Device\NetBt_Wins_Export 879C71F8
Device \Driver\Smb \Device\NetbiosSmb 879411F8
Device \Driver\PCI_PNP8302 \Device\0000005b spzc.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86FA21F8
Device \Driver\usbuhci \Device\USBFDO-0 86DD51F8
Device \Driver\usbuhci \Device\USBFDO-1 86DD51F8
Device \Driver\usbehci \Device\USBFDO-2 86DBD1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{CB88C92F-6B53-4A1C-A3C5-A4CFEFF52079} 879C71F8
Device \Driver\usbuhci \Device\USBFDO-3 86DD51F8
Device \Driver\usbuhci \Device\USBFDO-4 86DD51F8
Device \Driver\usbuhci \Device\USBFDO-5 86DD51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{6AC0CBAA-35DD-4CF0-B0BD-95D54B6B0D54} 879C71F8
Device \Driver\usbehci \Device\USBFDO-6 86DBD1F8
Device \Driver\anlmrebd \Device\Scsi\anlmrebd1Port8Path0Target1Lun0 86F0B1F8
Device \Driver\anlmrebd \Device\Scsi\anlmrebd1 86F0B1F8
Device \Driver\anlmrebd \Device\Scsi\anlmrebd1Port8Path0Target0Lun0 86F0B1F8
Device \FileSystem\cdfs \Cdfs 890A81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
|
|
06.08.2009, 09:23
| #12 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden...Code:
ATTFilter Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6D 0xE9 0x4A 0x0F ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x02 0x0E 0xD4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3C 0xC3 0xE5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x39 0x49 0x3B ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- EOF - GMER 1.0.15 ----
|
|
06.08.2009, 09:38
| #13 |
| | Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... das sagt mbr Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 62 !
|
|
| Themen zu Ist mein System sicher? Laptop stürzt ab, aber kein Virus zu finden... |
| abgesicherten modus, antivir, antivir guard, aufrufe, avira, bho, bluescree, bonjour, browser, computer, das bild, desktop, festplatte, google, google update, hijack, hijackthis, hotspot, hotspot shield, keine viren, langsam, plug-in, programm, programmabsturz, security, sehr langsam, senden, software, spyware, system, taskmanager, tuneup.defrag, viren, virus, vista, windows |
Linear-Darstellung
