| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bei Download....warten auf www.google.com- in FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2012, 19:54
| #1 |
 |  Bei Download....warten auf www.google.com- in Firefox Hallo, wer kann mir bitte helfen. Eine bekannte von mir hat (wiedermal) ein PC Problem- wenn sie in dem von ihr verwendeten Browser etwas downloaden will, kommt unten links "warten auf www.google.com" (egal bei welchem Hoster man downloaden will)- will man mit der Maus zu dieser Meldung, springt diese nach rechts- will man dort hin, springt sie wieder nach links........ Ich habe mich schon im Internet umgesehen, aber noch nicht wirklich eine Lösung gefunden. Wenn mir jemand einen Hinweis geben könnte, wäre das echt toll. Danke! CU Semaphore  |
|
22.03.2012, 20:01
| #2 |
| /// Malware-holic   |  Bei Download....warten auf www.google.com- in Firefox hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
22.03.2012, 20:05
| #3 |
| | Bei Download....warten auf www.google.com- in Firefox Ok, danke, dachte nicht, dass das so schnell geht mit der Antwort!!! =) Bin am Samstag bei ihr und dann poste ich das..........................................
__________________ |
|
22.03.2012, 20:10
| #4 |
| /// Malware-holic | Bei Download....warten auf www.google.com- in Firefox naja, antworten werden schnellstmöglich gegeben, jetzt ist grad n bissel luft, also gehts auch schneller :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.03.2012, 17:44
| #5 |
| | Bei Download....warten auf www.google.com- in Firefox Sodala, ich habs! Bitte um Hilfe Markus! Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2012 16:05:14 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Terrorpc\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,44 Mb Total Physical Memory | 682,22 Mb Available Physical Memory | 67,18% Memory free
2,39 Gb Paging File | 2,07 Gb Available in Paging File | 86,85% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 9,49 Gb Free Space | 32,39% Space Free | Partition Type: NTFS
Drive D: | 7,97 Gb Total Space | 7,92 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive G: | 7,48 Gb Total Space | 2,53 Gb Free Space | 33,87% Space Free | Partition Type: FAT32
Computer Name: CHAOSPC | User Name: Terrorpc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\temp\Installer.exe" = C:\WINDOWS\temp\Installer.exe:*:Enabled:Breitband-Internet-Installation -- (mquadr.at software engineering & consulting GmbH - Web: hxxp://www.mquadr.at - Mail: office@mquadr.at)
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:Controller -- (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{93B12A27-25B5-4A0C-9601-CDF7FE495E12}_is1" = Tetris Unlimited 0.5.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{C7E1449D-7638-6832-426D-589655951031}" = Nero 7 Demo
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Controller" = Controller
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Patiencen150_2" = Patiencen150_2
"Spyware Doctor" = Spyware Doctor 8.0
"TeamViewer 7" = TeamViewer 7
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OnlineFestplatte" = aon Online Festplatte (entfernen)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.02.2012 03:12:24 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1324) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 18.02.2012 04:11:38 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1324) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 20.02.2012 02:21:32 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1324) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 26.02.2012 04:09:46 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 29.02.2012 03:25:36 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 07.03.2012 02:59:11 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 08.03.2012 10:02:44 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 09.03.2012 00:49:22 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 09.03.2012 04:45:36 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 10.03.2012 00:52:06 | Computer Name = CHAOSPC | Source = ESENT | ID = 490
Description = svchost (1316) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
[ System Events ]
Error - 17.03.2012 11:19:12 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
Error - 17.03.2012 11:19:14 | Computer Name = CHAOSPC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17.03.2012 11:22:36 | Computer Name = CHAOSPC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 17.03.2012 11:28:35 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 17.03.2012 11:47:35 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 18.03.2012 03:35:28 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 19.03.2012 02:37:00 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 20.03.2012 06:07:31 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 22.03.2012 03:12:20 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 24.03.2012 11:04:11 | Computer Name = CHAOSPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
< End of report >
OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2012 16:05:14 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Dokumente und Einstellungen\Terrorpc\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,44 Mb Total Physical Memory | 682,22 Mb Available Physical Memory | 67,18% Memory free 2,39 Gb Paging File | 2,07 Gb Available in Paging File | 86,85% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 9,49 Gb Free Space | 32,39% Space Free | Partition Type: NTFS Drive D: | 7,97 Gb Total Space | 7,92 Gb Free Space | 99,46% Space Free | Partition Type: NTFS Drive G: | 7,48 Gb Total Space | 2,53 Gb Free Space | 33,87% Space Free | Partition Type: FAT32 Computer Name: CHAOSPC | User Name: Terrorpc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.22 20:09:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Terrorpc\Desktop\OTL.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.14 12:59:19 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe PRC - [2011.12.14 12:41:55 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe PRC - [2011.07.28 08:45:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.04.08 11:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.04.23 05:47:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.04.23 05:46:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.01.25 14:26:00 | 000,253,976 | ---- | M] (Telekom Austria TA AG) -- C:\Programme\aon\OnlineFestplatte\OnlineFestplatte.exe PRC - [2005.10.28 15:25:44 | 000,094,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003.07.30 08:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMTray.exe PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR1\RarExt.dll MOD - [2010.01.28 12:59:50 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.04.16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2004.08.03 23:57:26 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.07.28 08:45:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010.03.15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass) DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.11.11 15:24:56 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011.07.28 08:45:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.28 08:45:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.12.10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010.07.16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.29 15:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2005.04.05 15:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://suche.aon.at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.telekom.at/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.at/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.22 16:58:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.03 13:26:53 | 000,000,000 | ---D | M] [2011.07.27 11:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Terrorpc\Anwendungsdaten\Mozilla\Extensions [2012.01.06 13:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Terrorpc\Anwendungsdaten\Mozilla\Firefox\Profiles\rrcp37ph.default\extensions [2012.03.22 16:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TERRORPC\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RRCP37PH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\TERRORPC\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\RRCP37PH.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2011.08.03 13:26:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.08.03 13:26:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.16 06:31:36 | 000,001,395 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 149.5.18.172 www.google-analytics.com. O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net. O1 - Hosts: 149.5.18.172 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [OnlineFestplatte] C:\Programme\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG) O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Terrorpc\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2622376-BCE9-4045-B82E-66ABE30D0677}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Terrorpc\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Terrorpc\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.09.11 08:49:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - Unable to obtain root file information for disk G:\ O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Terrorpc^Startmenü^Programme^Autostart^0.17188349158909133h7i.exe.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Terrorpc^Startmenü^Programme^Autostart^0.40233904012245303.exe.lnk - - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.24 16:03:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Terrorpc\Desktop\OTL.exe [2012.03.01 14:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Terrorpc\Desktop\bilder [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.24 15:58:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.24 15:58:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.22 20:09:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Terrorpc\Desktop\OTL.exe [2012.03.22 16:58:53 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk [2012.03.17 16:48:21 | 001,700,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Terrorpc\Desktop\Desktophintergrund.odt [2012.03.17 16:27:51 | 000,316,924 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.17 16:27:51 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.17 16:27:51 | 000,048,354 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.17 16:27:51 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.17 16:24:03 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2012.03.16 06:31:36 | 000,001,395 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.22 16:58:53 | 000,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Mozilla Firefox.lnk [2012.03.22 16:58:53 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk [2012.03.17 16:48:17 | 001,700,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Terrorpc\Desktop\Desktophintergrund.odt [2011.12.09 05:53:54 | 000,016,088 | -HS- | C] () -- C:\Dokumente und Einstellungen\Terrorpc\Lokale Einstellungen\Anwendungsdaten\g5200juq3snssb4v8khrt380o886ryt [2011.12.09 05:53:54 | 000,016,088 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\g5200juq3snssb4v8khrt380o886ryt [2011.09.25 12:15:18 | 000,004,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Terrorpc\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.18 13:32:19 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011.08.02 11:54:45 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011.08.02 10:50:47 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.08.02 10:50:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.07.31 16:13:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011.07.27 11:52:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2011.07.27 11:49:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.07.27 11:48:13 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.07.27 11:35:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.07.27 11:10:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll [2011.07.27 10:54:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.07.27 10:47:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== LOP Check ========== [2011.12.11 13:52:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\iK02401PfOpH02401 [2011.07.27 11:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\m2backup [2011.07.27 11:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\mquadr.at [2011.08.02 11:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\ScanSoft [2011.12.11 14:17:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP [2011.07.27 11:27:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{783529ED-FB56-4E47-9A20-F9C23D22C2D0} [2011.07.27 11:29:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{8AF9D3CF-B9B5-4F8E-B47F-D26DF984D190} [2011.07.27 11:28:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14} [2011.07.27 11:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Terrorpc\Anwendungsdaten\mquadr.at [2011.07.31 14:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Terrorpc\Anwendungsdaten\OpenOffice.org [2011.12.27 13:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Terrorpc\Anwendungsdaten\TeamViewer [2011.12.11 15:21:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Terrorpc\Anwendungsdaten\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.10 14:23:29 | 000,000,000 | -H-D | M] -- C:\$AVG8.VAULT$ [2011.12.11 13:23:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012.03.18 09:18:36 | 000,000,000 | ---D | M] -- C:\Foto [2011.07.27 11:26:55 | 000,000,000 | ---D | M] -- C:\HP dc7100 [2009.09.20 16:00:57 | 000,000,000 | ---D | M] -- C:\kav [2009.09.11 10:16:45 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.03 17:03:29 | 000,000,000 | R--D | M] -- C:\Programme [2008.04.14 06:51:54 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2012.03.17 16:20:06 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011.01.16 17:47:48 | 000,000,000 | ---D | M] -- C:\sh4ldr [2011.11.13 19:30:38 | 000,000,000 | ---D | M] -- C:\sirup und gelee [2011.07.27 11:27:39 | 000,000,000 | ---D | M] -- C:\SOFTWARE (free) [2011.07.27 11:24:09 | 000,000,000 | ---D | M] -- C:\swsetup [2012.03.21 18:53:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.11 16:50:16 | 000,000,000 | ---D | M] -- C:\test [2011.12.27 17:25:16 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: NETLOGON.DLL > [2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll [2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll [2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 11:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2011.07.27 12:47:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2011.07.27 12:47:28 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2011.07.27 12:47:28 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.07.31 16:20:01 | 000,000,141 | ---- | M] () -- C:\Dokumente und Einstellungen\Terrorpc\default.pls [2012.03.22 17:09:20 | 003,145,728 | -H-- | M] () -- C:\Dokumente und Einstellungen\Terrorpc\NTUSER.DAT [2012.03.24 16:10:33 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Terrorpc\ntuser.dat.LOG [2012.03.22 17:09:07 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Terrorpc\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2004.08.03 23:46:24 | 001,836,032 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > DANKEEEEEEEEEEEE  |
|
24.03.2012, 18:32
| #6 |
| /// Malware-holic | Bei Download....warten auf www.google.com- in FirefoxCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> Bei Download....warten auf www.google.com- in Firefox |
|
24.03.2012, 20:27
| #7 |
| | Bei Download....warten auf www.google.com- in Firefox Werde ich Morgen machen, Danke! |
|
26.03.2012, 17:16
| #8 |
| | Bei Download....warten auf www.google.com- in Firefox Combofix Logfile: Code:
ATTFilter ComboFix 12-03-22.01 - Terrorpc 26.03.2012 17:56:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1015.674 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Terrorpc\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP
c:\programme\winrar1
c:\programme\winrar1\Default.SFX
c:\programme\winrar1\Descript.ion
c:\programme\winrar1\File_Id.diz
c:\programme\winrar1\Formats\7z.fmt
c:\programme\winrar1\Formats\7zxa.dll
c:\programme\winrar1\Formats\ace.fmt
c:\programme\winrar1\Formats\arj.fmt
c:\programme\winrar1\Formats\bz2.fmt
c:\programme\winrar1\Formats\cab.fmt
c:\programme\winrar1\Formats\gz.fmt
c:\programme\winrar1\Formats\iso.fmt
c:\programme\winrar1\Formats\lzh.fmt
c:\programme\winrar1\Formats\tar.fmt
c:\programme\winrar1\Formats\UNACEV2.DLL
c:\programme\winrar1\Formats\uue.fmt
c:\programme\winrar1\Formats\z.fmt
c:\programme\winrar1\License.txt
c:\programme\winrar1\Order.htm
c:\programme\winrar1\Rar.exe
c:\programme\winrar1\rar.lng
c:\programme\winrar1\Rar.txt
c:\programme\winrar1\RarExt.dll
c:\programme\winrar1\rarext.lng
c:\programme\winrar1\RarExt64.dll
c:\programme\winrar1\RarFiles.lst
c:\programme\winrar1\rarnew.dat
c:\programme\winrar1\ReadMe.txt
c:\programme\winrar1\TechNote.txt
c:\programme\winrar1\Uninstall.exe
c:\programme\winrar1\uninstall.lng
c:\programme\winrar1\Uninstall.lst
c:\programme\winrar1\UnRAR.exe
c:\programme\winrar1\UnrarSrc.txt
c:\programme\winrar1\WhatsNew.txt
c:\programme\winrar1\WinCon.SFX
c:\programme\winrar1\WinRAR.chm
c:\programme\winrar1\WinRAR.exe
c:\programme\winrar1\winrar.lng
c:\programme\winrar1\Zip.SFX
c:\programme\winrar1\zipnew.dat
C:\Recycle.Bin
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-26 bis 2012-03-26 ))))))))))))))))))))))))))))))
.
.
2012-03-21 07:17 . 2012-03-21 07:17 -------- d-----w- c:\dokumente und einstellungen\NetworkService.NT-AUTORITÄT\Anwendungsdaten\McAfee
2012-03-17 14:59 . 2012-03-17 14:59 -------- d-----w- c:\dokumente und einstellungen\Administrator.CHAOSPC\Anwendungsdaten\Avira
2012-03-17 14:59 . 2012-03-17 14:59 -------- d-----w- c:\dokumente und einstellungen\Administrator.CHAOSPC\Lokale Einstellungen\Anwendungsdaten\Ahead
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-13 04:38 . 2012-03-22 15:58 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnlineFestplatte"="c:\programme\aon\Onlinefestplatte\OnlineFestplatte.exe" [2008-01-25 253976]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\programme\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\dokumente und einstellungen\Terrorpc\Startmenü\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\dokumente und einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Terrorpc^Startmenü^Programme^Autostart^0.17188349158909133h7i.exe.lnk]
path=c:\dokumente und einstellungen\Terrorpc\Startmenü\Programme\Autostart\0.17188349158909133h7i.exe.lnk
backup=c:\windows\pss\0.17188349158909133h7i.exe.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Terrorpc^Startmenü^Programme^Autostart^0.40233904012245303.exe.lnk]
path=c:\dokumente und einstellungen\Terrorpc\Startmenü\Programme\Autostart\0.40233904012245303.exe.lnk
backup=c:\windows\pss\0.40233904012245303.exe.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\aon\\aonController\\aonController.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11.12.2011 14:31 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11.12.2011 14:31 338880]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.01.2011 16:57 136360]
R2 TeamViewer7;TeamViewer 7;c:\programme\TeamViewer\Version7\TeamViewer_Service.exe [27.12.2011 14:20 2984832]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [27.12.2011 14:20 25088]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\PC Tools Security\pctsAuxs.exe [11.12.2011 14:31 366840]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.telekom.at/
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\dokumente und einstellungen\Terrorpc\Anwendungsdaten\Mozilla\Firefox\Profiles\rrcp37ph.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-WinRAR archiver - c:\programme\WinRAR1\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-26 18:03
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(920)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
.
Zeit der Fertigstellung: 2012-03-26 18:05:43
ComboFix-quarantined-files.txt 2012-03-26 16:05
.
Vor Suchlauf: 12 Verzeichnis(se), 10.455.142.400 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 11.602.952.192 Bytes frei
.
- - End Of File - - 33CD0C14FE2A3D40983D76FA42C974EE
|
|
26.03.2012, 17:21
| #9 |
| /// Malware-holic | Bei Download....warten auf www.google.com- in Firefox tdss killer nutzen, log bitte posten http://www.trojaner-board.de/82358-t...entfernen.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 17:28
| #10 |
| | Bei Download....warten auf www.google.com- in Firefox Virus.Win32.Winloader.a Cure, Copy to Quarantine Skip???? 18:26:38.0828 3944 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 18:26:39.0015 3944 ============================================================ 18:26:39.0015 3944 Current date / time: 2012/03/26 18:26:39.0015 18:26:39.0015 3944 SystemInfo: 18:26:39.0015 3944 18:26:39.0015 3944 OS Version: 5.1.2600 ServicePack: 2.0 18:26:39.0015 3944 Product type: Workstation 18:26:39.0015 3944 ComputerName: CHAOSPC 18:26:39.0015 3944 UserName: Terrorpc 18:26:39.0015 3944 Windows directory: C:\WINDOWS 18:26:39.0015 3944 System windows directory: C:\WINDOWS 18:26:39.0015 3944 Processor architecture: Intel x86 18:26:39.0015 3944 Number of processors: 1 18:26:39.0015 3944 Page size: 0x1000 18:26:39.0015 3944 Boot type: Normal boot 18:26:39.0015 3944 ============================================================ 18:26:40.0265 3944 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:26:40.0359 3944 \Device\Harddisk0\DR0: 18:26:40.0359 3944 MBR used 18:26:40.0359 3944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1 18:26:40.0375 3944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xFEEFD1 18:26:40.0453 3944 Initialize success 18:26:40.0453 3944 ============================================================ 18:26:43.0203 3988 ============================================================ 18:26:43.0203 3988 Scan started 18:26:43.0203 3988 Mode: Manual; 18:26:43.0203 3988 ============================================================ 18:26:43.0781 3988 Abiosdsk - ok 18:26:43.0796 3988 abp480n5 - ok 18:26:43.0843 3988 ACPI (7c8e7b37a15b6fbbc46c44cb9271712e) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:26:43.0843 3988 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 7c8e7b37a15b6fbbc46c44cb9271712e, Fake md5: 94b4741d2cf9ed38140b831293d1601a 18:26:43.0843 3988 ACPI ( Virus.Win32.Rloader.a ) - infected 18:26:43.0843 3988 ACPI - detected Virus.Win32.Rloader.a (0) 18:26:43.0984 3988 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:26:43.0984 3988 ACPIEC - ok 18:26:44.0062 3988 adpu160m - ok 18:26:44.0109 3988 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys 18:26:44.0109 3988 aeaudio - ok 18:26:44.0156 3988 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 18:26:44.0156 3988 aec - ok 18:26:44.0281 3988 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 18:26:44.0281 3988 AFD - ok 18:26:44.0296 3988 Aha154x - ok 18:26:44.0328 3988 aic78u2 - ok 18:26:44.0343 3988 aic78xx - ok 18:26:44.0375 3988 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll 18:26:44.0375 3988 Alerter - ok 18:26:44.0515 3988 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe 18:26:44.0515 3988 ALG - ok 18:26:44.0546 3988 AliIde - ok 18:26:44.0578 3988 amsint - ok 18:26:44.0656 3988 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 18:26:44.0656 3988 AntiVirSchedulerService - ok 18:26:44.0703 3988 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 18:26:44.0703 3988 AntiVirService - ok 18:26:44.0796 3988 AppMgmt (becd5328e7869807d6557be4fe60c72f) C:\WINDOWS\System32\appmgmts.dll 18:26:44.0796 3988 AppMgmt - ok 18:26:45.0078 3988 asc - ok 18:26:45.0140 3988 asc3350p - ok 18:26:45.0156 3988 asc3550 - ok 18:26:45.0187 3988 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:26:45.0187 3988 AsyncMac - ok 18:26:45.0281 3988 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:26:45.0281 3988 atapi - ok 18:26:45.0359 3988 Atdisk - ok 18:26:45.0406 3988 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:26:45.0406 3988 Atmarpc - ok 18:26:45.0484 3988 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll 18:26:45.0484 3988 AudioSrv - ok 18:26:45.0578 3988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:26:45.0578 3988 audstub - ok 18:26:45.0640 3988 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 18:26:45.0640 3988 avgio - ok 18:26:45.0734 3988 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:26:45.0734 3988 avgntflt - ok 18:26:45.0781 3988 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:26:45.0781 3988 avipbb - ok 18:26:45.0953 3988 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 18:26:45.0953 3988 b57w2k - ok 18:26:46.0046 3988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:26:46.0046 3988 Beep - ok 18:26:46.0093 3988 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll 18:26:46.0140 3988 BITS - ok 18:26:46.0218 3988 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll 18:26:46.0218 3988 Browser - ok 18:26:46.0265 3988 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 18:26:46.0265 3988 BrScnUsb - ok 18:26:46.0343 3988 catchme - ok 18:26:46.0437 3988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:26:46.0437 3988 cbidf2k - ok 18:26:46.0453 3988 cd20xrnt - ok 18:26:46.0515 3988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:26:46.0515 3988 Cdaudio - ok 18:26:46.0640 3988 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 18:26:46.0640 3988 Cdfs - ok 18:26:46.0703 3988 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:26:46.0703 3988 Cdrom - ok 18:26:46.0781 3988 Changer - ok 18:26:46.0812 3988 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe 18:26:46.0812 3988 CiSvc - ok 18:26:46.0937 3988 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe 18:26:46.0937 3988 ClipSrv - ok 18:26:46.0984 3988 CmdIde - ok 18:26:47.0046 3988 COMSysApp - ok 18:26:47.0140 3988 Cpqarray - ok 18:26:47.0203 3988 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll 18:26:47.0203 3988 CryptSvc - ok 18:26:47.0281 3988 dac2w2k - ok 18:26:47.0359 3988 dac960nt - ok 18:26:47.0406 3988 DcomLaunch (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll 18:26:47.0421 3988 DcomLaunch - ok 18:26:47.0468 3988 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll 18:26:47.0468 3988 Dhcp - ok 18:26:47.0562 3988 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 18:26:47.0578 3988 Disk - ok 18:26:47.0593 3988 dmadmin - ok 18:26:47.0750 3988 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 18:26:47.0781 3988 dmboot - ok 18:26:47.0890 3988 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 18:26:47.0890 3988 dmio - ok 18:26:48.0031 3988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:26:48.0031 3988 dmload - ok 18:26:48.0078 3988 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll 18:26:48.0078 3988 dmserver - ok 18:26:48.0187 3988 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 18:26:48.0187 3988 DMusic - ok 18:26:48.0250 3988 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll 18:26:48.0250 3988 Dnscache - ok 18:26:48.0328 3988 dpti2o - ok 18:26:48.0375 3988 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 18:26:48.0390 3988 drmkaud - ok 18:26:48.0484 3988 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll 18:26:48.0484 3988 ERSvc - ok 18:26:48.0531 3988 Eventlog (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe 18:26:48.0546 3988 Eventlog - ok 18:26:48.0656 3988 EventSystem (4e1a8645ee77cb9454ffe53c59620a25) C:\WINDOWS\system32\es.dll 18:26:48.0656 3988 EventSystem - ok 18:26:48.0703 3988 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 18:26:48.0703 3988 Fastfat - ok 18:26:48.0812 3988 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 18:26:48.0812 3988 FastUserSwitchingCompatibility - ok 18:26:48.0859 3988 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:26:48.0859 3988 Fdc - ok 18:26:49.0000 3988 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 18:26:49.0000 3988 Fips - ok 18:26:49.0046 3988 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:26:49.0046 3988 Flpydisk - ok 18:26:49.0156 3988 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:26:49.0156 3988 FltMgr - ok 18:26:49.0234 3988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:26:49.0234 3988 Fs_Rec - ok 18:26:49.0328 3988 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:26:49.0328 3988 Ftdisk - ok 18:26:49.0390 3988 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:26:49.0390 3988 Gpc - ok 18:26:49.0468 3988 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:26:49.0468 3988 helpsvc - ok 18:26:49.0515 3988 HidServ - ok 18:26:49.0578 3988 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:26:49.0578 3988 hidusb - ok 18:26:49.0656 3988 hpn - ok 18:26:49.0687 3988 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 18:26:49.0703 3988 HTTP - ok 18:26:49.0781 3988 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll 18:26:49.0781 3988 HTTPFilter - ok 18:26:49.0828 3988 i2omgmt - ok 18:26:49.0843 3988 i2omp - ok 18:26:49.0875 3988 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:26:49.0875 3988 i8042prt - ok 18:26:50.0031 3988 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 18:26:50.0046 3988 ialm - ok 18:26:50.0218 3988 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:26:50.0218 3988 Imapi - ok 18:26:50.0265 3988 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe 18:26:50.0265 3988 ImapiService - ok 18:26:50.0343 3988 InCDFs - ok 18:26:50.0375 3988 InCDPass - ok 18:26:50.0390 3988 InCDRm - ok 18:26:50.0406 3988 ini910u - ok 18:26:50.0453 3988 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:26:50.0453 3988 IntelIde - ok 18:26:50.0562 3988 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:26:50.0578 3988 intelppm - ok 18:26:50.0593 3988 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:26:50.0609 3988 Ip6Fw - ok 18:26:50.0703 3988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:26:50.0703 3988 IpFilterDriver - ok 18:26:50.0750 3988 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:26:50.0750 3988 IpInIp - ok 18:26:50.0828 3988 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:26:50.0828 3988 IpNat - ok 18:26:50.0875 3988 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:26:50.0875 3988 IPSec - ok 18:26:51.0015 3988 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:26:51.0015 3988 IRENUM - ok 18:26:51.0078 3988 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:26:51.0093 3988 isapnp - ok 18:26:51.0218 3988 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Programme\Java\jre6\bin\jqs.exe 18:26:51.0218 3988 JavaQuickStarterService - ok 18:26:51.0296 3988 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:26:51.0296 3988 Kbdclass - ok 18:26:51.0343 3988 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 18:26:51.0359 3988 kmixer - ok 18:26:51.0453 3988 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 18:26:51.0468 3988 KSecDD - ok 18:26:51.0500 3988 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll 18:26:51.0500 3988 lanmanserver - ok 18:26:51.0609 3988 lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll 18:26:51.0609 3988 lanmanworkstation - ok 18:26:51.0656 3988 lbrtfdc - ok 18:26:51.0765 3988 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll 18:26:51.0765 3988 LmHosts - ok 18:26:51.0890 3988 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe 18:26:51.0906 3988 McComponentHostService - ok 18:26:52.0031 3988 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll 18:26:52.0031 3988 Messenger - ok 18:26:52.0125 3988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:26:52.0125 3988 mnmdd - ok 18:26:52.0218 3988 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe 18:26:52.0218 3988 mnmsrvc - ok 18:26:52.0281 3988 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 18:26:52.0281 3988 Modem - ok 18:26:52.0375 3988 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:26:52.0375 3988 Mouclass - ok 18:26:52.0421 3988 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:26:52.0421 3988 mouhid - ok 18:26:52.0500 3988 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 18:26:52.0500 3988 MountMgr - ok 18:26:52.0546 3988 mraid35x - ok 18:26:52.0578 3988 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:26:52.0593 3988 MRxDAV - ok 18:26:52.0687 3988 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:26:52.0703 3988 MRxSmb - ok 18:26:52.0750 3988 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe 18:26:52.0750 3988 MSDTC - ok 18:26:52.0859 3988 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 18:26:52.0859 3988 Msfs - ok 18:26:52.0859 3988 MSIServer - ok 18:26:52.0921 3988 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:26:52.0968 3988 MSKSSRV - ok 18:26:53.0078 3988 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:26:53.0078 3988 MSPCLOCK - ok 18:26:53.0125 3988 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 18:26:53.0125 3988 MSPQM - ok 18:26:53.0218 3988 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:26:53.0218 3988 mssmbios - ok 18:26:53.0265 3988 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 18:26:53.0265 3988 Mup - ok 18:26:53.0390 3988 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 18:26:53.0390 3988 NDIS - ok 18:26:53.0437 3988 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:26:53.0437 3988 NdisTapi - ok 18:26:53.0531 3988 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:26:53.0531 3988 Ndisuio - ok 18:26:53.0609 3988 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:26:53.0625 3988 NdisWan - ok 18:26:53.0687 3988 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 18:26:53.0687 3988 NDProxy - ok 18:26:53.0750 3988 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:26:53.0750 3988 NetBIOS - ok 18:26:53.0859 3988 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:26:53.0875 3988 NetBT - ok 18:26:53.0906 3988 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 18:26:53.0921 3988 NetDDE - ok 18:26:53.0921 3988 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 18:26:53.0921 3988 NetDDEdsdm - ok 18:26:54.0031 3988 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:26:54.0031 3988 Netlogon - ok 18:26:54.0078 3988 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll 18:26:54.0078 3988 Netman - ok 18:26:54.0171 3988 Nla (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll 18:26:54.0187 3988 Nla - ok 18:26:54.0265 3988 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 18:26:54.0265 3988 Npfs - ok 18:26:54.0375 3988 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 18:26:54.0390 3988 Ntfs - ok 18:26:54.0484 3988 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:26:54.0484 3988 NtLmSsp - ok 18:26:54.0546 3988 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll 18:26:54.0562 3988 NtmsSvc - ok 18:26:54.0656 3988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:26:54.0656 3988 Null - ok 18:26:54.0703 3988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:26:54.0703 3988 NwlnkFlt - ok 18:26:54.0812 3988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:26:54.0812 3988 NwlnkFwd - ok 18:26:54.0875 3988 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 18:26:54.0875 3988 Parport - ok 18:26:54.0968 3988 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 18:26:54.0968 3988 PartMgr - ok 18:26:55.0015 3988 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 18:26:55.0015 3988 ParVdm - ok 18:26:55.0062 3988 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 18:26:55.0062 3988 PCI - ok 18:26:55.0140 3988 PCIDump - ok 18:26:55.0203 3988 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:26:55.0203 3988 PCIIde - ok 18:26:55.0296 3988 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:26:55.0296 3988 Pcmcia - ok 18:26:55.0421 3988 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys 18:26:55.0421 3988 PCTCore - ok 18:26:55.0468 3988 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys 18:26:55.0484 3988 pctDS - ok 18:26:55.0562 3988 PDCOMP - ok 18:26:55.0609 3988 PDFRAME - ok 18:26:55.0625 3988 PDRELI - ok 18:26:55.0640 3988 PDRFRAME - ok 18:26:55.0656 3988 perc2 - ok 18:26:55.0671 3988 perc2hib - ok 18:26:55.0750 3988 PlugPlay (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe 18:26:55.0750 3988 PlugPlay - ok 18:26:55.0890 3988 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:26:55.0890 3988 PolicyAgent - ok 18:26:55.0953 3988 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:26:55.0953 3988 PptpMiniport - ok 18:26:56.0046 3988 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:26:56.0046 3988 ProtectedStorage - ok 18:26:56.0156 3988 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 18:26:56.0156 3988 PSched - ok 18:26:56.0250 3988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:26:56.0250 3988 Ptilink - ok 18:26:56.0265 3988 ql1080 - ok 18:26:56.0296 3988 Ql10wnt - ok 18:26:56.0312 3988 ql12160 - ok 18:26:56.0328 3988 ql1240 - ok 18:26:56.0328 3988 ql1280 - ok 18:26:56.0359 3988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:26:56.0375 3988 RasAcd - ok 18:26:56.0421 3988 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll 18:26:56.0421 3988 RasAuto - ok 18:26:56.0531 3988 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:26:56.0531 3988 Rasl2tp - ok 18:26:56.0609 3988 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll 18:26:56.0609 3988 RasMan - ok 18:26:56.0718 3988 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:26:56.0718 3988 RasPppoe - ok 18:26:56.0765 3988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:26:56.0765 3988 Raspti - ok 18:26:56.0890 3988 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:26:56.0906 3988 Rdbss - ok 18:26:57.0000 3988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:26:57.0000 3988 RDPCDD - ok 18:26:57.0062 3988 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:26:57.0062 3988 rdpdr - ok 18:26:57.0218 3988 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 18:26:57.0218 3988 RDPWD - ok 18:26:57.0328 3988 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe 18:26:57.0328 3988 RDSessMgr - ok 18:26:57.0390 3988 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:26:57.0390 3988 redbook - ok 18:26:57.0500 3988 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll 18:26:57.0500 3988 RemoteAccess - ok 18:26:57.0546 3988 RemoteRegistry (ae81cf7d7cfa79cd03e8fb99788a7e09) C:\WINDOWS\system32\regsvc.dll 18:26:57.0546 3988 RemoteRegistry - ok 18:26:57.0656 3988 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe 18:26:57.0656 3988 RpcLocator - ok 18:26:57.0718 3988 RpcSs (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\System32\rpcss.dll 18:26:57.0718 3988 RpcSs - ok 18:26:57.0812 3988 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 18:26:57.0828 3988 RSVP - ok 18:26:57.0859 3988 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:26:57.0859 3988 SamSs - ok 18:26:57.0968 3988 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe 18:26:57.0968 3988 SCardSvr - ok 18:26:58.0031 3988 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll 18:26:58.0031 3988 Schedule - ok 18:26:58.0109 3988 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Programme\PC Tools Security\pctsAuxs.exe 18:26:58.0171 3988 sdAuxService - ok 18:26:58.0234 3988 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Programme\PC Tools Security\pctsSvc.exe 18:26:58.0265 3988 sdCoreService - ok 18:26:58.0359 3988 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:26:58.0359 3988 Secdrv - ok 18:26:58.0421 3988 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll 18:26:58.0421 3988 seclogon - ok 18:26:58.0500 3988 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll 18:26:58.0500 3988 SENS - ok 18:26:58.0593 3988 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 18:26:58.0593 3988 serenum - ok 18:26:58.0703 3988 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 18:26:58.0703 3988 Serial - ok 18:26:58.0750 3988 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:26:58.0750 3988 Sfloppy - ok 18:26:58.0812 3988 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll 18:26:58.0812 3988 SharedAccess - ok 18:26:58.0906 3988 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 18:26:58.0921 3988 ShellHWDetection - ok 18:26:58.0937 3988 Simbad - ok 18:26:59.0093 3988 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys 18:26:59.0109 3988 smwdm - ok 18:26:59.0187 3988 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe 18:26:59.0187 3988 SoundMAX Agent Service (default) - ok 18:26:59.0265 3988 Sparrow - ok 18:26:59.0312 3988 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 18:26:59.0312 3988 splitter - ok 18:26:59.0343 3988 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe 18:26:59.0343 3988 Spooler - ok 18:26:59.0437 3988 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 18:26:59.0453 3988 sr - ok 18:26:59.0484 3988 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll 18:26:59.0484 3988 srservice - ok 18:26:59.0593 3988 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 18:26:59.0640 3988 Srv - ok 18:26:59.0734 3988 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll 18:26:59.0750 3988 SSDPSRV - ok 18:26:59.0828 3988 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 18:26:59.0828 3988 ssmdrv - ok 18:26:59.0937 3988 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll 18:26:59.0953 3988 stisvc - ok 18:27:00.0046 3988 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:27:00.0046 3988 swenum - ok 18:27:00.0140 3988 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 18:27:00.0140 3988 swmidi - ok 18:27:00.0187 3988 SwPrv - ok 18:27:00.0203 3988 symc810 - ok 18:27:00.0218 3988 symc8xx - ok 18:27:00.0234 3988 sym_hi - ok 18:27:00.0250 3988 sym_u3 - ok 18:27:00.0281 3988 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 18:27:00.0281 3988 sysaudio - ok 18:27:00.0375 3988 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe 18:27:00.0375 3988 SysmonLog - ok 18:27:00.0421 3988 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll 18:27:00.0421 3988 TapiSrv - ok 18:27:00.0515 3988 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:27:00.0531 3988 Tcpip - ok 18:27:00.0625 3988 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:27:00.0625 3988 TDPIPE - ok 18:27:00.0656 3988 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 18:27:00.0656 3988 TDTCP - ok 18:27:00.0906 3988 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe 18:27:00.0921 3988 TeamViewer7 - ok 18:27:01.0046 3988 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 18:27:01.0046 3988 teamviewervpn - ok 18:27:01.0078 3988 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:27:01.0093 3988 TermDD - ok 18:27:01.0187 3988 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll 18:27:01.0187 3988 TermService - ok 18:27:01.0234 3988 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 18:27:01.0250 3988 Themes - ok 18:27:01.0328 3988 TlntSvr (58708746b8267033e5cf2b29659e7f74) C:\WINDOWS\system32\tlntsvr.exe 18:27:01.0328 3988 TlntSvr - ok 18:27:01.0406 3988 TosIde - ok 18:27:01.0453 3988 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll 18:27:01.0453 3988 TrkWks - ok 18:27:01.0578 3988 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 18:27:01.0593 3988 Udfs - ok 18:27:01.0625 3988 ultra - ok 18:27:01.0671 3988 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 18:27:01.0671 3988 Update - ok 18:27:01.0796 3988 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll 18:27:01.0796 3988 upnphost - ok 18:27:01.0890 3988 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe 18:27:01.0890 3988 UPS - ok 18:27:01.0968 3988 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:27:01.0968 3988 usbccgp - ok 18:27:02.0062 3988 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:27:02.0062 3988 usbehci - ok 18:27:02.0125 3988 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:27:02.0125 3988 usbhub - ok 18:27:02.0234 3988 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:27:02.0234 3988 usbprint - ok 18:27:02.0281 3988 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:27:02.0281 3988 usbstor - ok 18:27:02.0375 3988 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:27:02.0375 3988 usbuhci - ok 18:27:02.0406 3988 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 18:27:02.0421 3988 VgaSave - ok 18:27:02.0500 3988 ViaIde - ok 18:27:02.0546 3988 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 18:27:02.0546 3988 VolSnap - ok 18:27:02.0593 3988 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe 18:27:02.0609 3988 VSS - ok 18:27:02.0687 3988 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll 18:27:02.0687 3988 W32Time - ok 18:27:02.0750 3988 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:27:02.0750 3988 Wanarp - ok 18:27:02.0843 3988 WDICA - ok 18:27:02.0937 3988 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 18:27:02.0937 3988 wdmaud - ok 18:27:03.0031 3988 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll 18:27:03.0031 3988 WebClient - ok 18:27:03.0109 3988 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll 18:27:03.0109 3988 winmgmt - ok 18:27:03.0187 3988 WmdmPmSN (d68cc4ebf7b03fd770d5962295ad814e) C:\WINDOWS\system32\mspmsnsv.dll 18:27:03.0187 3988 WmdmPmSN - ok 18:27:03.0296 3988 Wmi (9cbb06e4438d6a0d52a46e0b44796d37) C:\WINDOWS\System32\advapi32.dll 18:27:03.0312 3988 Wmi - ok 18:27:03.0390 3988 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 18:27:03.0390 3988 WmiAcpi - ok 18:27:03.0484 3988 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe 18:27:03.0484 3988 WmiApSrv - ok 18:27:03.0562 3988 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 18:27:03.0562 3988 WS2IFSL - ok 18:27:03.0640 3988 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll 18:27:03.0640 3988 wscsvc - ok 18:27:03.0718 3988 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll 18:27:03.0718 3988 wuauserv - ok 18:27:03.0796 3988 WZCSVC (eb52b74a5daadc2cca68b3e7d81007e6) C:\WINDOWS\System32\wzcsvc.dll 18:27:03.0812 3988 WZCSVC - ok 18:27:03.0953 3988 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll 18:27:03.0953 3988 xmlprov - ok 18:27:03.0984 3988 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 18:27:04.0125 3988 \Device\Harddisk0\DR0 - ok 18:27:04.0125 3988 Boot (0x1200) (fcc240d226e01033572f554bdcd67f18) \Device\Harddisk0\DR0\Partition0 18:27:04.0125 3988 \Device\Harddisk0\DR0\Partition0 - ok 18:27:04.0156 3988 Boot (0x1200) (c97c5f9c5adeb709bf39d5e19148b811) \Device\Harddisk0\DR0\Partition1 18:27:04.0156 3988 \Device\Harddisk0\DR0\Partition1 - ok 18:27:04.0218 3988 ============================================================ 18:27:04.0218 3988 Scan finished 18:27:04.0218 3988 ============================================================ 18:27:04.0250 3980 Detected object count: 1 18:27:04.0250 3980 Actual detected object count: 1 18:31:04.0328 3980 ACPI ( Virus.Win32.Rloader.a ) - skipped by user 18:31:04.0328 3980 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip |
|
26.03.2012, 17:43
| #11 |
| /// Malware-holic | Bei Download....warten auf www.google.com- in Firefox wähle mal copy to quarantine und starte dann neu und erstelle und poste ein neues tdss killer log bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 18:01
| #12 |
| | Bei Download....warten auf www.google.com- in Firefox 18:59:40.0171 3800 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 18:59:40.0312 3800 ============================================================ 18:59:40.0312 3800 Current date / time: 2012/03/26 18:59:40.0312 18:59:40.0312 3800 SystemInfo: 18:59:40.0312 3800 18:59:40.0312 3800 OS Version: 5.1.2600 ServicePack: 2.0 18:59:40.0312 3800 Product type: Workstation 18:59:40.0312 3800 ComputerName: CHAOSPC 18:59:40.0312 3800 UserName: Terrorpc 18:59:40.0312 3800 Windows directory: C:\WINDOWS 18:59:40.0312 3800 System windows directory: C:\WINDOWS 18:59:40.0312 3800 Processor architecture: Intel x86 18:59:40.0312 3800 Number of processors: 1 18:59:40.0312 3800 Page size: 0x1000 18:59:40.0312 3800 Boot type: Normal boot 18:59:40.0312 3800 ============================================================ 18:59:41.0984 3800 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 18:59:42.0062 3800 \Device\Harddisk0\DR0: 18:59:42.0062 3800 MBR used 18:59:42.0062 3800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A962B1 18:59:42.0093 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9632F, BlocksNum 0xFEEFD1 18:59:42.0171 3800 Initialize success 18:59:42.0171 3800 ============================================================ 18:59:45.0500 3852 ============================================================ 18:59:45.0500 3852 Scan started 18:59:45.0500 3852 Mode: Manual; 18:59:45.0500 3852 ============================================================ 18:59:46.0093 3852 Abiosdsk - ok 18:59:46.0109 3852 abp480n5 - ok 18:59:46.0296 3852 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:59:46.0296 3852 ACPI - ok 18:59:46.0453 3852 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:59:46.0453 3852 ACPIEC - ok 18:59:46.0515 3852 adpu160m - ok 18:59:46.0562 3852 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys 18:59:46.0578 3852 aeaudio - ok 18:59:46.0671 3852 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 18:59:46.0718 3852 aec - ok 18:59:46.0828 3852 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 18:59:46.0843 3852 AFD - ok 18:59:46.0906 3852 Aha154x - ok 18:59:46.0937 3852 aic78u2 - ok 18:59:47.0000 3852 aic78xx - ok 18:59:47.0046 3852 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll 18:59:47.0046 3852 Alerter - ok 18:59:47.0156 3852 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe 18:59:47.0156 3852 ALG - ok 18:59:47.0218 3852 AliIde - ok 18:59:47.0281 3852 amsint - ok 18:59:47.0375 3852 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe 18:59:47.0375 3852 AntiVirSchedulerService - ok 18:59:47.0406 3852 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe 18:59:47.0406 3852 AntiVirService - ok 18:59:47.0500 3852 AppMgmt (becd5328e7869807d6557be4fe60c72f) C:\WINDOWS\System32\appmgmts.dll 18:59:47.0515 3852 AppMgmt - ok 18:59:47.0578 3852 asc - ok 18:59:47.0625 3852 asc3350p - ok 18:59:47.0640 3852 asc3550 - ok 18:59:47.0671 3852 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:59:47.0687 3852 AsyncMac - ok 18:59:47.0750 3852 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:59:47.0750 3852 atapi - ok 18:59:47.0859 3852 Atdisk - ok 18:59:47.0921 3852 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:59:47.0937 3852 Atmarpc - ok 18:59:48.0015 3852 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll 18:59:48.0015 3852 AudioSrv - ok 18:59:48.0078 3852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:59:48.0078 3852 audstub - ok 18:59:48.0156 3852 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 18:59:48.0171 3852 avgio - ok 18:59:48.0265 3852 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 18:59:48.0281 3852 avgntflt - ok 18:59:48.0328 3852 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 18:59:48.0328 3852 avipbb - ok 18:59:48.0421 3852 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 18:59:48.0437 3852 b57w2k - ok 18:59:48.0484 3852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:59:48.0500 3852 Beep - ok 18:59:48.0593 3852 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll 18:59:48.0656 3852 BITS - ok 18:59:48.0750 3852 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll 18:59:48.0750 3852 Browser - ok 18:59:48.0796 3852 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys 18:59:48.0796 3852 BrScnUsb - ok 18:59:48.0875 3852 catchme - ok 18:59:48.0968 3852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:59:48.0968 3852 cbidf2k - ok 18:59:49.0000 3852 cd20xrnt - ok 18:59:49.0046 3852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:59:49.0046 3852 Cdaudio - ok 18:59:49.0156 3852 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 18:59:49.0156 3852 Cdfs - ok 18:59:49.0218 3852 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 18:59:49.0218 3852 Cdrom - ok 18:59:49.0281 3852 Changer - ok 18:59:49.0375 3852 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe 18:59:49.0390 3852 CiSvc - ok 18:59:49.0453 3852 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe 18:59:49.0453 3852 ClipSrv - ok 18:59:49.0500 3852 CmdIde - ok 18:59:49.0531 3852 COMSysApp - ok 18:59:49.0546 3852 Cpqarray - ok 18:59:49.0609 3852 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll 18:59:49.0609 3852 CryptSvc - ok 18:59:49.0671 3852 dac2w2k - ok 18:59:49.0687 3852 dac960nt - ok 18:59:49.0734 3852 DcomLaunch (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll 18:59:49.0750 3852 DcomLaunch - ok 18:59:49.0859 3852 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll 18:59:49.0859 3852 Dhcp - ok 18:59:49.0906 3852 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 18:59:49.0921 3852 Disk - ok 18:59:49.0984 3852 dmadmin - ok 18:59:50.0078 3852 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys 18:59:50.0125 3852 dmboot - ok 18:59:50.0234 3852 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys 18:59:50.0281 3852 dmio - ok 18:59:50.0343 3852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:59:50.0343 3852 dmload - ok 18:59:50.0437 3852 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll 18:59:50.0437 3852 dmserver - ok 18:59:50.0500 3852 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 18:59:50.0531 3852 DMusic - ok 18:59:50.0640 3852 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll 18:59:50.0640 3852 Dnscache - ok 18:59:50.0687 3852 dpti2o - ok 18:59:50.0765 3852 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 18:59:50.0828 3852 drmkaud - ok 18:59:50.0890 3852 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll 18:59:50.0906 3852 ERSvc - ok 18:59:50.0984 3852 Eventlog (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe 18:59:50.0984 3852 Eventlog - ok 18:59:51.0046 3852 EventSystem (4e1a8645ee77cb9454ffe53c59620a25) C:\WINDOWS\system32\es.dll 18:59:51.0046 3852 EventSystem - ok 18:59:51.0140 3852 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 18:59:51.0156 3852 Fastfat - ok 18:59:51.0187 3852 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 18:59:51.0203 3852 FastUserSwitchingCompatibility - ok 18:59:51.0281 3852 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 18:59:51.0296 3852 Fdc - ok 18:59:51.0343 3852 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys 18:59:51.0343 3852 Fips - ok 18:59:51.0437 3852 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 18:59:51.0468 3852 Flpydisk - ok 18:59:51.0515 3852 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 18:59:51.0531 3852 FltMgr - ok 18:59:51.0640 3852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:59:51.0640 3852 Fs_Rec - ok 18:59:51.0718 3852 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:59:51.0734 3852 Ftdisk - ok 18:59:51.0828 3852 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:59:51.0828 3852 Gpc - ok 18:59:51.0875 3852 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 18:59:51.0875 3852 helpsvc - ok 18:59:51.0953 3852 HidServ - ok 18:59:52.0000 3852 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:59:52.0015 3852 hidusb - ok 18:59:52.0062 3852 hpn - ok 18:59:52.0156 3852 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 18:59:52.0156 3852 HTTP - ok 18:59:52.0250 3852 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll 18:59:52.0250 3852 HTTPFilter - ok 18:59:52.0328 3852 i2omgmt - ok 18:59:52.0359 3852 i2omp - ok 18:59:52.0437 3852 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 18:59:52.0468 3852 i8042prt - ok 18:59:52.0562 3852 ialm (4007984827e19e6a5b6faf8532eaefba) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 18:59:52.0625 3852 ialm - ok 18:59:52.0734 3852 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:59:52.0750 3852 Imapi - ok 18:59:52.0812 3852 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe 18:59:52.0812 3852 ImapiService - ok 18:59:52.0875 3852 InCDFs - ok 18:59:52.0906 3852 InCDPass - ok 18:59:52.0921 3852 InCDRm - ok 18:59:52.0937 3852 ini910u - ok 18:59:53.0000 3852 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys 18:59:53.0000 3852 IntelIde - ok 18:59:53.0109 3852 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:59:53.0109 3852 intelppm - ok 18:59:53.0140 3852 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 18:59:53.0171 3852 Ip6Fw - ok 18:59:53.0265 3852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:59:53.0281 3852 IpFilterDriver - ok 18:59:53.0328 3852 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:59:53.0343 3852 IpInIp - ok 18:59:53.0406 3852 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:59:53.0406 3852 IpNat - ok 18:59:53.0468 3852 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:59:53.0484 3852 IPSec - ok 18:59:53.0546 3852 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:59:53.0578 3852 IRENUM - ok 18:59:53.0656 3852 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:59:53.0656 3852 isapnp - ok 18:59:53.0812 3852 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Programme\Java\jre6\bin\jqs.exe 18:59:53.0812 3852 JavaQuickStarterService - ok 18:59:53.0906 3852 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:59:53.0937 3852 Kbdclass - ok 18:59:53.0984 3852 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 18:59:54.0015 3852 kmixer - ok 18:59:54.0093 3852 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 18:59:54.0125 3852 KSecDD - ok 18:59:54.0187 3852 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll 18:59:54.0203 3852 lanmanserver - ok 18:59:54.0281 3852 lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll 18:59:54.0281 3852 lanmanworkstation - ok 18:59:54.0343 3852 lbrtfdc - ok 18:59:54.0437 3852 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll 18:59:54.0437 3852 LmHosts - ok 18:59:54.0546 3852 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe 18:59:54.0578 3852 McComponentHostService - ok 18:59:54.0671 3852 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll 18:59:54.0687 3852 Messenger - ok 18:59:54.0734 3852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:59:54.0734 3852 mnmdd - ok 18:59:54.0828 3852 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe 18:59:54.0859 3852 mnmsrvc - ok 18:59:54.0906 3852 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys 18:59:54.0921 3852 Modem - ok 18:59:55.0015 3852 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:59:55.0031 3852 Mouclass - ok 18:59:55.0093 3852 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:59:55.0109 3852 mouhid - ok 18:59:55.0171 3852 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 18:59:55.0187 3852 MountMgr - ok 18:59:55.0265 3852 mraid35x - ok 18:59:55.0312 3852 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:59:55.0359 3852 MRxDAV - ok 18:59:55.0484 3852 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:59:55.0515 3852 MRxSmb - ok 18:59:55.0609 3852 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe 18:59:55.0625 3852 MSDTC - ok 18:59:55.0687 3852 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 18:59:55.0703 3852 Msfs - ok 18:59:55.0750 3852 MSIServer - ok 18:59:55.0828 3852 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:59:55.0828 3852 MSKSSRV - ok 18:59:55.0921 3852 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:59:55.0937 3852 MSPCLOCK - ok 18:59:56.0015 3852 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 18:59:56.0015 3852 MSPQM - ok 18:59:56.0125 3852 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:59:56.0125 3852 mssmbios - ok 18:59:56.0218 3852 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 18:59:56.0234 3852 Mup - ok 18:59:56.0343 3852 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 18:59:56.0406 3852 NDIS - ok 18:59:56.0437 3852 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:59:56.0453 3852 NdisTapi - ok 18:59:56.0531 3852 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:59:56.0562 3852 Ndisuio - ok 18:59:56.0609 3852 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:59:56.0640 3852 NdisWan - ok 18:59:56.0765 3852 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 18:59:56.0765 3852 NDProxy - ok 18:59:56.0812 3852 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:59:56.0828 3852 NetBIOS - ok 18:59:56.0953 3852 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:59:56.0984 3852 NetBT - ok 18:59:57.0062 3852 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 18:59:57.0109 3852 NetDDE - ok 18:59:57.0125 3852 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe 18:59:57.0125 3852 NetDDEdsdm - ok 18:59:57.0218 3852 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:59:57.0234 3852 Netlogon - ok 18:59:57.0281 3852 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll 18:59:57.0281 3852 Netman - ok 18:59:57.0390 3852 Nla (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll 18:59:57.0390 3852 Nla - ok 18:59:57.0468 3852 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 18:59:57.0468 3852 Npfs - ok 18:59:57.0578 3852 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 18:59:57.0671 3852 Ntfs - ok 18:59:57.0750 3852 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:59:57.0750 3852 NtLmSsp - ok 18:59:57.0812 3852 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll 18:59:57.0843 3852 NtmsSvc - ok 18:59:57.0937 3852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:59:57.0937 3852 Null - ok 18:59:57.0984 3852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:59:58.0000 3852 NwlnkFlt - ok 18:59:58.0078 3852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:59:58.0093 3852 NwlnkFwd - ok 18:59:58.0156 3852 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys 18:59:58.0203 3852 Parport - ok 18:59:58.0312 3852 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 18:59:58.0312 3852 PartMgr - ok 18:59:58.0359 3852 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 18:59:58.0375 3852 ParVdm - ok 18:59:58.0468 3852 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys 18:59:58.0500 3852 PCI - ok 18:59:58.0515 3852 PCIDump - ok 18:59:58.0546 3852 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:59:58.0562 3852 PCIIde - ok 18:59:58.0687 3852 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:59:58.0703 3852 Pcmcia - ok 18:59:58.0781 3852 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\WINDOWS\system32\drivers\PCTCore.sys 18:59:58.0828 3852 PCTCore - ok 18:59:58.0906 3852 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\WINDOWS\system32\drivers\pctDS.sys 18:59:58.0968 3852 pctDS - ok 18:59:59.0015 3852 PDCOMP - ok 18:59:59.0078 3852 PDFRAME - ok 18:59:59.0125 3852 PDRELI - ok 18:59:59.0140 3852 PDRFRAME - ok 18:59:59.0140 3852 perc2 - ok 18:59:59.0156 3852 perc2hib - ok 18:59:59.0218 3852 PlugPlay (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe 18:59:59.0218 3852 PlugPlay - ok 18:59:59.0265 3852 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:59:59.0281 3852 PolicyAgent - ok 18:59:59.0375 3852 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:59:59.0406 3852 PptpMiniport - ok 18:59:59.0468 3852 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 18:59:59.0468 3852 ProtectedStorage - ok 18:59:59.0562 3852 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 18:59:59.0593 3852 PSched - ok 18:59:59.0656 3852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:59:59.0656 3852 Ptilink - ok 18:59:59.0750 3852 ql1080 - ok 18:59:59.0781 3852 Ql10wnt - ok 18:59:59.0843 3852 ql12160 - ok 18:59:59.0859 3852 ql1240 - ok 18:59:59.0875 3852 ql1280 - ok 18:59:59.0906 3852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:59:59.0906 3852 RasAcd - ok 18:59:59.0984 3852 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll 19:00:00.0000 3852 RasAuto - ok 19:00:00.0093 3852 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 19:00:00.0109 3852 Rasl2tp - ok 19:00:00.0156 3852 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll 19:00:00.0156 3852 RasMan - ok 19:00:00.0250 3852 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 19:00:00.0265 3852 RasPppoe - ok 19:00:00.0312 3852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 19:00:00.0328 3852 Raspti - ok 19:00:00.0421 3852 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 19:00:00.0453 3852 Rdbss - ok 19:00:00.0515 3852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 19:00:00.0515 3852 RDPCDD - ok 19:00:00.0609 3852 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 19:00:00.0656 3852 rdpdr - ok 19:00:00.0781 3852 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 19:00:00.0812 3852 RDPWD - ok 19:00:00.0906 3852 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe 19:00:00.0937 3852 RDSessMgr - ok 19:00:00.0984 3852 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys 19:00:01.0000 3852 redbook - ok 19:00:01.0109 3852 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll 19:00:01.0125 3852 RemoteAccess - ok 19:00:01.0234 3852 RemoteRegistry (ae81cf7d7cfa79cd03e8fb99788a7e09) C:\WINDOWS\system32\regsvc.dll 19:00:01.0234 3852 RemoteRegistry - ok 19:00:01.0328 3852 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe 19:00:01.0359 3852 RpcLocator - ok 19:00:01.0421 3852 RpcSs (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\System32\rpcss.dll 19:00:01.0421 3852 RpcSs - ok 19:00:01.0515 3852 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 19:00:01.0546 3852 RSVP - ok 19:00:01.0609 3852 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe 19:00:01.0609 3852 SamSs - ok 19:00:01.0687 3852 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe 19:00:01.0703 3852 SCardSvr - ok 19:00:01.0750 3852 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll 19:00:01.0750 3852 Schedule - ok 19:00:01.0812 3852 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Programme\PC Tools Security\pctsAuxs.exe 19:00:01.0875 3852 sdAuxService - ok 19:00:01.0921 3852 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Programme\PC Tools Security\pctsSvc.exe 19:00:02.0031 3852 sdCoreService - ok 19:00:02.0140 3852 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 19:00:02.0140 3852 Secdrv - ok 19:00:02.0187 3852 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll 19:00:02.0187 3852 seclogon - ok 19:00:02.0265 3852 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll 19:00:02.0265 3852 SENS - ok 19:00:02.0328 3852 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 19:00:02.0328 3852 serenum - ok 19:00:02.0437 3852 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys 19:00:02.0437 3852 Serial - ok 19:00:02.0500 3852 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 19:00:02.0500 3852 Sfloppy - ok 19:00:02.0609 3852 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll 19:00:02.0625 3852 SharedAccess - ok 19:00:02.0718 3852 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 19:00:02.0734 3852 ShellHWDetection - ok 19:00:02.0765 3852 Simbad - ok 19:00:02.0875 3852 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys 19:00:02.0953 3852 smwdm - ok 19:00:03.0031 3852 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe 19:00:03.0031 3852 SoundMAX Agent Service (default) - ok 19:00:03.0109 3852 Sparrow - ok 19:00:03.0156 3852 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 19:00:03.0156 3852 splitter - ok 19:00:03.0250 3852 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe 19:00:03.0250 3852 Spooler - ok 19:00:03.0312 3852 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys 19:00:03.0328 3852 sr - ok 19:00:03.0437 3852 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll 19:00:03.0437 3852 srservice - ok 19:00:03.0500 3852 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 19:00:03.0562 3852 Srv - ok 19:00:03.0671 3852 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll 19:00:03.0671 3852 SSDPSRV - ok 19:00:03.0734 3852 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 19:00:03.0734 3852 ssmdrv - ok 19:00:03.0828 3852 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll 19:00:03.0859 3852 stisvc - ok 19:00:03.0921 3852 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 19:00:03.0921 3852 swenum - ok 19:00:04.0031 3852 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 19:00:04.0046 3852 swmidi - ok 19:00:04.0062 3852 SwPrv - ok 19:00:04.0093 3852 symc810 - ok 19:00:04.0109 3852 symc8xx - ok 19:00:04.0109 3852 sym_hi - ok 19:00:04.0125 3852 sym_u3 - ok 19:00:04.0171 3852 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 19:00:04.0234 3852 sysaudio - ok 19:00:04.0328 3852 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe 19:00:04.0359 3852 SysmonLog - ok 19:00:04.0390 3852 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll 19:00:04.0406 3852 TapiSrv - ok 19:00:04.0500 3852 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 19:00:04.0562 3852 Tcpip - ok 19:00:04.0656 3852 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 19:00:04.0671 3852 TDPIPE - ok 19:00:04.0703 3852 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 19:00:04.0734 3852 TDTCP - ok 19:00:04.0968 3852 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe 19:00:04.0984 3852 TeamViewer7 - ok 19:00:05.0109 3852 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys 19:00:05.0140 3852 teamviewervpn - ok 19:00:05.0203 3852 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 19:00:05.0203 3852 TermDD - ok 19:00:05.0296 3852 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll 19:00:05.0296 3852 TermService - ok 19:00:05.0359 3852 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll 19:00:05.0359 3852 Themes - ok 19:00:05.0437 3852 TlntSvr (58708746b8267033e5cf2b29659e7f74) C:\WINDOWS\system32\tlntsvr.exe 19:00:05.0453 3852 TlntSvr - ok 19:00:05.0500 3852 TosIde - ok 19:00:05.0593 3852 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll 19:00:05.0609 3852 TrkWks - ok 19:00:05.0718 3852 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 19:00:05.0750 3852 Udfs - ok 19:00:05.0828 3852 ultra - ok 19:00:05.0843 3852 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 19:00:05.0859 3852 Update - ok 19:00:05.0937 3852 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll 19:00:05.0984 3852 upnphost - ok 19:00:06.0093 3852 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe 19:00:06.0109 3852 UPS - ok 19:00:06.0156 3852 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 19:00:06.0171 3852 usbccgp - ok 19:00:06.0250 3852 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 19:00:06.0281 3852 usbehci - ok 19:00:06.0343 3852 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 19:00:06.0359 3852 usbhub - ok 19:00:06.0453 3852 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 19:00:06.0484 3852 usbprint - ok 19:00:06.0562 3852 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 19:00:06.0578 3852 usbstor - ok 19:00:06.0625 3852 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 19:00:06.0625 3852 usbuhci - ok 19:00:06.0718 3852 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 19:00:06.0718 3852 VgaSave - ok 19:00:06.0750 3852 ViaIde - ok 19:00:06.0796 3852 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys 19:00:06.0796 3852 VolSnap - ok 19:00:06.0906 3852 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe 19:00:06.0953 3852 VSS - ok 19:00:07.0015 3852 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll 19:00:07.0015 3852 W32Time - ok 19:00:07.0156 3852 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 19:00:07.0156 3852 Wanarp - ok 19:00:07.0187 3852 WDICA - ok 19:00:07.0265 3852 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 19:00:07.0281 3852 wdmaud - ok 19:00:07.0328 3852 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll 19:00:07.0328 3852 WebClient - ok 19:00:07.0468 3852 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll 19:00:07.0468 3852 winmgmt - ok 19:00:07.0515 3852 WmdmPmSN (d68cc4ebf7b03fd770d5962295ad814e) C:\WINDOWS\system32\mspmsnsv.dll 19:00:07.0531 3852 WmdmPmSN - ok 19:00:07.0640 3852 Wmi (9cbb06e4438d6a0d52a46e0b44796d37) C:\WINDOWS\System32\advapi32.dll 19:00:07.0671 3852 Wmi - ok 19:00:07.0781 3852 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 19:00:07.0781 3852 WmiAcpi - ok 19:00:07.0843 3852 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe 19:00:07.0843 3852 WmiApSrv - ok 19:00:07.0953 3852 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 19:00:07.0953 3852 WS2IFSL - ok 19:00:08.0000 3852 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll 19:00:08.0015 3852 wscsvc - ok 19:00:08.0093 3852 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll 19:00:08.0109 3852 wuauserv - ok 19:00:08.0156 3852 WZCSVC (eb52b74a5daadc2cca68b3e7d81007e6) C:\WINDOWS\System32\wzcsvc.dll 19:00:08.0171 3852 WZCSVC - ok 19:00:08.0296 3852 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll 19:00:08.0328 3852 xmlprov - ok 19:00:08.0359 3852 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 19:00:08.0515 3852 \Device\Harddisk0\DR0 - ok 19:00:08.0546 3852 Boot (0x1200) (fcc240d226e01033572f554bdcd67f18) \Device\Harddisk0\DR0\Partition0 19:00:08.0546 3852 \Device\Harddisk0\DR0\Partition0 - ok 19:00:08.0609 3852 Boot (0x1200) (c97c5f9c5adeb709bf39d5e19148b811) \Device\Harddisk0\DR0\Partition1 19:00:08.0609 3852 \Device\Harddisk0\DR0\Partition1 - ok 19:00:08.0625 3852 ============================================================ 19:00:08.0625 3852 Scan finished 19:00:08.0625 3852 ============================================================ 19:00:08.0625 3844 Detected object count: 0 19:00:08.0625 3844 Actual detected object count: 0 Bin aber auf Cure gegangen versehentlich..................... |
|
26.03.2012, 18:02
| #13 |
| /// Malware-holic | Bei Download....warten auf www.google.com- in Firefox nutzt du den pc für onlinebanking einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 18:07
| #14 |
| | Bei Download....warten auf www.google.com- in Firefox nein, der pc wird nur für social networking etc genuzt geht aber alles anscheined wieder |
|
26.03.2012, 18:08
| #15 |
| /// Malware-holic | Bei Download....warten auf www.google.com- in Firefox testen ob das problem noch auftritt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Bei Download....warten auf www.google.com- in Firefox |
| bekannte, browser, download, downloaden, firefox, gefunde, google, google virus, hinweis, inter, interne, internet, lösung, maus, meldung, redirect, spring, springt, welchem, wiedermal, wirklich |
Linear-Darstellung
