| |
| |||||||
Log-Analyse und Auswertung: antimalware bytes startet nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.03.2012, 17:13
| #16 |
 |  antimalware bytes startet nicht mehr Doch - es gehen andere Programme - aber so ziemlich alles, was sich um Viren und deren Beseitigung dreht, geht nicht..... z.B. Antimalwarebyte - wenn ich Versuche die Datenbank upzudaten oder sage "Testphase jetzt starten" macht zu - das Cameleon-Tool hilft nicht weiter.... Wenn ich versuche mit Gmer, Combofix & Co. zu suchen, hängt sich der Rechner auf oder es kommt gleich ein Blue Screen "Bad_Pool_Header"..... Auf dieser neuen Ebene (mit der Bootdisk) habe ich jedoch noch nichts versucht - das kannte ich bis dato gar nicht und mir gibt das Hoffnung. Eigentlich dürfte sich dort der Rootkid oder was auch immer ich mir da eingefangenen habe, ja noch nicht ausgebreitet haben....so zumindest meine Hoffnung...... |
|
13.03.2012, 19:50
| #17 |
| | antimalware bytes startet nicht mehr hallo - noch jemand da? ........**kleinlaut aus der ecke winkend**
__________________was soll ich denn als nächstes machen?.....am besten gleich ne grössere todo-liste, die ich dann abarbeiten kann :-) |
|
13.03.2012, 23:18
| #18 |
| /// Malwareteam   | antimalware bytes startet nicht mehr In den abgesichrten Modus kannst Du und Malwarebytes laufen lassen? Wenns nicht anders geht dann ohne updaten.
__________________ |
|
14.03.2012, 00:19
| #19 |
| | antimalware bytes startet nicht mehr hi, wenn es so einfach wäre, wäre ich nicht hier........geht leider nicht - beim versuch das prog zu starten, macht es wieder zu. |
|
15.03.2012, 00:07
| #20 |
| /// Malwareteam | antimalware bytes startet nicht mehr Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
|
|
15.03.2012, 12:18
| #21 |
| | antimalware bytes startet nicht mehr Hi, wenn ich in der Reparaturconsole starte stehen mir nur die Dos-Programme zur Verfügung, die unter "HELP" aufgelistet werden - da ist notepad nicht dabei. Ein dir n*.* zeigt mir jedoch die notapad.exe im Verzeichnis an. Den USB-Stick habe ich auch gefunden - das Programm lässt jedoch (wie auch notepad) nicht starten, weil es nicht zugelassen ist.... ...habe dann unter "abgesicherter Modus, Eingabeaufforderung" gebootet - da kann ich das Prog dann starten.... ....init settings on itself... Fehlermeldung: Windows - Kein Datenträger Exception Processing Message c0000013 Parameters 75cb0bf7c 4 75b0bbf7c 75b0bf7c den klicke ich 3x weg - das Prog läuft weiter und sagt, dass es sich jetzt beendet und ich es erneut starten muss.....dann wieder der self-init mit dem Counter, schliessen (ohne o.g. Fehlermeldung)....das kann ich dann beliebig oft wiederholen.... Ich glaube, da läuft bereits irgendwas, das das scan-Tool manipuliert - daher springt antimalware auch nicht an...... ....ist es u.U. mal nen Versuch wert, in der Dos-Umgebung zu starten - ohne Windows-Treiber.....da müsste das scan-Tool ja unmanipuliert starten? Habe aber kein Diskettenlaufwerk und auch keine Dos-Boot-Disk mehr. update: habe mit "pure" von Kaspersky nen vollen scan laufen lassen, mit TDSSKiller habe ich 7 Prozesse beendet, mit CCleaner die Registy dann von diesen Prozessen bereinigt und......*leichte Vorfreude* ich kann im Vollbetrieb antimalware starten, Datenbank updaten und derzeit läuft der full-scan......bin sehr gespannt, ob der durchläuft Geändert von nadann (15.03.2012 um 12:43 Uhr) |
|
15.03.2012, 12:46
| #22 |
| /// Malwareteam | antimalware bytes startet nicht mehr Dann lief also Pure und TDSSKiller? Poste das Log von TDSSKiller. |
|
15.03.2012, 13:44
| #23 |
| | antimalware bytes startet nicht mehr ....und antimalwarebyte gab mir nen blue screen - mbamswissarmy.sys - Page_Fault_in_Nonpaged_Area ...habe mit mbam_clean deinstalliert, wieder CCleaner für registry und will dann später mal neu installieren...... TDSSKiller-log: : Code:
ATTFilter 13:28:14.0828 3308 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
13:28:14.0921 3308 ============================================================
13:28:14.0921 3308 Current date / time: 2012/03/15 13:28:14.0921
13:28:14.0921 3308 SystemInfo:
13:28:14.0921 3308
13:28:14.0921 3308 OS Version: 5.1.2600 ServicePack: 3.0
13:28:14.0921 3308 Product type: Workstation
13:28:14.0921 3308 ComputerName: MARCUSPC11
13:28:14.0921 3308 UserName: Administrator
13:28:14.0921 3308 Windows directory: F:\WINDOWS
13:28:14.0921 3308 System windows directory: F:\WINDOWS
13:28:14.0921 3308 Processor architecture: Intel x86
13:28:14.0921 3308 Number of processors: 2
13:28:14.0921 3308 Page size: 0x1000
13:28:14.0921 3308 Boot type: Normal boot
13:28:14.0921 3308 ============================================================
13:28:16.0281 3308 Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:28:16.0281 3308 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:28:16.0296 3308 Drive \Device\Harddisk4\DR8 - Size: 0x3D700000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:28:16.0296 3308 \Device\Harddisk1\DR1:
13:28:16.0296 3308 MBR used
13:28:16.0296 3308 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:28:16.0296 3308 \Device\Harddisk0\DR0:
13:28:16.0296 3308 MBR used
13:28:16.0296 3308 \Device\Harddisk4\DR8:
13:28:16.0296 3308 MBR used
13:28:16.0296 3308 \Device\Harddisk4\DR8\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EB7E0
13:28:16.0359 3308 Initialize success
13:28:16.0359 3308 ============================================================
13:28:28.0078 3144 ============================================================
13:28:28.0078 3144 Scan started
13:28:28.0078 3144 Mode: Manual; SigCheck; TDLFS;
13:28:28.0078 3144 ============================================================
13:28:28.0531 3144 Abiosdsk - ok
13:28:28.0546 3144 abp480n5 - ok
13:28:28.0625 3144 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) F:\WINDOWS\system32\DRIVERS\ACPI.sys
13:28:29.0937 3144 ACPI - ok
13:28:30.0000 3144 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) F:\WINDOWS\system32\drivers\ACPIEC.sys
13:28:30.0078 3144 ACPIEC - ok
13:28:30.0078 3144 adpu160m - ok
13:28:30.0109 3144 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
13:28:30.0187 3144 aec - ok
13:28:30.0218 3144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) F:\WINDOWS\System32\drivers\afd.sys
13:28:30.0281 3144 AFD - ok
13:28:30.0296 3144 Aha154x - ok
13:28:30.0296 3144 aic78u2 - ok
13:28:30.0312 3144 aic78xx - ok
13:28:30.0312 3144 AliIde - ok
13:28:30.0328 3144 amsint - ok
13:28:30.0343 3144 asc - ok
13:28:30.0343 3144 asc3350p - ok
13:28:30.0359 3144 asc3550 - ok
13:28:30.0390 3144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:28:30.0437 3144 AsyncMac - ok
13:28:30.0453 3144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
13:28:30.0515 3144 atapi - ok
13:28:30.0531 3144 Atdisk - ok
13:28:30.0578 3144 atksgt (f0d933b42cd0594048e4d5200ae9e417) F:\WINDOWS\system32\DRIVERS\atksgt.sys
13:28:30.0625 3144 atksgt - ok
13:28:30.0656 3144 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:28:30.0734 3144 Atmarpc - ok
13:28:30.0750 3144 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
13:28:30.0812 3144 audstub - ok
13:28:30.0859 3144 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
13:28:30.0937 3144 Beep - ok
13:28:31.0000 3144 BIOS (be5d50529799b9bab6be879ec768b6cf) F:\WINDOWS\system32\drivers\BIOS.sys
13:28:31.0031 3144 BIOS ( UnsignedFile.Multi.Generic ) - warning
13:28:31.0031 3144 BIOS - detected UnsignedFile.Multi.Generic (1)
13:28:31.0078 3144 bizVSerial (66f655b08eed3230e059d197c8a1969b) F:\WINDOWS\system32\drivers\bizVSerialNT.sys
13:28:31.0093 3144 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
13:28:31.0093 3144 bizVSerial - detected UnsignedFile.Multi.Generic (1)
13:28:31.0203 3144 catchme - ok
13:28:31.0234 3144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
13:28:31.0296 3144 cbidf2k - ok
13:28:31.0312 3144 cd20xrnt - ok
13:28:31.0343 3144 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
13:28:31.0406 3144 Cdaudio - ok
13:28:31.0453 3144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
13:28:31.0500 3144 Cdfs - ok
13:28:31.0546 3144 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) F:\WINDOWS\system32\drivers\cdrbsdrv.sys
13:28:31.0562 3144 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
13:28:31.0562 3144 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
13:28:31.0593 3144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
13:28:31.0656 3144 Cdrom - ok
13:28:31.0734 3144 Changer - ok
13:28:31.0781 3144 cjusb (b0dfc4adb1ff150ac466f3dad323196a) F:\WINDOWS\system32\DRIVERS\cjusb.sys
13:28:31.0781 3144 cjusb - ok
13:28:31.0796 3144 CmdIde - ok
13:28:31.0812 3144 Cpqarray - ok
13:28:31.0984 3144 cpuz134 (75fa19142531cbf490770c2988a7db64) F:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys
13:28:32.0000 3144 cpuz134 - ok
13:28:32.0046 3144 CSCrySec (5cbf20674be8364febb6a13451a42f0a) F:\WINDOWS\system32\DRIVERS\CSCrySec.sys
13:28:32.0078 3144 CSCrySec - ok
13:28:32.0093 3144 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) F:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
13:28:32.0093 3144 CSVirtualDiskDrv - ok
13:28:32.0109 3144 dac2w2k - ok
13:28:32.0125 3144 dac960nt - ok
13:28:32.0156 3144 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
13:28:32.0218 3144 Disk - ok
13:28:32.0250 3144 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) F:\WINDOWS\system32\drivers\dmboot.sys
13:28:32.0343 3144 dmboot - ok
13:28:32.0359 3144 dmio (53720ab12b48719d00e327da470a619a) F:\WINDOWS\system32\drivers\dmio.sys
13:28:32.0421 3144 dmio - ok
13:28:32.0453 3144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
13:28:32.0515 3144 dmload - ok
13:28:32.0531 3144 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
13:28:32.0593 3144 DMusic - ok
13:28:32.0609 3144 dpti2o - ok
13:28:32.0656 3144 drhard (0071f8825d14b16955cd0a0699ab7a6c) F:\WINDOWS\system32\DRIVERS\DRHARD.SYS
13:28:32.0750 3144 drhard ( UnsignedFile.Multi.Generic ) - warning
13:28:32.0750 3144 drhard - detected UnsignedFile.Multi.Generic (1)
13:28:32.0781 3144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
13:28:32.0828 3144 drmkaud - ok
13:28:32.0875 3144 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
13:28:32.0937 3144 Fastfat - ok
13:28:32.0968 3144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
13:28:33.0015 3144 Fdc - ok
13:28:33.0031 3144 Fips (b0678a548587c5f1967b0d70bacad6c1) F:\WINDOWS\system32\drivers\Fips.sys
13:28:33.0093 3144 Fips - ok
13:28:33.0109 3144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:28:33.0171 3144 Flpydisk - ok
13:28:33.0203 3144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:28:33.0250 3144 FltMgr - ok
13:28:33.0281 3144 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) F:\WINDOWS\system32\FsUsbExDisk.SYS
13:28:33.0296 3144 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:28:33.0296 3144 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:28:33.0312 3144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
13:28:33.0375 3144 Fs_Rec - ok
13:28:33.0406 3144 Ftdisk (8f1955ce42e1484714b542f341647778) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:28:33.0453 3144 Ftdisk - ok
13:28:33.0468 3144 gdrv (b6bfec7542730e9a376bf2408423d493) F:\WINDOWS\gdrv.sys
13:28:33.0484 3144 gdrv - ok
13:28:33.0515 3144 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) F:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:28:33.0531 3144 GEARAspiWDM - ok
13:28:33.0625 3144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
13:28:33.0703 3144 Gpc - ok
13:28:33.0750 3144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) F:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:28:33.0828 3144 HDAudBus - ok
13:28:33.0843 3144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
13:28:33.0906 3144 hidusb - ok
13:28:33.0921 3144 hpn - ok
13:28:33.0968 3144 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
13:28:34.0015 3144 HTTP - ok
13:28:34.0015 3144 i2omgmt - ok
13:28:34.0031 3144 i2omp - ok
13:28:34.0046 3144 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:28:34.0093 3144 i8042prt - ok
13:28:34.0125 3144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
13:28:34.0187 3144 Imapi - ok
13:28:34.0203 3144 ini910u - ok
13:28:34.0265 3144 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) F:\WINDOWS\system32\drivers\RtkHDAud.sys
13:28:34.0437 3144 IntcAzAudAddService - ok
13:28:34.0437 3144 IntelIde - ok
13:28:34.0453 3144 intelppm (4c7d2750158ed6e7ad642d97bffae351) F:\WINDOWS\system32\DRIVERS\intelppm.sys
13:28:34.0515 3144 intelppm - ok
13:28:34.0546 3144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:28:34.0609 3144 Ip6Fw - ok
13:28:34.0640 3144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:28:34.0687 3144 IpFilterDriver - ok
13:28:34.0718 3144 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
13:28:34.0781 3144 IpInIp - ok
13:28:34.0796 3144 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
13:28:34.0859 3144 IpNat - ok
13:28:34.0875 3144 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
13:28:34.0921 3144 IPSec - ok
13:28:35.0062 3144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
13:28:35.0125 3144 IRENUM - ok
13:28:35.0140 3144 isapnp (6dfb88f64135c525433e87648bda30de) F:\WINDOWS\system32\DRIVERS\isapnp.sys
13:28:35.0187 3144 isapnp - ok
13:28:35.0203 3144 Kbdclass (1704d8c4c8807b889e43c649b478a452) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:28:35.0281 3144 Kbdclass - ok
13:28:35.0312 3144 kbdhid (b6d6c117d771c98130497265f26d1882) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:28:35.0375 3144 kbdhid - ok
13:28:35.0421 3144 kl1 (ce3958f58547454884e97bda78cd7040) F:\WINDOWS\system32\drivers\kl1.sys
13:28:35.0421 3144 kl1 - ok
13:28:35.0468 3144 KLBG (53eedab3f0511321ac3ae8bc968b158c) F:\WINDOWS\system32\DRIVERS\klbg.sys
13:28:35.0484 3144 KLBG - ok
13:28:35.0531 3144 KLIF (cf9f89b7b5e08beb60e52dd7ff3a69e5) F:\WINDOWS\system32\DRIVERS\klif.sys
13:28:35.0796 3144 KLIF - ok
13:28:35.0828 3144 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) F:\WINDOWS\system32\DRIVERS\klim5.sys
13:28:35.0843 3144 klim5 - ok
13:28:35.0890 3144 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) F:\WINDOWS\system32\DRIVERS\klmouflt.sys
13:28:35.0906 3144 klmouflt - ok
13:28:35.0921 3144 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
13:28:35.0984 3144 kmixer - ok
13:28:36.0031 3144 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
13:28:36.0109 3144 KSecDD - ok
13:28:36.0125 3144 Lavasoft Kernexplorer - ok
13:28:36.0140 3144 lbrtfdc - ok
13:28:36.0187 3144 LGBusEnum (4d29522a2c0ac9847fb2e628ba067583) F:\WINDOWS\system32\drivers\LGBusEnum.sys
13:28:36.0187 3144 LGBusEnum - ok
13:28:36.0203 3144 lirsgt - ok
13:28:36.0250 3144 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) F:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:28:36.0281 3144 MBAMSwissArmy - ok
13:28:36.0328 3144 MEMSWEEP2 - ok
13:28:36.0359 3144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
13:28:36.0421 3144 mnmdd - ok
13:28:36.0468 3144 Modem (6fb74ebd4ec57a6f1781de3852cc3362) F:\WINDOWS\system32\drivers\Modem.sys
13:28:36.0531 3144 Modem - ok
13:28:36.0531 3144 Mouclass (b24ce8005deab254c0251e15cb71d802) F:\WINDOWS\system32\DRIVERS\mouclass.sys
13:28:36.0593 3144 Mouclass - ok
13:28:36.0656 3144 mouhid (66a6f73c74e1791464160a7065ce711a) F:\WINDOWS\system32\DRIVERS\mouhid.sys
13:28:36.0765 3144 mouhid - ok
13:28:36.0781 3144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
13:28:36.0843 3144 MountMgr - ok
13:28:36.0843 3144 mraid35x - ok
13:28:36.0890 3144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:28:36.0968 3144 MRxDAV - ok
13:28:37.0000 3144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:28:37.0078 3144 MRxSmb - ok
13:28:37.0093 3144 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
13:28:37.0156 3144 Msfs - ok
13:28:37.0187 3144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
13:28:37.0234 3144 MSKSSRV - ok
13:28:37.0250 3144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:28:37.0312 3144 MSPCLOCK - ok
13:28:37.0328 3144 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
13:28:37.0390 3144 MSPQM - ok
13:28:37.0421 3144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:28:37.0484 3144 mssmbios - ok
13:28:37.0515 3144 Mup (de6a75f5c270e756c5508d94b6cf68f5) F:\WINDOWS\system32\drivers\Mup.sys
13:28:37.0578 3144 Mup - ok
13:28:37.0609 3144 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
13:28:37.0687 3144 NDIS - ok
13:28:37.0734 3144 NdisTapi (0109c4f3850dfbab279542515386ae22) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:28:37.0765 3144 NdisTapi - ok
13:28:37.0796 3144 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:28:37.0843 3144 Ndisuio - ok
13:28:37.0859 3144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:28:37.0937 3144 NdisWan - ok
13:28:37.0953 3144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
13:28:38.0000 3144 NDProxy - ok
13:28:38.0000 3144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
13:28:38.0062 3144 NetBIOS - ok
13:28:38.0093 3144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
13:28:38.0156 3144 NetBT - ok
13:28:38.0265 3144 NPF (b9730495e0cf674680121e34bd95a73b) F:\WINDOWS\system32\drivers\npf.sys
13:28:38.0265 3144 NPF - ok
13:28:38.0281 3144 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
13:28:38.0343 3144 Npfs - ok
13:28:38.0359 3144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
13:28:38.0421 3144 Ntfs - ok
13:28:38.0453 3144 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
13:28:38.0500 3144 Null - ok
13:28:38.0718 3144 nv (ed9816dbaf6689542ea7d022631906a1) F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:28:39.0093 3144 nv - ok
13:28:39.0109 3144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:28:39.0171 3144 NwlnkFlt - ok
13:28:39.0187 3144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:28:39.0234 3144 NwlnkFwd - ok
13:28:39.0250 3144 Parport (f84785660305b9b903fb3bca8ba29837) F:\WINDOWS\system32\DRIVERS\parport.sys
13:28:39.0312 3144 Parport - ok
13:28:39.0328 3144 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
13:28:39.0375 3144 PartMgr - ok
13:28:39.0421 3144 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) F:\WINDOWS\system32\drivers\ParVdm.sys
13:28:39.0468 3144 ParVdm - ok
13:28:39.0500 3144 PCI (387e8dedc343aa2d1efbc30580273acd) F:\WINDOWS\system32\DRIVERS\pci.sys
13:28:39.0546 3144 PCI - ok
13:28:39.0562 3144 PCIDump - ok
13:28:39.0578 3144 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) F:\WINDOWS\system32\DRIVERS\pciide.sys
13:28:39.0625 3144 PCIIde - ok
13:28:39.0656 3144 Pcmcia (a2a966b77d61847d61a3051df87c8c97) F:\WINDOWS\system32\drivers\Pcmcia.sys
13:28:39.0765 3144 Pcmcia - ok
13:28:39.0812 3144 pcouffin (5b6c11de7e839c05248ced8825470fef) F:\WINDOWS\system32\Drivers\pcouffin.sys
13:28:39.0812 3144 pcouffin ( UnsignedFile.Multi.Generic ) - warning
13:28:39.0812 3144 pcouffin - detected UnsignedFile.Multi.Generic (1)
13:28:39.0843 3144 PDCOMP - ok
13:28:39.0859 3144 PDFRAME - ok
13:28:39.0875 3144 PDRELI - ok
13:28:39.0890 3144 PDRFRAME - ok
13:28:39.0906 3144 perc2 - ok
13:28:39.0937 3144 perc2hib - ok
13:28:39.0953 3144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
13:28:40.0015 3144 PptpMiniport - ok
13:28:40.0046 3144 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
13:28:40.0109 3144 PSched - ok
13:28:40.0125 3144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
13:28:40.0187 3144 Ptilink - ok
13:28:40.0203 3144 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) F:\WINDOWS\system32\Drivers\PxHelp20.sys
13:28:40.0218 3144 PxHelp20 - ok
13:28:40.0218 3144 ql1080 - ok
13:28:40.0234 3144 Ql10wnt - ok
13:28:40.0250 3144 ql12160 - ok
13:28:40.0250 3144 ql1240 - ok
13:28:40.0265 3144 ql1280 - ok
13:28:40.0265 3144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
13:28:40.0328 3144 RasAcd - ok
13:28:40.0359 3144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:28:40.0406 3144 Rasl2tp - ok
13:28:40.0421 3144 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:28:40.0484 3144 RasPppoe - ok
13:28:40.0500 3144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
13:28:40.0546 3144 Raspti - ok
13:28:40.0578 3144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
13:28:40.0640 3144 Rdbss - ok
13:28:40.0640 3144 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:28:40.0703 3144 RDPCDD - ok
13:28:40.0718 3144 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:28:40.0781 3144 rdpdr - ok
13:28:40.0828 3144 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) F:\WINDOWS\system32\drivers\RDPWD.sys
13:28:40.0875 3144 RDPWD - ok
13:28:40.0906 3144 redbook (ed761d453856f795a7fe056e42c36365) F:\WINDOWS\system32\DRIVERS\redbook.sys
13:28:40.0968 3144 redbook - ok
13:28:41.0000 3144 RTLE8023xp (89619ef503f949fae09252a8b883ee11) F:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:28:41.0031 3144 RTLE8023xp - ok
13:28:41.0062 3144 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
13:28:41.0093 3144 Secdrv - ok
13:28:41.0109 3144 serenum (0f29512ccd6bead730039fb4bd2c85ce) F:\WINDOWS\system32\DRIVERS\serenum.sys
13:28:41.0156 3144 serenum - ok
13:28:41.0171 3144 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) F:\WINDOWS\system32\DRIVERS\serial.sys
13:28:41.0234 3144 Serial - ok
13:28:41.0265 3144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
13:28:41.0328 3144 Sfloppy - ok
13:28:41.0328 3144 Simbad - ok
13:28:41.0343 3144 Sparrow - ok
13:28:41.0375 3144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
13:28:41.0484 3144 splitter - ok
13:28:41.0500 3144 Sr (50fa898f8c032796d3b1b9951bb5a90f) F:\WINDOWS\system32\DRIVERS\sr.sys
13:28:41.0531 3144 Sr - ok
13:28:41.0625 3144 Srv (47ddfc2f003f7f9f0592c6874962a2e7) F:\WINDOWS\system32\DRIVERS\srv.sys
13:28:41.0687 3144 Srv - ok
13:28:41.0750 3144 ssmdrv (a36ee93698802cd899f98bfd553d8185) F:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:28:41.0750 3144 ssmdrv - ok
13:28:41.0828 3144 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) F:\WINDOWS\system32\DRIVERS\ss_bus.sys
13:28:41.0843 3144 ss_bus - ok
13:28:41.0890 3144 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) F:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
13:28:41.0906 3144 ss_mdfl - ok
13:28:41.0953 3144 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) F:\WINDOWS\system32\DRIVERS\ss_mdm.sys
13:28:41.0953 3144 ss_mdm - ok
13:28:41.0968 3144 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
13:28:42.0031 3144 swenum - ok
13:28:42.0062 3144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
13:28:42.0109 3144 swmidi - ok
13:28:42.0125 3144 symc810 - ok
13:28:42.0140 3144 symc8xx - ok
13:28:42.0140 3144 sym_hi - ok
13:28:42.0156 3144 sym_u3 - ok
13:28:42.0171 3144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
13:28:42.0406 3144 sysaudio - ok
13:28:42.0421 3144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
13:28:42.0531 3144 Tcpip - ok
13:28:42.0625 3144 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
13:28:42.0687 3144 TDPIPE - ok
13:28:42.0718 3144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
13:28:42.0781 3144 TDTCP - ok
13:28:42.0781 3144 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
13:28:42.0843 3144 TermDD - ok
13:28:42.0859 3144 TosIde - ok
13:28:42.0968 3144 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) F:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
13:28:42.0968 3144 TuneUpUtilitiesDrv - ok
13:28:43.0000 3144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
13:28:43.0078 3144 Udfs - ok
13:28:43.0078 3144 ultra - ok
13:28:43.0125 3144 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
13:28:43.0203 3144 Update - ok
13:28:43.0218 3144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:28:43.0281 3144 usbccgp - ok
13:28:43.0296 3144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
13:28:43.0359 3144 usbehci - ok
13:28:43.0359 3144 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
13:28:43.0421 3144 usbhub - ok
13:28:43.0468 3144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
13:28:43.0531 3144 usbscan - ok
13:28:43.0562 3144 usbstor (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:28:43.0656 3144 usbstor - ok
13:28:43.0687 3144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) F:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:28:43.0750 3144 usbuhci - ok
13:28:43.0781 3144 uze4mtyw (d565ad44c6c4d934afad3ca4196b09aa) F:\WINDOWS\system32\Drivers\uze4mtyw.sys
13:28:43.0781 3144 uze4mtyw ( UnsignedFile.Multi.Generic ) - warning
13:28:43.0781 3144 uze4mtyw - detected UnsignedFile.Multi.Generic (1)
13:28:43.0781 3144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
13:28:43.0843 3144 VgaSave - ok
13:28:43.0859 3144 ViaIde - ok
13:28:43.0859 3144 VolSnap (a5a712f4e880874a477af790b5186e1d) F:\WINDOWS\system32\drivers\VolSnap.sys
13:28:43.0921 3144 VolSnap - ok
13:28:43.0953 3144 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
13:28:44.0015 3144 Wanarp - ok
13:28:44.0015 3144 WDICA - ok
13:28:44.0046 3144 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
13:28:44.0093 3144 wdmaud - ok
13:28:44.0125 3144 WpdUsb (cf4def1bf66f06964dc0d91844239104) F:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:28:44.0171 3144 WpdUsb - ok
13:28:44.0203 3144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) F:\WINDOWS\System32\drivers\ws2ifsl.sys
13:28:44.0265 3144 WS2IFSL - ok
13:28:44.0343 3144 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:28:44.0359 3144 WudfPf - ok
13:28:44.0390 3144 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:28:44.0406 3144 WudfRd - ok
13:28:44.0421 3144 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:28:44.0703 3144 \Device\Harddisk1\DR1 - ok
13:28:44.0703 3144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:28:45.0250 3144 \Device\Harddisk0\DR0 - ok
13:28:45.0265 3144 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk4\DR8
13:29:03.0000 3144 \Device\Harddisk4\DR8 - ok
13:29:03.0000 3144 Boot (0x1200) (45dbab1750a35fe7655973bdf31ceac3) \Device\Harddisk1\DR1\Partition0
13:29:03.0000 3144 \Device\Harddisk1\DR1\Partition0 - ok
13:29:03.0015 3144 Boot (0x1200) (f7488a96df70173c7b56784084ee3720) \Device\Harddisk4\DR8\Partition0
13:29:03.0015 3144 \Device\Harddisk4\DR8\Partition0 - ok
13:29:03.0015 3144 ============================================================
13:29:03.0015 3144 Scan finished
13:29:03.0015 3144 ============================================================
13:29:03.0125 1216 Detected object count: 7
13:29:03.0125 1216 Actual detected object count: 7
13:29:40.0234 1216 F:\WINDOWS\system32\drivers\BIOS.sys - copied to quarantine
13:29:40.0250 1216 HKLM\SYSTEM\ControlSet001\services\BIOS - will be deleted on reboot
13:29:40.0281 1216 HKLM\SYSTEM\ControlSet003\services\BIOS - will be deleted on reboot
13:29:40.0281 1216 HKLM\SYSTEM\ControlSet004\services\BIOS - will be deleted on reboot
13:29:40.0281 1216 F:\WINDOWS\system32\drivers\BIOS.sys - will be deleted on reboot
13:29:40.0281 1216 BIOS ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0390 1216 F:\WINDOWS\system32\drivers\bizVSerialNT.sys - copied to quarantine
13:29:40.0406 1216 HKLM\SYSTEM\ControlSet001\services\bizVSerial - will be deleted on reboot
13:29:40.0406 1216 HKLM\SYSTEM\ControlSet003\services\bizVSerial - will be deleted on reboot
13:29:40.0406 1216 HKLM\SYSTEM\ControlSet004\services\bizVSerial - will be deleted on reboot
13:29:40.0406 1216 F:\WINDOWS\system32\drivers\bizVSerialNT.sys - will be deleted on reboot
13:29:40.0406 1216 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0437 1216 F:\WINDOWS\system32\drivers\cdrbsdrv.sys - copied to quarantine
13:29:40.0453 1216 HKLM\SYSTEM\ControlSet001\services\cdrbsdrv - will be deleted on reboot
13:29:40.0453 1216 HKLM\SYSTEM\ControlSet003\services\cdrbsdrv - will be deleted on reboot
13:29:40.0453 1216 HKLM\SYSTEM\ControlSet004\services\cdrbsdrv - will be deleted on reboot
13:29:40.0453 1216 F:\WINDOWS\system32\drivers\cdrbsdrv.sys - will be deleted on reboot
13:29:40.0453 1216 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0531 1216 F:\WINDOWS\system32\DRIVERS\DRHARD.SYS - copied to quarantine
13:29:40.0546 1216 HKLM\SYSTEM\ControlSet001\services\drhard - will be deleted on reboot
13:29:40.0546 1216 HKLM\SYSTEM\ControlSet003\services\drhard - will be deleted on reboot
13:29:40.0546 1216 HKLM\SYSTEM\ControlSet004\services\drhard - will be deleted on reboot
13:29:40.0546 1216 F:\WINDOWS\system32\DRIVERS\DRHARD.SYS - will be deleted on reboot
13:29:40.0546 1216 drhard ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0578 1216 F:\WINDOWS\system32\FsUsbExDisk.SYS - copied to quarantine
13:29:40.0593 1216 HKLM\SYSTEM\ControlSet001\services\FsUsbExDisk - will be deleted on reboot
13:29:40.0593 1216 HKLM\SYSTEM\ControlSet003\services\FsUsbExDisk - will be deleted on reboot
13:29:40.0593 1216 HKLM\SYSTEM\ControlSet004\services\FsUsbExDisk - will be deleted on reboot
13:29:40.0593 1216 F:\WINDOWS\system32\FsUsbExDisk.SYS - will be deleted on reboot
13:29:40.0593 1216 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0687 1216 F:\WINDOWS\system32\Drivers\pcouffin.sys - copied to quarantine
13:29:40.0703 1216 HKLM\SYSTEM\ControlSet001\services\pcouffin - will be deleted on reboot
13:29:40.0703 1216 HKLM\SYSTEM\ControlSet003\services\pcouffin - will be deleted on reboot
13:29:40.0703 1216 HKLM\SYSTEM\ControlSet004\services\pcouffin - will be deleted on reboot
13:29:40.0703 1216 F:\WINDOWS\system32\Drivers\pcouffin.sys - will be deleted on reboot
13:29:40.0703 1216 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:40.0718 1216 F:\WINDOWS\system32\Drivers\uze4mtyw.sys - copied to quarantine
13:29:40.0734 1216 HKLM\SYSTEM\ControlSet001\services\uze4mtyw - will be deleted on reboot
13:29:40.0734 1216 HKLM\SYSTEM\ControlSet004\services\uze4mtyw - will be deleted on reboot
13:29:40.0734 1216 F:\WINDOWS\system32\Drivers\uze4mtyw.sys - will be deleted on reboot
13:29:40.0734 1216 uze4mtyw ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:29:49.0921 2300 Deinitialize success
:
:Combofix Logfile: Code:
ATTFilter ComboFix 12-03-10.02 - Administrator 15.03.2012 14:31:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3582.2971 [GMT 1:00]
ausgeführt von:: f:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\facemoods.com
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\inst.exe
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Local
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
f:\dokumente und einstellungen\Administrator\Anwendungsdaten\vso_ts_preview.xml
f:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
f:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
f:\windows\system32\dllcache\cygwin1.dll
f:\windows\system32\dllcache\libeay32.dll
f:\windows\system32\dllcache\ssleay32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-15 bis 2012-03-15 ))))))))))))))))))))))))))))))
.
.
2012-03-14 20:23 . 2010-10-01 21:05 162392 ----a-w- f:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2012-03-14 20:23 . 2012-03-14 20:39 97961 ----a-w- f:\windows\system32\drivers\klick.dat
2012-03-14 20:23 . 2012-03-14 20:39 115369 ----a-w- f:\windows\system32\drivers\klin.dat
2012-03-14 20:23 . 2009-12-14 11:44 39352 ----a-w- f:\windows\system32\drivers\CSVirtualDiskDrv.sys
2012-03-14 20:23 . 2009-12-14 11:44 88632 ----a-w- f:\windows\system32\drivers\CSCrySec.sys
2012-03-14 20:22 . 2012-03-14 20:22 -------- d-----w- f:\programme\Gemeinsame Dateien\InfoWatch
2012-03-14 20:22 . 2012-03-15 13:26 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2012-03-14 20:22 . 2012-03-14 20:22 -------- d-----w- f:\programme\Kaspersky Lab
2012-03-14 20:16 . 2012-03-14 20:16 -------- d-----w- f:\windows\SxsCaPendDel
2012-03-14 19:56 . 2012-03-14 19:56 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2012-03-13 19:19 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\iacenc.dll
2012-03-13 19:19 . 2012-01-11 19:06 3072 ------w- f:\windows\system32\dllcache\iacenc.dll
2012-03-11 09:39 . 2012-03-11 09:39 -------- d-----w- f:\programme\LSoft Technologies
2012-03-10 18:36 . 2009-08-06 18:24 53472 ----a-w- f:\windows\system32\wuauclt.exe
2012-03-08 18:16 . 2012-03-08 18:16 -------- d-----w- f:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Trend Micro
2012-03-08 18:15 . 2012-03-08 18:17 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Trend Micro
2012-03-06 09:40 . 2012-03-15 12:29 -------- d-----w- F:\TDSSKiller_Quarantine
2012-03-05 22:52 . 2011-07-22 06:50 359856 ----a-w- f:\windows\system32\zkasigct.dll
2012-03-05 22:52 . 2012-02-29 10:49 512944 ----a-w- f:\windows\system32\cjpcsc.exe
2012-03-05 22:52 . 2012-02-19 18:32 713648 ----a-w- f:\windows\system32\cjpcscui.exe
2012-03-05 22:52 . 2012-02-14 10:48 786352 ----a-w- f:\windows\system32\cjpcsc32.dll
2012-03-05 22:52 . 2012-02-14 10:48 53680 ----a-w- f:\windows\system32\cjKbBase.dll
2012-03-05 22:52 . 2012-02-14 10:48 215472 ----a-w- f:\windows\system32\cjeca32.dll
2012-03-05 22:52 . 2012-02-14 10:48 208816 ----a-w- f:\windows\system32\cjppa32.dll
2012-03-05 22:52 . 2012-02-14 10:47 63408 ----a-w- f:\windows\system32\cjpcscli.exe
2012-03-05 22:52 . 2007-05-31 06:38 167936 ------w- f:\windows\system32\SerialXP.dll
2012-03-05 22:52 . 2007-05-31 06:38 27648 ------w- f:\windows\system32\win32com.dll
2012-03-05 22:52 . 2007-05-31 06:38 53248 ------w- f:\windows\system32\cjtrm.dll
2012-03-05 21:58 . 2012-03-05 21:58 -------- d-----w- f:\programme\InCode Solutions
2012-03-05 05:29 . 2012-03-05 05:29 -------- d-----w- f:\programme\Gemeinsame Dateien\Java
2012-03-05 05:29 . 2012-03-05 05:29 73728 ----a-w- f:\windows\system32\javacpl.cpl
2012-03-05 05:29 . 2012-03-05 05:29 476904 ----a-w- f:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-05 05:29 . 2012-03-05 05:29 472808 ----a-w- f:\windows\system32\deployJava1.dll
2012-03-05 05:13 . 2012-03-05 05:13 -------- d-----w- f:\programme\Sophos
2012-03-04 14:38 . 2012-03-11 16:28 -------- d-----w- F:\_OTL
2012-03-01 16:10 . 2012-03-01 16:10 -------- d-----w- f:\programme\CCleaner
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-sh--w- f:\windows\system32\config\systemprofile\IETldCache
2012-02-29 09:49 . 2012-02-29 09:49 -------- d-----w- f:\dokumente und einstellungen\Administrator\Anwendungsdaten\TrojanHunter
2012-02-28 22:41 . 2010-08-22 12:48 114176 ----a-w- f:\windows\system32\PCWizard.cpl
2012-02-28 22:41 . 2012-02-28 22:41 -------- d-----w- f:\programme\CPUID
2012-02-28 22:25 . 2012-03-14 20:18 -------- d-----w- f:\programme\Trend Micro
2012-02-28 22:05 . 2012-02-28 22:05 -------- d-----w- F:\found.002
2012-02-28 21:31 . 2012-02-28 21:31 -------- d-----w- f:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sophos
2012-02-28 20:58 . 2012-02-28 20:58 -------- d-----w- F:\stdtsa
2012-02-28 20:46 . 2012-03-01 15:32 -------- d-----w- f:\programme\Spybot - Search & Destroy
2012-02-28 20:46 . 2012-03-01 15:15 -------- d-----w- f:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-28 19:27 . 2012-03-13 12:31 167 ----a-w- F:\user.js
2012-02-16 12:05 . 2012-02-16 17:15 -------- d-----w- f:\programme\Eudora OSE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 09:41 . 2011-06-06 08:48 414368 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 16:41 . 2012-03-11 16:41 21966 ----a-w- F:\Archive.zip
2012-03-02 12:56 . 2010-05-05 13:20 47360 ----a-w- f:\dokumente und einstellungen\Administrator\Anwendungsdaten\pcouffin.sys
2012-02-14 10:48 . 2009-02-26 14:57 352688 ----a-w- f:\windows\system32\ctrsct32.dll
2012-01-12 17:20 . 2008-04-30 22:00 1860096 ----a-w- f:\windows\system32\win32k.sys
2011-12-17 19:43 . 2008-05-10 22:58 43520 ------w- f:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2008-03-01 12:54 916992 ----a-w- f:\windows\system32\wininet.dll
2011-12-17 19:43 . 2008-03-01 12:53 1469440 ------w- f:\windows\system32\inetcpl.cpl
2012-02-16 14:55 . 2011-06-06 12:02 134104 ----a-w- f:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-10 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . f:\windows\system32\usp10.dll
[-] 2008-01-18 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . f:\windows\system32\dllcache\usp10.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 21:05 129624 ----a-w- f:\programme\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-10 16132608]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="f:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"MMTray"="f:\programme\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-11-07 110592]
"Launch LgDeviceAgent"="f:\programme\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 357384]
"Launch LCDMon"="f:\programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 1573384]
"Launch LGDCore"="f:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 3161608]
"SunJavaUpdateSched"="f:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVP"="f:\programme\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"Adobe ARM"="f:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-30 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
f:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
InterVideo WinCinema Manager.lnk - f:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-7 278528]
MotionSD STUDIO - Autostart SD Browser -.lnk - f:\programme\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2009-1-22 66952]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "f:\programme\Eudora_aol\EuShlExt.dll" [2006-08-17 86016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- f:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-22 18:42 116040 ----a-w- f:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2009-01-08 07:55 98304 ----a-w- f:\programme\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 17:03 152872 ----a-w- f:\programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLASC]
2009-11-03 19:59 2247168 ----a-w- f:\programme\buffed\BLASC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- f:\programme\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- f:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 05:00 33648 ----a-w- f:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- f:\programme\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- f:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-11-07 13:41 8192 ----a-w- f:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 ------w- f:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- f:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- f:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- f:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"bgsvcgen"=2 (0x2)
"Bonjour Service"=2 (0x2)
"iPod Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="f:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="f:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"MS_MASTER"=RUNDLL32.EXE f:\windows\system32\xml_inc.dll,i
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"f:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Programme\\ICQ6\\ICQ.exe"=
"f:\\Programme\\InterVideo\\DVD7\\WinDVD.exe"=
"f:\\Programme\\Bonjour\\mDNSResponder.exe"=
"f:\\Programme\\iTunes\\iTunes.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"f:\\Programme\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"f:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"f:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"f:\\WINDOWS\\system32\\dplaysvr.exe"=
"f:\\Programme\\Microprose\\Risiko II\\RISKII.ICD"=
"f:\\Programme\\StarMoney 7.0 S-Edition\\app\\StarMoney.exe"=
"f:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"f:\\Programme\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"f:\\Programme\\World of Warcraft Public Test\\Launcher.exe"=
"f:\\Programme\\TV-Browser 3\\tvbrowser.exe"=
"f:\\Programme\\TV-Browser 3\\tvbrowser_noDD.exe"=
"f:\\Programme\\World of Warcraft\\Launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;f:\windows\system32\drivers\CSCrySec.sys [14.03.2012 21:23 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;f:\windows\system32\drivers\klbg.sys [14.10.2009 21:18 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;f:\windows\system32\drivers\CSVirtualDiskDrv.sys [14.03.2012 21:23 39352]
R2 cjpcsc;cyberJack PC/SC COM Service ;f:\windows\system32\cjpcsc.exe [05.03.2012 23:52 512944]
R2 CSObjectsSrv;CryptoStorage control service;f:\programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21.12.2009 17:34 743992]
R2 NPF;NetGroup Packet Filter Driver;f:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;f:\programme\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [10.11.2011 19:38 554160]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;f:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.12.2009 21:17 1044808]
R3 cjusb;REINER SCT cyberJack USB Driver;f:\windows\system32\drivers\cjusb.sys [26.02.2009 15:58 28144]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;f:\windows\system32\drivers\klim5.sys [14.09.2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;f:\windows\system32\drivers\klmouflt.sys [02.10.2009 19:39 19472]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;f:\windows\system32\drivers\LGBusEnum.sys [14.07.2009 14:35 19720]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064]
S2 FsUsbExService;FsUsbExService;f:\windows\system32\FsUsbExService.Exe [15.07.2009 11:44 233472]
S3 cpuz134;cpuz134;f:\programme\CPUID\PC Wizard 2010\pcwiz_x32.sys [28.02.2012 23:41 20328]
S3 FsUsbExDisk;FsUsbExDisk;\??\f:\windows\system32\FsUsbExDisk.SYS --> f:\windows\system32\FsUsbExDisk.SYS [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\f:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> f:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\24.tmp --> f:\windows\system32\24.tmp [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30754373
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - 30754373
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- f:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: Add to Anti-Banner - f:\programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - f:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - f:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\zho2pb4v.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Softonic)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 00000000000000000000001d7dd482ad
FF - user.js: extensions.softonic_i.instlDay - 15412
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.513:31
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - orgnl
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - eng7
FF - user.js: extensions.softonic_i.instlRef - MON00001
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-05993050.sys
MSConfigStartUp-DAEMON Tools Lite - f:\programme\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-Messenger (Yahoo!) - f:\programme\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-15 14:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\24.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1450960922-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,60,a4,d8,44,10,ab,47,81,f0,8e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,6b,3f,f9,a7,c3,0d,40,ae,a7,7c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,44,60,a4,d8,44,10,ab,47,81,f0,8e,\
.
Zeit der Fertigstellung: 2012-03-15 14:40:09
ComboFix-quarantined-files.txt 2012-03-15 13:40
.
Vor Suchlauf: 23 Verzeichnis(se), 223.477.657.600 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 223.675.817.984 Bytes frei
.
- - End Of File - - 246CF1DD459F4FD2D99EF0D54049B217
:[/code] Combofix-Quarantined-files : Code:
ATTFilter 2012-03-15 13:39:24 . 2012-03-15 13:39:24 660 ----a-w- F:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Messenger (Yahoo!).reg.dat
2012-03-15 13:39:24 . 2012-03-15 13:39:24 630 ----a-w- F:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DAEMON Tools Lite.reg.dat
2012-03-15 13:39:23 . 2012-03-15 13:39:23 558 ----a-w- F:\Qoobox\Quarantine\Registry_backups\SafeBoot-05993050.sys.reg.dat
2012-03-15 13:38:46 . 2012-03-15 13:38:46 261,096 ----a-w- F:\Qoobox\Quarantine\D\av1.zip
2012-03-15 13:38:46 . 2007-11-07 07:03:18 562,688 ----a-w- F:\Qoobox\Quarantine\D\install.exe.vir
2012-03-15 13:37:02 . 2012-03-15 13:37:02 6,568 ----a-w- F:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-03-06 11:41:17 . 2012-03-15 13:30:40 510 ----a-w- F:\Qoobox\Quarantine\catchme.log
2011-08-12 14:05:18 . 2011-09-17 09:27:51 1,057 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vso_ts_preview.xml.vir
2011-01-12 07:16:39 . 2011-11-22 21:41:05 105 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr.vir
2011-01-12 07:16:39 . 2011-01-12 14:51:43 13,721,600 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.vir
2010-05-05 13:20:32 . 2012-03-02 12:56:44 87,608 ----a-w- F:\Qoobox\Quarantine\F\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe.vir
2008-05-17 11:21:54 . 2007-10-22 05:10:36 196,608 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\dllcache\ssleay32.dll.vir
2008-05-17 11:21:54 . 2007-10-22 05:10:18 1,015,808 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\dllcache\libeay32.dll.vir
2008-05-17 11:21:54 . 2008-02-24 17:59:22 1,872,666 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\dllcache\cygwin1.dll.vir
:
Geändert von nadann (15.03.2012 um 13:51 Uhr) |
|
15.03.2012, 16:04
| #24 |
| /// Malwareteam | antimalware bytes startet nicht mehr Wer hat geschrieben du sollst Combofix anwenden? Das kann ziemlich in die Hosen gehen. Ich melde mich wieder. |
|
15.03.2012, 16:43
| #25 |
| /// Malwareteam | antimalware bytes startet nicht mehr Wie läuft das System zur Zeit? |
|
15.03.2012, 17:01
| #26 |
| | antimalware bytes startet nicht mehr hi, ich hatte gleich nach combofix noch GMER angeworfen - das läuft schon seit bestimmt 2 Stunden, sollte aber bald fertig sein......daher - system läuft.... Die "Symptome", die mich auf einen Virus gebracht haben waren ja, dass Gmer, Combofix, Antimalware usw. alle nicht gelaufen sind.....zumindest diese Hürde scheint übersprungen.... ..wenn GMER dann bald mal fertig ist, poste ich das log - danach hätte ich, ausser Du sagst was anderes, das System mal neu gestartet und dann versucht antimalware nochmals zu installieren und laufen zu lassen und kaum geschrieben, ist es fertig :GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-15 18:04:37
Windows 5.1.2600 Service Pack 3
Running: sfjg44ue.exe; Driver: F:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxlcipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB4BEF598]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB4BEFE18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB4BF092E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB4BF0EA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB4BF00FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB4BEE442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB4BF0D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB4BEF19E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB4BF0C34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB4BEF35A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB4BF0FD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB4BF2C14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB4BEFAB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB4BF0CD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB4BF2606]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB4BEEA06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB4BEED94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB4BF0582]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB4BF35D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB4BEEED6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB4BEEF80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB4BF038E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB4BF2698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB4BEE41E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB4BEE430]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB4BF2CC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB4BEF0CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB4BF0F42]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB4BEFE9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB4BEE5E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB4BF0E10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB4BEF79E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB4BF2C3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB4BF1074]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB4BEF6C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB4BEF02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB4BEEC52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB4BF2FE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB4BEE8A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB4BF292E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB4BEEB1A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB4BEE2BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB4BF13FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB4BF12C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB4BF23A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB4BF5E38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB4BF34B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB4BEE254]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB4BF0668]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB4BEFCD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB4BF1C56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB4BF2792]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB4BF3120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB4BEE72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB4BF3204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB4BF332C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB4BF2532]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB4BEF916]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB4BEF86C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB4BF2E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB4BEF9F6]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
Code \??\F:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 16 Bytes [5A, F3, BE, B4, D2, 0F, BF, ...]
.text ntoskrnl.exe!ZwYieldExecution + 172 804E49CC 4 Bytes [06, EA, BE, B4]
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [98, 26, BF, B4, 1E, E4, BE, ...]
.text ntoskrnl.exe!ZwYieldExecution + 252 804E4AAC 8 Bytes CALL 91030996
.text ntoskrnl.exe!ZwYieldExecution + 33A 804E4B94 4 Bytes [A2, E8, BE, B4]
.text ...
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP B4BE48B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP B4BE44DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB741C3A0, 0x59FFE5, 0xE8000020]
.text F:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3AC8300, 0x3B6D8, 0xE8000020]
? F:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? F:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text F:\Programme\Mozilla Firefox\firefox.exe[468] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 01215B60 F:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
? F:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe[768] F:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? F:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe[768] F:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text F:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe[768] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 38, 6D]
? F:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe[1604] F:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? F:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe[1604] F:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text F:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe[1604] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 38, 6D]
.text F:\Programme\Mozilla Firefox\plugin-container.exe[3720] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 10450924 F:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text F:\Programme\Mozilla Firefox\plugin-container.exe[3720] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 10450ECF F:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0xCC 0x77 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x59 0x57 0xB0 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8D 0x16 0x16 0x76 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE5 0x9C 0x57 0xF0 ...
---- EOF - GMER 1.0.15 ----
:[/code] Geändert von nadann (15.03.2012 um 17:07 Uhr) |
|
15.03.2012, 20:57
| #27 |
| /// Malwareteam | antimalware bytes startet nicht mehr Downloade dir bitte Farbar's Service Scanner
|
|
15.03.2012, 21:05
| #28 |
| | antimalware bytes startet nicht mehr : Code:
ATTFilter Farbar Service Scanner Version: 01-03-2012
Ran by Administrator (administrator) on 15-03-2012 at 21:03:41
Running from "F:\aeton"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
File Check:
========
F:\WINDOWS\system32\dhcpcsvc.dll
[2008-04-30 23:00] - [2008-04-30 23:00] - 0127488 ____A (Microsoft Corporation) C29A1C9B75BA38FA37F8C44405DEC360
F:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
F:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
F:\WINDOWS\system32\dnsrslvr.dll
[2008-04-30 23:00] - [2009-04-20 18:17] - 0045568 ____A (Microsoft Corporation) 407F3227AC618FD1CA54B335B083DE07
F:\WINDOWS\system32\ipnathlp.dll
[2008-04-30 23:00] - [2008-04-30 23:00] - 0334336 ____A (Microsoft Corporation) CAD058D5F8B889A87CA3EB3CF624DCEF
F:\WINDOWS\system32\netman.dll
[2008-04-30 23:00] - [2008-04-30 23:00] - 0198144 ____A (Microsoft Corporation) E6D88F1F6745BF00B57E7855A2AB696C
F:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-05-17 12:12] - [2008-04-30 23:00] - 0145408 ____A (Microsoft Corporation) 6F3F3973D97714CC5F906A19FE883729
F:\WINDOWS\system32\srsvc.dll
[2008-05-17 12:15] - [2008-04-30 23:00] - 0171520 ____A (Microsoft Corporation) FE77A85495065F3AD59C5C65B6C54182
F:\WINDOWS\system32\Drivers\sr.sys
[2008-05-17 12:15] - [2008-04-30 23:00] - 0073472 ____A (Microsoft Corporation) 50FA898F8C032796D3B1B9951BB5A90F
F:\WINDOWS\system32\svchost.exe
[2008-04-30 23:00] - [2008-04-30 23:00] - 0014336 ____A (Microsoft Corporation) 4FBC75B74479C7A6F829E0CA19DF3366
F:\WINDOWS\system32\rpcss.dll
[2008-04-30 23:00] - [2009-02-09 11:51] - 0401408 ____A (Microsoft Corporation) 3127AFBF2C1ED0AB14A1BBB7AAECB85B
F:\WINDOWS\system32\services.exe
[2008-04-30 23:00] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC
Extra List:
=======
Gpc(6) IPSec(4) kl1(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000800000004000000010000000200000003000000050000000600000007000000
**** End of log ****
:
|
|
15.03.2012, 21:55
| #29 |
| /// Malwareteam | antimalware bytes startet nicht mehrESET Online Scanner
|
|
16.03.2012, 13:42
| #30 |
| | antimalware bytes startet nicht mehr wow - 3,5-Std.-scan .... : Code:
ATTFilter D:\Sicherungen\neu aufgesetzt maerz 2012\basisprogramme\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe a variant of Win32/SoftonicDownloader.D application
D:\Sicherungen\neu aufgesetzt maerz 2012\basisprogramme\SoftonicDownloader_fuer_pc-wizard.exe a variant of Win32/SoftonicDownloader.D application
D:\Sicherungen\neu aufgesetzt maerz 2012\basisprogramme\Nero.Premium.Edition.v7.10.1.0.German-DVT\Nero-7.10.1.0_deu_trial.exe Win32/Toolbar.AskSBar application
F:\basisprogramme\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe a variant of Win32/SoftonicDownloader.D application
F:\basisprogramme\SoftonicDownloader_fuer_pc-wizard.exe a variant of Win32/SoftonicDownloader.D application
F:\basisprogramme\Nero.Premium.Edition.v7.10.1.0.German-DVT\Nero-7.10.1.0_deu_trial.exe Win32/Toolbar.AskSBar application
:
|
|
| Themen zu antimalware bytes startet nicht mehr |
| antimalware, anwendung, bad_pool_header, bytes, cursor, entdeck, exe, fehlermeldung, folge, folgende, gleichzeitig, gmer, hängt, malwarebytes, neu, nicht mehr, nichts, nichts geht mehr, rechner, rechner hängt sich auf, schließen, sonderzeichen, startet, startet nicht, tool, verschwindet, öffnet |
Linear-Darstellung
