| |
| |||||||
Log-Analyse und Auswertung: Gema Trojaner & Windows Security Center TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.03.2012, 12:28
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Gema Trojaner & Windows Security Center TrojanerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2012, 20:17
| #17 |
 | Gema Trojaner & Windows Security Center TrojanerCode:
ATTFilter 20:52:42.0546 1520 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:52:43.0968 1520 ============================================================
20:52:43.0968 1520 Current date / time: 2012/03/27 20:52:43.0968
20:52:43.0968 1520 SystemInfo:
20:52:43.0968 1520
20:52:43.0968 1520 OS Version: 5.1.2600 ServicePack: 3.0
20:52:43.0968 1520 Product type: Workstation
20:52:43.0968 1520 ComputerName: PUPPSIE
20:52:43.0968 1520 UserName: Mone
20:52:43.0968 1520 Windows directory: C:\WINDOWS
20:52:43.0968 1520 System windows directory: C:\WINDOWS
20:52:43.0968 1520 Processor architecture: Intel x86
20:52:43.0968 1520 Number of processors: 2
20:52:43.0968 1520 Page size: 0x1000
20:52:43.0968 1520 Boot type: Normal boot
20:52:43.0968 1520 ============================================================
20:53:05.0562 1520 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:53:05.0734 1520 Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:53:05.0750 1520 Drive \Device\Harddisk2\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:53:05.0765 1520 \Device\Harddisk0\DR0:
20:53:05.0781 1520 MBR used
20:53:05.0781 1520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:53:05.0781 1520 \Device\Harddisk1\DR2:
20:53:05.0781 1520 MBR used
20:53:05.0781 1520 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
20:53:05.0781 1520 \Device\Harddisk2\DR3:
20:53:05.0796 1520 MBR used
20:53:05.0796 1520 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
20:53:08.0343 1520 Initialize success
20:53:08.0343 1520 ============================================================
20:53:19.0125 0552 ============================================================
20:53:19.0125 0552 Scan started
20:53:19.0125 0552 Mode: Manual; SigCheck; TDLFS;
20:53:19.0125 0552 ============================================================
20:53:21.0421 0552 Abiosdsk - ok
20:53:21.0828 0552 abp480n5 - ok
20:53:22.0546 0552 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:53:34.0734 0552 ACPI - ok
20:53:36.0515 0552 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:53:36.0703 0552 ACPIEC - ok
20:53:37.0281 0552 adpu160m - ok
20:53:38.0531 0552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:53:38.0796 0552 aec - ok
20:53:41.0406 0552 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:53:42.0234 0552 AFD - ok
20:53:45.0953 0552 Aha154x - ok
20:53:47.0984 0552 aic78u2 - ok
20:53:49.0500 0552 aic78xx - ok
20:53:50.0703 0552 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:53:50.0921 0552 Alerter - ok
20:53:55.0671 0552 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:53:55.0875 0552 ALG - ok
20:53:57.0203 0552 AliIde - ok
20:54:04.0578 0552 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:54:09.0171 0552 Ambfilt - ok
20:54:10.0015 0552 amsint - ok
20:54:10.0515 0552 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
20:54:10.0546 0552 AntiVirSchedulerService - ok
20:54:10.0828 0552 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:54:10.0859 0552 AntiVirService - ok
20:54:11.0140 0552 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:54:11.0156 0552 Apple Mobile Device - ok
20:54:11.0875 0552 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
20:54:12.0531 0552 AppMgmt - ok
20:54:13.0062 0552 asc - ok
20:54:14.0093 0552 asc3350p - ok
20:54:14.0921 0552 asc3550 - ok
20:54:15.0484 0552 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:54:16.0453 0552 aspnet_state - ok
20:54:17.0437 0552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:54:17.0578 0552 AsyncMac - ok
20:54:18.0156 0552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:54:18.0296 0552 atapi - ok
20:54:18.0937 0552 Atdisk - ok
20:54:19.0406 0552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:54:19.0593 0552 Atmarpc - ok
20:54:20.0109 0552 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:54:20.0359 0552 AudioSrv - ok
20:54:21.0171 0552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:54:21.0359 0552 audstub - ok
20:54:21.0921 0552 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:54:21.0937 0552 avgntflt - ok
20:54:22.0390 0552 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:54:22.0421 0552 avipbb - ok
20:54:22.0937 0552 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:54:22.0953 0552 avkmgr - ok
20:54:23.0484 0552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:54:23.0703 0552 Beep - ok
20:54:24.0953 0552 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:54:26.0203 0552 BITS - ok
20:54:26.0687 0552 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
20:54:26.0937 0552 Bonjour Service - ok
20:54:27.0718 0552 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:54:28.0046 0552 Browser - ok
20:54:28.0718 0552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:54:29.0375 0552 cbidf2k - ok
20:54:29.0812 0552 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:54:29.0953 0552 CCDECODE - ok
20:54:30.0312 0552 cd20xrnt - ok
20:54:30.0734 0552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:54:30.0875 0552 Cdaudio - ok
20:54:31.0421 0552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:54:31.0640 0552 Cdfs - ok
20:54:32.0203 0552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:54:32.0359 0552 Cdrom - ok
20:54:32.0734 0552 Changer - ok
20:54:33.0109 0552 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
20:54:33.0250 0552 CiSvc - ok
20:54:33.0625 0552 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:54:33.0765 0552 ClipSrv - ok
20:54:34.0156 0552 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:54:34.0578 0552 clr_optimization_v2.0.50727_32 - ok
20:54:35.0125 0552 CmdIde - ok
20:54:35.0453 0552 COMSysApp - ok
20:54:35.0859 0552 Cpqarray - ok
20:54:36.0468 0552 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:54:36.0593 0552 CryptSvc - ok
20:54:37.0000 0552 dac2w2k - ok
20:54:37.0593 0552 dac960nt - ok
20:54:38.0281 0552 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:54:38.0562 0552 DcomLaunch - ok
20:54:39.0156 0552 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:54:39.0328 0552 Dhcp - ok
20:54:39.0968 0552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:54:40.0109 0552 Disk - ok
20:54:40.0578 0552 dmadmin - ok
20:54:44.0437 0552 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:54:45.0593 0552 dmboot - ok
20:54:46.0218 0552 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:54:46.0390 0552 dmio - ok
20:54:46.0796 0552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:54:46.0906 0552 dmload - ok
20:54:47.0578 0552 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:54:47.0718 0552 dmserver - ok
20:54:48.0218 0552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:54:48.0421 0552 DMusic - ok
20:54:48.0859 0552 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:54:48.0984 0552 Dnscache - ok
20:54:49.0484 0552 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:54:49.0750 0552 Dot3svc - ok
20:54:50.0156 0552 dpti2o - ok
20:54:50.0687 0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:54:50.0875 0552 drmkaud - ok
20:54:51.0296 0552 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:54:51.0500 0552 EapHost - ok
20:54:51.0859 0552 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:54:52.0000 0552 ERSvc - ok
20:54:52.0812 0552 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:54:52.0859 0552 Eventlog - ok
20:54:53.0328 0552 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
20:54:53.0421 0552 EventSystem - ok
20:54:53.0984 0552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:54:54.0312 0552 Fastfat - ok
20:54:54.0953 0552 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:54:55.0078 0552 FastUserSwitchingCompatibility - ok
20:54:55.0515 0552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:54:55.0687 0552 Fdc - ok
20:54:57.0265 0552 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
20:54:57.0265 0552 FilterService - ok
20:54:58.0593 0552 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:54:59.0359 0552 Fips - ok
20:54:59.0984 0552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:55:00.0140 0552 Flpydisk - ok
20:55:00.0578 0552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:55:00.0734 0552 FltMgr - ok
20:55:01.0000 0552 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:55:01.0109 0552 FontCache3.0.0.0 - ok
20:55:01.0531 0552 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:55:01.0531 0552 fssfltr - ok
20:55:02.0062 0552 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
20:55:03.0375 0552 fsssvc - ok
20:55:04.0250 0552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:55:04.0421 0552 Fs_Rec - ok
20:55:05.0671 0552 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:55:05.0906 0552 Ftdisk - ok
20:55:06.0765 0552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:55:06.0781 0552 GEARAspiWDM - ok
20:55:07.0187 0552 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:55:07.0203 0552 ggflt - ok
20:55:07.0718 0552 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:55:07.0750 0552 ggsemc - ok
20:55:08.0187 0552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:55:08.0375 0552 Gpc - ok
20:55:08.0515 0552 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
20:55:08.0515 0552 gupdate - ok
20:55:08.0593 0552 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
20:55:08.0609 0552 gupdatem - ok
20:55:08.0734 0552 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
20:55:08.0812 0552 gusvc - ok
20:55:09.0578 0552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:55:10.0406 0552 HDAudBus - ok
20:55:10.0625 0552 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:55:10.0734 0552 helpsvc - ok
20:55:11.0125 0552 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
20:55:11.0250 0552 HidServ - ok
20:55:11.0671 0552 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:55:11.0796 0552 hidusb - ok
20:55:12.0203 0552 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:55:12.0359 0552 hkmsvc - ok
20:55:12.0765 0552 hpn - ok
20:55:12.0984 0552 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
20:55:13.0015 0552 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:55:13.0015 0552 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:55:13.0187 0552 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
20:55:13.0203 0552 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:55:13.0203 0552 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:55:13.0609 0552 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:55:13.0843 0552 HPZid412 - ok
20:55:14.0218 0552 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:55:14.0265 0552 HPZipr12 - ok
20:55:14.0718 0552 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:55:14.0781 0552 HPZius12 - ok
20:55:15.0609 0552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:55:15.0687 0552 HTTP - ok
20:55:16.0531 0552 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:55:17.0046 0552 HTTPFilter - ok
20:55:18.0187 0552 i2omgmt - ok
20:55:18.0640 0552 i2omp - ok
20:55:19.0578 0552 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:55:19.0984 0552 i8042prt - ok
20:55:24.0703 0552 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:55:34.0546 0552 ialm - ok
20:55:37.0484 0552 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:55:40.0265 0552 idsvc - ok
20:55:41.0250 0552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:55:41.0484 0552 Imapi - ok
20:55:42.0406 0552 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
20:55:42.0531 0552 ImapiService - ok
20:55:42.0968 0552 ini910u - ok
20:55:48.0500 0552 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:55:51.0359 0552 IntcAzAudAddService - ok
20:55:52.0062 0552 IntelIde - ok
20:55:53.0031 0552 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:55:53.0156 0552 intelppm - ok
20:55:54.0078 0552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:55:54.0234 0552 Ip6Fw - ok
20:55:54.0656 0552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:55:54.0765 0552 IpFilterDriver - ok
20:55:55.0187 0552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:55:55.0343 0552 IpInIp - ok
20:55:55.0828 0552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:55:55.0968 0552 IpNat - ok
20:55:56.0468 0552 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
20:55:56.0703 0552 iPod Service - ok
20:55:57.0140 0552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:55:57.0375 0552 IPSec - ok
20:55:57.0796 0552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:55:57.0921 0552 IRENUM - ok
20:55:58.0453 0552 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:55:58.0625 0552 isapnp - ok
20:55:58.0796 0552 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
20:55:58.0812 0552 JavaQuickStarterService - ok
20:55:59.0437 0552 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:55:59.0687 0552 Kbdclass - ok
20:56:00.0093 0552 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:56:00.0265 0552 kbdhid - ok
20:56:01.0031 0552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:56:01.0187 0552 kmixer - ok
20:56:01.0640 0552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:56:01.0781 0552 KSecDD - ok
20:56:02.0187 0552 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:56:02.0250 0552 lanmanserver - ok
20:56:02.0671 0552 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:56:02.0750 0552 lanmanworkstation - ok
20:56:03.0125 0552 lbrtfdc - ok
20:56:03.0500 0552 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:56:03.0640 0552 LmHosts - ok
20:56:04.0093 0552 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
20:56:04.0187 0552 lvpopflt - ok
20:56:04.0593 0552 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
20:56:04.0609 0552 LVPr2Mon - ok
20:56:04.0843 0552 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
20:56:04.0859 0552 LVPrcSrv - ok
20:56:05.0546 0552 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
20:56:05.0578 0552 LVRS - ok
20:56:11.0234 0552 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
20:56:18.0968 0552 LVUVC - ok
20:56:20.0265 0552 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:56:20.0453 0552 MBAMProtector - ok
20:56:21.0625 0552 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
20:56:22.0078 0552 MBAMService - ok
20:56:22.0671 0552 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
20:56:22.0703 0552 MDM - ok
20:56:23.0125 0552 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:56:23.0375 0552 Messenger - ok
20:56:23.0968 0552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:56:24.0093 0552 mnmdd - ok
20:56:24.0625 0552 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
20:56:24.0781 0552 mnmsrvc - ok
20:56:25.0250 0552 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:56:25.0484 0552 Modem - ok
20:56:26.0515 0552 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
20:56:27.0843 0552 Monfilt - ok
20:56:28.0406 0552 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:56:28.0562 0552 Mouclass - ok
20:56:28.0968 0552 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:56:29.0109 0552 mouhid - ok
20:56:29.0625 0552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:56:29.0812 0552 MountMgr - ok
20:56:30.0156 0552 MpKsl1f947b4b - ok
20:56:30.0640 0552 mraid35x - ok
20:56:31.0093 0552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:56:31.0359 0552 MRxDAV - ok
20:56:31.0953 0552 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:56:32.0421 0552 MRxSmb - ok
20:56:32.0796 0552 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
20:56:32.0937 0552 MSDTC - ok
20:56:33.0390 0552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:56:33.0546 0552 Msfs - ok
20:56:33.0859 0552 MSIServer - ok
20:56:34.0265 0552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:56:34.0437 0552 MSKSSRV - ok
20:56:34.0843 0552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:56:34.0984 0552 MSPCLOCK - ok
20:56:35.0500 0552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:56:35.0671 0552 MSPQM - ok
20:56:36.0093 0552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:56:36.0234 0552 mssmbios - ok
20:56:36.0687 0552 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:56:36.0859 0552 MSTEE - ok
20:56:37.0359 0552 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:56:37.0468 0552 Mup - ok
20:56:37.0906 0552 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:56:38.0093 0552 NABTSFEC - ok
20:56:38.0609 0552 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:56:38.0921 0552 napagent - ok
20:56:39.0437 0552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:56:39.0671 0552 NDIS - ok
20:56:40.0078 0552 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:56:40.0265 0552 NdisIP - ok
20:56:40.0703 0552 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:56:40.0781 0552 NdisTapi - ok
20:56:41.0203 0552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:56:41.0406 0552 Ndisuio - ok
20:56:41.0843 0552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:56:42.0031 0552 NdisWan - ok
20:56:42.0453 0552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:56:42.0546 0552 NDProxy - ok
20:56:42.0937 0552 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
20:56:42.0953 0552 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:56:42.0953 0552 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:56:43.0359 0552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:56:43.0531 0552 NetBIOS - ok
20:56:44.0000 0552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:56:44.0250 0552 NetBT - ok
20:56:44.0671 0552 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:56:44.0890 0552 NetDDE - ok
20:56:44.0953 0552 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:56:45.0078 0552 NetDDEdsdm - ok
20:56:45.0453 0552 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:56:45.0593 0552 Netlogon - ok
20:56:46.0031 0552 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:56:46.0187 0552 Netman - ok
20:56:46.0468 0552 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:46.0578 0552 NetTcpPortSharing - ok
20:56:47.0031 0552 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:56:47.0078 0552 Nla - ok
20:56:47.0515 0552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:56:47.0687 0552 Npfs - ok
20:56:48.0328 0552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:56:48.0906 0552 Ntfs - ok
20:56:49.0281 0552 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:56:49.0421 0552 NtLmSsp - ok
20:56:49.0937 0552 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:56:50.0453 0552 NtmsSvc - ok
20:56:50.0859 0552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:56:50.0984 0552 Null - ok
20:56:51.0484 0552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:56:51.0656 0552 NwlnkFlt - ok
20:56:52.0062 0552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:56:52.0265 0552 NwlnkFwd - ok
20:56:52.0703 0552 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
20:56:52.0906 0552 Parport - ok
20:56:53.0390 0552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:56:53.0609 0552 PartMgr - ok
20:56:54.0015 0552 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:56:54.0171 0552 ParVdm - ok
20:56:54.0609 0552 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:56:54.0796 0552 PCI - ok
20:56:55.0187 0552 PCIDump - ok
20:56:55.0609 0552 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:56:55.0765 0552 PCIIde - ok
20:56:56.0250 0552 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:56:56.0468 0552 Pcmcia - ok
20:56:56.0859 0552 PDCOMP - ok
20:56:57.0234 0552 PDFRAME - ok
20:56:57.0656 0552 PDRELI - ok
20:56:58.0015 0552 PDRFRAME - ok
20:56:58.0421 0552 perc2 - ok
20:56:58.0796 0552 perc2hib - ok
20:56:59.0203 0552 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:56:59.0234 0552 PlugPlay - ok
20:56:59.0625 0552 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
20:56:59.0640 0552 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:56:59.0640 0552 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:57:00.0015 0552 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:57:00.0125 0552 PolicyAgent - ok
20:57:00.0593 0552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:57:00.0796 0552 PptpMiniport - ok
20:57:01.0156 0552 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:57:01.0281 0552 ProtectedStorage - ok
20:57:01.0750 0552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:57:01.0968 0552 PSched - ok
20:57:02.0390 0552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:57:02.0531 0552 Ptilink - ok
20:57:02.0937 0552 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:57:02.0984 0552 PxHelp20 - ok
20:57:03.0359 0552 ql1080 - ok
20:57:03.0750 0552 Ql10wnt - ok
20:57:04.0125 0552 ql12160 - ok
20:57:04.0515 0552 ql1240 - ok
20:57:04.0875 0552 ql1280 - ok
20:57:05.0281 0552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:57:05.0453 0552 RasAcd - ok
20:57:05.0843 0552 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:57:06.0062 0552 RasAuto - ok
20:57:06.0578 0552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:57:06.0765 0552 Rasl2tp - ok
20:57:07.0187 0552 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:57:07.0390 0552 RasMan - ok
20:57:07.0828 0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:57:08.0000 0552 RasPppoe - ok
20:57:08.0406 0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:57:08.0578 0552 Raspti - ok
20:57:09.0062 0552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:57:09.0343 0552 Rdbss - ok
20:57:09.0750 0552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:57:09.0890 0552 RDPCDD - ok
20:57:10.0421 0552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:57:10.0687 0552 rdpdr - ok
20:57:11.0156 0552 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:57:11.0296 0552 RDPWD - ok
20:57:11.0718 0552 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:57:11.0953 0552 RDSessMgr - ok
20:57:12.0375 0552 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:57:12.0562 0552 redbook - ok
20:57:12.0953 0552 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:57:13.0140 0552 RemoteAccess - ok
20:57:13.0609 0552 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
20:57:13.0750 0552 RemoteRegistry - ok
20:57:14.0156 0552 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
20:57:14.0343 0552 RpcLocator - ok
20:57:14.0890 0552 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:57:15.0062 0552 RpcSs - ok
20:57:15.0500 0552 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
20:57:15.0750 0552 RSVP - ok
20:57:16.0218 0552 RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:57:16.0453 0552 RTLE8023xp - ok
20:57:16.0953 0552 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
20:57:17.0093 0552 s1018bus - ok
20:57:17.0500 0552 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
20:57:17.0515 0552 s1018mdfl - ok
20:57:17.0984 0552 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
20:57:18.0046 0552 s1018mdm - ok
20:57:18.0500 0552 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
20:57:18.0703 0552 s1018mgmt - ok
20:57:19.0109 0552 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
20:57:19.0140 0552 s1018nd5 - ok
20:57:19.0593 0552 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
20:57:19.0671 0552 s1018obex - ok
20:57:20.0125 0552 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
20:57:20.0203 0552 s1018unic - ok
20:57:20.0671 0552 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
20:57:20.0734 0552 s115bus - ok
20:57:21.0156 0552 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
20:57:21.0187 0552 s115mdfl - ok
20:57:21.0640 0552 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
20:57:21.0703 0552 s115mdm - ok
20:57:22.0218 0552 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
20:57:22.0375 0552 s115mgmt - ok
20:57:23.0875 0552 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
20:57:24.0062 0552 s115obex - ok
20:57:26.0000 0552 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
20:57:26.0078 0552 s125bus - ok
20:57:27.0656 0552 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
20:57:28.0093 0552 s125mdfl - ok
20:57:29.0875 0552 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
20:57:30.0031 0552 s125mdm - ok
20:57:31.0828 0552 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
20:57:31.0890 0552 s125mgmt - ok
20:57:33.0000 0552 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
20:57:33.0062 0552 s125obex - ok
20:57:33.0796 0552 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:57:33.0921 0552 SamSs - ok
20:57:34.0687 0552 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:57:34.0921 0552 SCardSvr - ok
20:57:35.0562 0552 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:57:35.0781 0552 Schedule - ok
20:57:36.0218 0552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:57:36.0390 0552 Secdrv - ok
20:57:36.0750 0552 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:57:36.0921 0552 seclogon - ok
20:57:37.0500 0552 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:57:37.0671 0552 SENS - ok
20:57:38.0093 0552 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:57:38.0281 0552 serenum - ok
20:57:38.0718 0552 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
20:57:38.0921 0552 Serial - ok
20:57:39.0359 0552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:57:39.0515 0552 Sfloppy - ok
20:57:40.0046 0552 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:57:40.0390 0552 SharedAccess - ok
20:57:40.0812 0552 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:57:40.0859 0552 ShellHWDetection - ok
20:57:41.0234 0552 Simbad - ok
20:57:41.0687 0552 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:57:41.0859 0552 SLIP - ok
20:57:42.0343 0552 Sparrow - ok
20:57:42.0750 0552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:57:42.0921 0552 splitter - ok
20:57:43.0296 0552 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:57:43.0359 0552 Spooler - ok
20:57:44.0046 0552 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:57:44.0046 0552 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:57:44.0046 0552 sptd ( LockedFile.Multi.Generic ) - warning
20:57:44.0046 0552 sptd - detected LockedFile.Multi.Generic (1)
20:57:44.0593 0552 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:57:44.0796 0552 sr - ok
20:57:45.0328 0552 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
20:57:45.0453 0552 srservice - ok
20:57:46.0015 0552 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:57:46.0421 0552 Srv - ok
20:57:46.0812 0552 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:57:46.0953 0552 SSDPSRV - ok
20:57:47.0500 0552 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:57:47.0515 0552 ssmdrv - ok
20:57:48.0046 0552 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:57:48.0468 0552 stisvc - ok
20:57:48.0906 0552 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:57:49.0093 0552 streamip - ok
20:57:49.0562 0552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:57:49.0734 0552 swenum - ok
20:57:50.0156 0552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:57:50.0421 0552 swmidi - ok
20:57:50.0781 0552 SwPrv - ok
20:57:51.0500 0552 symc810 - ok
20:57:51.0875 0552 symc8xx - ok
20:57:52.0312 0552 sym_hi - ok
20:57:52.0687 0552 sym_u3 - ok
20:57:53.0125 0552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:57:53.0343 0552 sysaudio - ok
20:57:53.0750 0552 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:57:53.0953 0552 SysmonLog - ok
20:57:54.0546 0552 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:57:54.0734 0552 TapiSrv - ok
20:57:55.0406 0552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS
20:57:55.0750 0552 Tcpip - ok
20:57:56.0187 0552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:57:56.0375 0552 TDPIPE - ok
20:57:56.0796 0552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:57:56.0984 0552 TDTCP - ok
20:57:57.0484 0552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:57:57.0687 0552 TermDD - ok
20:57:58.0187 0552 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:57:58.0468 0552 TermService - ok
20:57:58.0875 0552 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:57:58.0906 0552 Themes - ok
20:57:59.0281 0552 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
20:57:59.0468 0552 TlntSvr - ok
20:57:59.0859 0552 TosIde - ok
20:58:00.0234 0552 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:58:00.0390 0552 TrkWks - ok
20:58:00.0812 0552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:58:01.0015 0552 Udfs - ok
20:58:01.0437 0552 ultra - ok
20:58:02.0000 0552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:58:02.0609 0552 Update - ok
20:58:03.0046 0552 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:58:03.0328 0552 upnphost - ok
20:58:03.0765 0552 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:58:03.0937 0552 UPS - ok
20:58:04.0375 0552 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:58:04.0562 0552 usbaudio - ok
20:58:04.0968 0552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:58:05.0156 0552 usbccgp - ok
20:58:05.0609 0552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:58:05.0781 0552 usbehci - ok
20:58:06.0218 0552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:58:06.0421 0552 usbhub - ok
20:58:06.0843 0552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:58:07.0031 0552 usbprint - ok
20:58:07.0468 0552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:58:07.0640 0552 usbscan - ok
20:58:08.0062 0552 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:58:08.0234 0552 usbser - ok
20:58:08.0687 0552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:58:08.0875 0552 USBSTOR - ok
20:58:09.0296 0552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:58:09.0468 0552 usbuhci - ok
20:58:09.0906 0552 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:58:10.0125 0552 usbvideo - ok
20:58:10.0546 0552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:58:10.0718 0552 VgaSave - ok
20:58:11.0109 0552 ViaIde - ok
20:58:11.0531 0552 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:58:11.0718 0552 VolSnap - ok
20:58:12.0203 0552 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:58:12.0515 0552 VSS - ok
20:58:12.0984 0552 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
20:58:13.0156 0552 W32Time - ok
20:58:13.0578 0552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:58:13.0765 0552 Wanarp - ok
20:58:14.0390 0552 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:58:14.0781 0552 Wdf01000 - ok
20:58:15.0187 0552 WDICA - ok
20:58:15.0640 0552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:58:15.0828 0552 wdmaud - ok
20:58:16.0234 0552 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:58:16.0406 0552 WebClient - ok
20:58:16.0843 0552 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:58:17.0000 0552 winmgmt - ok
20:58:17.0406 0552 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
20:58:17.0593 0552 WmdmPmSN - ok
20:58:18.0218 0552 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
20:58:18.0500 0552 Wmi - ok
20:58:18.0921 0552 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:58:19.0125 0552 WmiApSrv - ok
20:58:19.0734 0552 WMPNetworkSvc (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe
20:58:20.0703 0552 WMPNetworkSvc - ok
20:58:21.0187 0552 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:58:21.0265 0552 WpdUsb - ok
20:58:21.0656 0552 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:58:21.0828 0552 wscsvc - ok
20:58:22.0171 0552 WSearch - ok
20:58:22.0593 0552 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:58:22.0781 0552 WSTCODEC - ok
20:58:23.0140 0552 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:58:23.0359 0552 wuauserv - ok
20:58:23.0796 0552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:58:23.0906 0552 WudfPf - ok
20:58:24.0375 0552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:58:24.0453 0552 WudfRd - ok
20:58:24.0843 0552 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:58:24.0890 0552 WudfSvc - ok
20:58:25.0453 0552 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:58:25.0859 0552 WZCSVC - ok
20:58:26.0265 0552 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:58:26.0500 0552 xmlprov - ok
20:58:26.0890 0552 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:58:27.0421 0552 \Device\Harddisk0\DR0 - ok
20:58:27.0421 0552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
20:58:27.0593 0552 \Device\Harddisk1\DR2 - ok
20:58:27.0609 0552 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3
20:58:27.0750 0552 \Device\Harddisk2\DR3 - ok
20:58:27.0859 0552 Boot (0x1200) (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0
20:58:27.0859 0552 \Device\Harddisk0\DR0\Partition0 - ok
20:58:27.0859 0552 Boot (0x1200) (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0
20:58:27.0859 0552 \Device\Harddisk1\DR2\Partition0 - ok
20:58:27.0875 0552 Boot (0x1200) (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0
20:58:27.0875 0552 \Device\Harddisk2\DR3\Partition0 - ok
20:58:27.0875 0552 ============================================================
20:58:27.0875 0552 Scan finished
20:58:27.0875 0552 ============================================================
20:58:27.0984 2360 Detected object count: 5
20:58:27.0984 2360 Actual detected object count: 5
21:16:30.0265 2360 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:30.0265 2360 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:30.0265 2360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:30.0265 2360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:30.0265 2360 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:16:32.0859 2312 Deinitialize success
|
|
27.03.2012, 20:23
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner & Windows Security Center Trojaner Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
28.03.2012, 08:36
| #19 |
| | Gema Trojaner & Windows Security Center Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 12-03-27.03 - Mone 27.03.2012 23:45:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2038.1448 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Mone\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Mone\GoogleEarthPluginSetup.exe
c:\dokumente und einstellungen\Mone\lyricsplugin03.exe
c:\dokumente und einstellungen\Mone\Recent\Thumbs.db
c:\dokumente und einstellungen\Mone\WINDOWS
c:\dokumente und einstellungen\tayler\21f19e6a402e6c260cbe40caf8007e5f_e896fb6554.jpg
c:\dokumente und einstellungen\tayler\24041290986793.jpg
c:\dokumente und einstellungen\tayler\25261292087054.jpg
c:\dokumente und einstellungen\tayler\79071287072585.jpg
c:\dokumente und einstellungen\tayler\88131292087054.jpg
c:\dokumente und einstellungen\tayler\95121289948044.jpg
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-27 bis 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 18:22 . 2012-03-27 18:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 10:28 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-23 10:28 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-03-23 10:26 . 2012-03-23 10:26 -------- d-----w- c:\programme\iPod
2012-03-23 10:25 . 2012-03-23 10:28 -------- d-----w- c:\programme\iTunes
2012-03-23 10:25 . 2012-03-23 10:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-23 10:23 . 2012-03-23 10:23 -------- d-----w- c:\programme\Apple Software Update
2012-03-23 10:22 . 2012-03-23 10:22 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Apple Computer
2012-03-23 10:14 . 2012-03-23 10:14 -------- d-----w- c:\programme\Bonjour
2012-03-23 09:56 . 2012-03-23 09:57 74967408 ----a-w- C:\iTunesSetup.exe
2012-03-23 09:47 . 2012-03-23 09:47 -------- d-----w- c:\programme\Ion Audio
2012-03-21 20:57 . 2012-03-21 20:57 -------- d-----w- C:\_OTL
2012-03-19 17:35 . 2012-03-19 17:35 -------- d-----w- c:\dokumente und einstellungen\Mone\Anwendungsdaten\Avira
2012-03-19 17:27 . 2012-01-31 07:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-19 17:27 . 2012-01-31 07:56 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-19 17:27 . 2011-09-16 15:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-19 17:26 . 2012-03-19 17:26 -------- d-----w- c:\programme\Avira
2012-03-19 17:26 . 2012-03-19 17:26 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-03-18 22:07 . 2012-03-18 22:08 87227952 ----a-w- C:\avira_free_antivirus_de1200898.exe
2012-03-18 22:05 . 2012-03-18 22:05 12038144 ----a-w- C:\Ad-Aware_9.6_Install.exe
2012-03-18 09:27 . 2012-03-18 09:27 592824 ----a-w- c:\programme\Mozilla Firefox\gkmedias.dll
2012-03-18 09:27 . 2012-03-18 09:27 44472 ----a-w- c:\programme\Mozilla Firefox\mozglue.dll
2012-03-14 23:04 . 2012-03-14 23:04 -------- d-----w- c:\dokumente und einstellungen\Mone\Anwendungsdaten\Malwarebytes
2012-03-14 23:04 . 2012-03-14 23:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-14 23:04 . 2012-03-14 23:31 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-03-14 23:04 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 01:19 . 2012-03-08 01:19 -------- d-----w- c:\programme\Recuva
2012-02-29 15:42 . 2012-02-29 15:42 -------- d-----w- c:\programme\PhotoZoom Pro 4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 17:44 . 2012-03-27 17:44 2048299 ----a-w- C:\tdsskiller.zip
2012-03-14 14:57 . 2011-06-10 12:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2006-02-28 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-13 10:01 . 2012-01-13 10:00 66566416 ----a-w- C:\FreeStudio.exe
2012-01-13 09:57 . 2012-01-13 09:57 19850888 ----a-w- C:\FreeVideoToMP3Converter504.exe
2012-01-12 09:00 . 2012-01-12 09:00 883840 ----a-w- C:\Avira-DE-Cleaner.exe
2012-01-11 19:06 . 2012-02-15 10:38 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-04-21 09:58 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-05 09:38 . 2012-01-05 09:38 4629040 ----a-w- C:\MyPhoneExplorer_Setup_1.8.2-uni.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 09:27 . 2012-01-15 14:11 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"LWS"="c:\programme\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.10.2010 00:09 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.03.2012 19:27 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.03.2012 19:27 86224]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [15.03.2012 01:04 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.03.2012 01:04 20464]
S1 MpKsl1f947b4b;MpKsl1f947b4b;\??\c:\windows\system32\MpEngineStore\MpKsl1f947b4b.sys --> c:\windows\system32\MpEngineStore\MpKsl1f947b4b.sys [?]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.07.2011 00:21 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.04.2010 12:20 1691480]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [14.07.2010 12:52 13224]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.07.2011 00:21 136176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [14.07.2010 12:17 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [14.07.2010 12:17 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [14.07.2010 12:17 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [14.07.2010 12:17 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [14.07.2010 12:17 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [14.07.2010 12:17 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [14.07.2010 12:17 109864]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [24.12.2011 02:19 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [24.12.2011 02:19 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [24.12.2011 02:19 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [24.12.2011 02:19 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [24.12.2011 02:19 98568]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31931476
*Deregistered* - 31931476
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-17 22:20]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-17 22:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\dokumente und einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.payback.de/pb/id/105532/?s_ixcid=11_300_102#
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Audio Converter_is1 - c:\programme\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-Free YouTube Download_is1 - c:\programme\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 23:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Zeit der Fertigstellung: 2012-03-28 00:02:28
ComboFix-quarantined-files.txt 2012-03-27 22:02
.
Vor Suchlauf: 14 Verzeichnis(se), 43.780.169.728 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 43.868.606.464 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C06AD9B1DA0A3C1603388FA09DA17C9A
Sind sie jetzt weg die bösen Trajaner? grüße |
|
28.03.2012, 11:31
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner & Windows Security Center Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2012, 20:56
| #21 |
| | Gema Trojaner & Windows Security Center Trojaner OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:56:12 on 01.04.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a844jgqb" (a844jgqb) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a844jgqb.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\DOKUME~1\Mone\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MpKsl1f947b4b" (MpKsl1f947b4b) - ? - C:\WINDOWS\system32\MpEngineStore\MpKsl1f947b4b.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Mone\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LWS" - "Logitech Inc." - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe -hide "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 21:56:55
-----------------------------
21:56:55.328 OS Version: Windows 5.1.2600 Service Pack 3
21:56:55.328 Number of processors: 2 586 0x170A
21:56:55.328 ComputerName: PUPPSIE UserName: Mone
21:56:57.125 Initialize success
21:59:07.734 AVAST engine defs: 12040101
21:59:35.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:59:35.078 Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
21:59:35.078 Disk 0 MBR read successfully
21:59:35.078 Disk 0 MBR scan
21:59:35.171 Disk 0 Windows XP default MBR code
21:59:35.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
21:59:35.656 Disk 0 scanning sectors +156280320
21:59:35.890 Disk 0 scanning C:\WINDOWS\system32\drivers
22:00:14.453 Service scanning
22:01:22.250 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:01:34.578 Modules scanning
22:02:45.203 Disk 0 trace - called modules:
22:02:45.203 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spou.sys >>UNKNOWN [0x8a934938]<<
22:02:45.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]
22:02:45.203 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a8a2f18]
22:02:45.218 5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a8ec940]
22:02:48.906 AVAST engine scan C:\WINDOWS
22:03:37.359 AVAST engine scan C:\WINDOWS\system32
22:13:19.484 AVAST engine scan C:\WINDOWS\system32\drivers
22:14:03.171 AVAST engine scan C:\Dokumente und Einstellungen\Mone
22:33:34.859 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\MBR.dat"
22:33:34.906 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\aswMBR.txt"
Geändert von mobo6new (01.04.2012 um 21:34 Uhr) |
|
02.04.2012, 11:20
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner & Windows Security Center Trojaner GMER ging nicht? Wenn ja ein kurzer Hinweis warum du das Log nicht gepostet hast wäre schön gewesen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2012, 15:04
| #23 |
| | Gema Trojaner & Windows Security Center Trojaner Hallo tut mir leid ist untergegeangen.GMER hat nicht funktioniert leider.Gruß |
|
02.04.2012, 15:38
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Gema Trojaner & Windows Security Center Trojaner Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2012, 22:01
| #25 |
| | Gema Trojaner & Windows Security Center Trojaner hi arne sorry das ich mich so lange nicht gemeldet habe. mein computer ist leider totaler schrott musste mir nen neuen zulegen.ich danke dir ganz herzlich für die hilfestellung.schönen abend wünsch ich dir noch |
|
| Themen zu Gema Trojaner & Windows Security Center Trojaner |
| abgesicherte, abgesicherten, blöden, compu, dankbar, forum, gestartet, malwarebytes, modus, programmier, pum.disabled.securitycenter, runtergeladen, sache, sachen, schließe, security, task-manager, troja, trojan.ransomp.gen, trojaner, windows, windows security center |
Linear-Darstellung
