| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Kaspersky Rescue CD sind alle Daten gelöscht.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.05.2012, 22:09
| #31 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Nach Kaspersky Rescue CD sind alle Daten gelöscht. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.05.2012, 17:51
| #32 |
 | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Code:
ATTFilter 18:47:33.0828 1964 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:47:33.0921 1964 ============================================================
18:47:33.0921 1964 Current date / time: 2012/05/27 18:47:33.0921
18:47:33.0921 1964 SystemInfo:
18:47:33.0921 1964
18:47:33.0921 1964 OS Version: 5.1.2600 ServicePack: 2.0
18:47:33.0921 1964 Product type: Workstation
18:47:33.0921 1964 ComputerName: BUERO
18:47:33.0921 1964 UserName: Anwender
18:47:33.0921 1964 Windows directory: C:\WINDOWS
18:47:33.0921 1964 System windows directory: C:\WINDOWS
18:47:33.0921 1964 Processor architecture: Intel x86
18:47:33.0921 1964 Number of processors: 1
18:47:33.0921 1964 Page size: 0x1000
18:47:33.0921 1964 Boot type: Normal boot
18:47:33.0921 1964 ============================================================
18:47:34.0968 1964 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:47:35.0000 1964 ============================================================
18:47:35.0000 1964 \Device\Harddisk0\DR0:
18:47:35.0000 1964 MBR partitions:
18:47:35.0000 1964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
18:47:35.0031 1964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x1FDA120
18:47:35.0031 1964 ============================================================
18:47:35.0218 1964 C: <-> \Device\Harddisk0\DR0\Partition0
18:47:35.0265 1964 D: <-> \Device\Harddisk0\DR0\Partition1
18:47:35.0281 1964 ============================================================
18:47:35.0281 1964 Initialize success
18:47:35.0281 1964 ============================================================
18:48:23.0078 3192 ============================================================
18:48:23.0078 3192 Scan started
18:48:23.0078 3192 Mode: Manual; SigCheck; TDLFS;
18:48:23.0078 3192 ============================================================
18:48:23.0421 3192 Abiosdsk - ok
18:48:23.0453 3192 abp480n5 - ok
18:48:23.0515 3192 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:48:24.0203 3192 ACPI - ok
18:48:24.0234 3192 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:48:24.0406 3192 ACPIEC - ok
18:48:24.0421 3192 adpu160m - ok
18:48:24.0468 3192 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
18:48:24.0609 3192 aec - ok
18:48:24.0640 3192 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
18:48:24.0812 3192 AFD - ok
18:48:24.0828 3192 Aha154x - ok
18:48:24.0859 3192 aic78u2 - ok
18:48:24.0875 3192 aic78xx - ok
18:48:24.0953 3192 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
18:48:25.0078 3192 ALCXSENS - ok
18:48:25.0156 3192 ALCXWDM (4dd2c10fc6434fedcb7c71fbdc1f107a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:48:25.0250 3192 ALCXWDM - ok
18:48:25.0296 3192 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
18:48:25.0453 3192 Alerter - ok
18:48:25.0468 3192 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
18:48:25.0531 3192 ALG - ok
18:48:25.0546 3192 AliIde - ok
18:48:25.0578 3192 amsint - ok
18:48:25.0718 3192 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
18:48:25.0734 3192 AntiVirSchedulerService - ok
18:48:25.0812 3192 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:48:25.0828 3192 AntiVirService - ok
18:48:25.0843 3192 AppMgmt - ok
18:48:25.0890 3192 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:48:26.0031 3192 Arp1394 - ok
18:48:26.0046 3192 asc - ok
18:48:26.0078 3192 asc3350p - ok
18:48:26.0109 3192 asc3550 - ok
18:48:26.0250 3192 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:48:26.0281 3192 aspnet_state - ok
18:48:26.0312 3192 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:48:26.0437 3192 AsyncMac - ok
18:48:26.0500 3192 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:48:26.0671 3192 atapi - ok
18:48:26.0718 3192 Atdisk - ok
18:48:26.0750 3192 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:48:26.0968 3192 Atmarpc - ok
18:48:27.0031 3192 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
18:48:27.0171 3192 AudioSrv - ok
18:48:27.0234 3192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:48:27.0375 3192 audstub - ok
18:48:27.0437 3192 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
18:48:27.0453 3192 avgio - ok
18:48:27.0484 3192 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:48:27.0500 3192 avgntflt - ok
18:48:27.0562 3192 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:48:27.0562 3192 avipbb - ok
18:48:27.0593 3192 AVMCOWAN (0bcb6b3df2e248c8e8f2ffc6f58d1341) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
18:48:27.0640 3192 AVMCOWAN - ok
18:48:27.0687 3192 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
18:48:27.0859 3192 AVMWAN - ok
18:48:27.0921 3192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:48:28.0078 3192 Beep - ok
18:48:28.0140 3192 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
18:48:28.0375 3192 BITS - ok
18:48:28.0437 3192 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
18:48:28.0593 3192 Browser - ok
18:48:28.0640 3192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:48:28.0796 3192 cbidf2k - ok
18:48:28.0812 3192 cd20xrnt - ok
18:48:28.0859 3192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:48:29.0000 3192 Cdaudio - ok
18:48:29.0062 3192 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:48:29.0218 3192 Cdfs - ok
18:48:29.0265 3192 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:48:29.0421 3192 Cdrom - ok
18:48:29.0437 3192 Changer - ok
18:48:29.0484 3192 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
18:48:29.0656 3192 CiSvc - ok
18:48:29.0703 3192 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
18:48:29.0843 3192 ClipSrv - ok
18:48:29.0906 3192 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:29.0921 3192 clr_optimization_v2.0.50727_32 - ok
18:48:29.0984 3192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:30.0031 3192 clr_optimization_v4.0.30319_32 - ok
18:48:30.0062 3192 CmdIde - ok
18:48:30.0093 3192 COMSysApp - ok
18:48:30.0156 3192 Cpqarray - ok
18:48:30.0187 3192 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
18:48:30.0328 3192 CryptSvc - ok
18:48:30.0343 3192 dac2w2k - ok
18:48:30.0375 3192 dac960nt - ok
18:48:30.0453 3192 DcomLaunch (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll
18:48:30.0656 3192 DcomLaunch - ok
18:48:30.0859 3192 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll
18:48:31.0000 3192 Dhcp - ok
18:48:31.0046 3192 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:48:31.0171 3192 Disk - ok
18:48:31.0187 3192 dmadmin - ok
18:48:31.0250 3192 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
18:48:31.0437 3192 dmboot - ok
18:48:31.0500 3192 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
18:48:31.0640 3192 dmio - ok
18:48:31.0671 3192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:48:31.0843 3192 dmload - ok
18:48:31.0875 3192 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
18:48:32.0031 3192 dmserver - ok
18:48:32.0109 3192 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:48:32.0218 3192 DMusic - ok
18:48:32.0281 3192 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
18:48:32.0421 3192 Dnscache - ok
18:48:32.0437 3192 dpti2o - ok
18:48:32.0500 3192 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:48:32.0625 3192 drmkaud - ok
18:48:32.0656 3192 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
18:48:32.0812 3192 ERSvc - ok
18:48:32.0875 3192 Eventlog (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe
18:48:33.0000 3192 Eventlog - ok
18:48:33.0062 3192 EventSystem (4e1a8645ee77cb9454ffe53c59620a25) C:\WINDOWS\system32\es.dll
18:48:33.0203 3192 EventSystem - ok
18:48:33.0265 3192 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:48:33.0421 3192 Fastfat - ok
18:48:33.0468 3192 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
18:48:33.0609 3192 FastUserSwitchingCompatibility - ok
18:48:33.0656 3192 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:48:33.0796 3192 Fdc - ok
18:48:33.0859 3192 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
18:48:34.0000 3192 FETNDIS - ok
18:48:34.0031 3192 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
18:48:34.0171 3192 Fips - ok
18:48:34.0218 3192 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:48:34.0359 3192 Flpydisk - ok
18:48:34.0421 3192 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:48:34.0562 3192 FltMgr - ok
18:48:34.0656 3192 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:48:34.0750 3192 FontCache3.0.0.0 - ok
18:48:34.0796 3192 fpcibase (25baa9e7e21ca204b3202637c4f0d44e) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
18:48:34.0890 3192 fpcibase - ok
18:48:34.0937 3192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:48:35.0078 3192 Fs_Rec - ok
18:48:35.0125 3192 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:48:35.0265 3192 Ftdisk - ok
18:48:35.0296 3192 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
18:48:35.0453 3192 gagp30kx - ok
18:48:35.0500 3192 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:48:35.0625 3192 Gpc - ok
18:48:35.0750 3192 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:48:35.0875 3192 helpsvc - ok
18:48:35.0937 3192 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
18:48:36.0093 3192 HidServ - ok
18:48:36.0156 3192 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:48:36.0296 3192 hidusb - ok
18:48:36.0312 3192 hpn - ok
18:48:36.0390 3192 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
18:48:36.0531 3192 HTTP - ok
18:48:36.0593 3192 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
18:48:36.0734 3192 HTTPFilter - ok
18:48:36.0765 3192 i2omgmt - ok
18:48:36.0781 3192 i2omp - ok
18:48:36.0828 3192 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:48:36.0968 3192 i8042prt - ok
18:48:37.0109 3192 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:48:37.0250 3192 idsvc ( UnsignedFile.Multi.Generic ) - warning
18:48:37.0250 3192 idsvc - detected UnsignedFile.Multi.Generic (1)
18:48:37.0312 3192 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:48:37.0437 3192 Imapi - ok
18:48:37.0500 3192 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
18:48:37.0640 3192 ImapiService - ok
18:48:37.0687 3192 ini910u - ok
18:48:37.0718 3192 IntelIde - ok
18:48:37.0781 3192 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:48:37.0921 3192 Ip6Fw - ok
18:48:37.0984 3192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:48:38.0109 3192 IpFilterDriver - ok
18:48:38.0156 3192 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:48:38.0281 3192 IpInIp - ok
18:48:38.0312 3192 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:48:38.0468 3192 IpNat - ok
18:48:38.0703 3192 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:48:38.0843 3192 IPSec - ok
18:48:38.0906 3192 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:48:38.0968 3192 IRENUM - ok
18:48:39.0031 3192 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:48:39.0171 3192 isapnp - ok
18:48:39.0218 3192 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:48:39.0359 3192 Kbdclass - ok
18:48:39.0390 3192 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:48:39.0531 3192 kbdhid - ok
18:48:39.0609 3192 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
18:48:39.0765 3192 kmixer - ok
18:48:39.0796 3192 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
18:48:39.0953 3192 KSecDD - ok
18:48:40.0015 3192 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll
18:48:40.0156 3192 lanmanserver - ok
18:48:40.0218 3192 lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll
18:48:40.0359 3192 lanmanworkstation - ok
18:48:40.0375 3192 lbrtfdc - ok
18:48:40.0468 3192 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
18:48:40.0609 3192 LmHosts - ok
18:48:40.0640 3192 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:48:40.0640 3192 MBAMProtector - ok
18:48:40.0765 3192 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
18:48:40.0796 3192 MBAMService - ok
18:48:41.0234 3192 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
18:48:41.0265 3192 MDM - ok
18:48:41.0312 3192 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
18:48:41.0468 3192 Messenger - ok
18:48:41.0500 3192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:48:41.0640 3192 mnmdd - ok
18:48:41.0687 3192 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
18:48:41.0828 3192 mnmsrvc - ok
18:48:41.0890 3192 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
18:48:42.0031 3192 Modem - ok
18:48:42.0093 3192 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:48:42.0218 3192 Mouclass - ok
18:48:42.0281 3192 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:48:42.0406 3192 mouhid - ok
18:48:42.0421 3192 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:48:42.0562 3192 MountMgr - ok
18:48:42.0609 3192 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:48:42.0625 3192 MozillaMaintenance - ok
18:48:42.0640 3192 mraid35x - ok
18:48:42.0703 3192 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:48:42.0828 3192 MRxDAV - ok
18:48:42.0890 3192 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:48:43.0078 3192 MRxSmb - ok
18:48:43.0125 3192 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
18:48:43.0250 3192 MSDTC - ok
18:48:43.0312 3192 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:48:43.0453 3192 Msfs - ok
18:48:43.0468 3192 MSIServer - ok
18:48:43.0546 3192 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:48:43.0687 3192 MSKSSRV - ok
18:48:43.0734 3192 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:48:43.0906 3192 MSPCLOCK - ok
18:48:43.0937 3192 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:48:44.0078 3192 MSPQM - ok
18:48:44.0156 3192 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:48:44.0281 3192 mssmbios - ok
18:48:44.0312 3192 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:48:44.0453 3192 Mup - ok
18:48:44.0500 3192 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:48:44.0640 3192 NDIS - ok
18:48:44.0671 3192 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:48:44.0781 3192 NdisTapi - ok
18:48:44.0843 3192 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:48:44.0984 3192 Ndisuio - ok
18:48:45.0031 3192 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:48:45.0156 3192 NdisWan - ok
18:48:45.0218 3192 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:48:45.0343 3192 NDProxy - ok
18:48:45.0375 3192 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:48:45.0515 3192 NetBIOS - ok
18:48:45.0578 3192 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:48:45.0703 3192 NetBT - ok
18:48:45.0765 3192 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
18:48:45.0906 3192 NetDDE - ok
18:48:45.0921 3192 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
18:48:46.0062 3192 NetDDEdsdm - ok
18:48:46.0140 3192 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:46.0265 3192 Netlogon - ok
18:48:46.0500 3192 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll
18:48:46.0625 3192 Netman - ok
18:48:46.0765 3192 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:48:46.0828 3192 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
18:48:46.0828 3192 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
18:48:46.0890 3192 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:48:47.0000 3192 NIC1394 - ok
18:48:47.0062 3192 Nla (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll
18:48:47.0156 3192 Nla - ok
18:48:47.0218 3192 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:48:47.0359 3192 Npfs - ok
18:48:47.0406 3192 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
18:48:47.0593 3192 Ntfs - ok
18:48:47.0609 3192 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:47.0734 3192 NtLmSsp - ok
18:48:47.0828 3192 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
18:48:47.0968 3192 NtmsSvc - ok
18:48:48.0000 3192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:48:48.0140 3192 Null - ok
18:48:48.0593 3192 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:48:49.0312 3192 nv - ok
18:48:49.0421 3192 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
18:48:49.0437 3192 nvsvc - ok
18:48:49.0500 3192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:48:49.0625 3192 NwlnkFlt - ok
18:48:49.0671 3192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:48:49.0812 3192 NwlnkFwd - ok
18:48:49.0875 3192 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:48:50.0000 3192 ohci1394 - ok
18:48:50.0078 3192 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:48:50.0093 3192 ose - ok
18:48:50.0171 3192 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
18:48:50.0296 3192 Parport - ok
18:48:50.0359 3192 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:48:50.0484 3192 PartMgr - ok
18:48:50.0515 3192 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:48:50.0640 3192 ParVdm - ok
18:48:50.0687 3192 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
18:48:50.0828 3192 PCI - ok
18:48:50.0843 3192 PCIDump - ok
18:48:50.0906 3192 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:48:51.0031 3192 PCIIde - ok
18:48:51.0078 3192 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:48:51.0218 3192 Pcmcia - ok
18:48:51.0250 3192 PDCOMP - ok
18:48:51.0281 3192 PDFRAME - ok
18:48:51.0312 3192 PDRELI - ok
18:48:51.0343 3192 PDRFRAME - ok
18:48:51.0375 3192 perc2 - ok
18:48:51.0406 3192 perc2hib - ok
18:48:51.0546 3192 PlugPlay (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe
18:48:51.0718 3192 PlugPlay - ok
18:48:51.0750 3192 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:51.0859 3192 PolicyAgent - ok
18:48:51.0890 3192 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:48:52.0000 3192 PptpMiniport - ok
18:48:52.0046 3192 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
18:48:52.0156 3192 Processor - ok
18:48:52.0187 3192 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:52.0296 3192 ProtectedStorage - ok
18:48:52.0328 3192 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:48:52.0453 3192 PSched - ok
18:48:52.0500 3192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:48:52.0625 3192 Ptilink - ok
18:48:52.0640 3192 ql1080 - ok
18:48:52.0656 3192 Ql10wnt - ok
18:48:52.0687 3192 ql12160 - ok
18:48:52.0718 3192 ql1240 - ok
18:48:52.0750 3192 ql1280 - ok
18:48:52.0796 3192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:48:52.0890 3192 RasAcd - ok
18:48:52.0937 3192 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
18:48:53.0078 3192 RasAuto - ok
18:48:53.0125 3192 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:48:53.0250 3192 Rasl2tp - ok
18:48:53.0312 3192 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll
18:48:53.0406 3192 RasMan - ok
18:48:53.0437 3192 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:48:53.0562 3192 RasPppoe - ok
18:48:53.0625 3192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:48:53.0765 3192 Raspti - ok
18:48:54.0031 3192 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:48:54.0187 3192 Rdbss - ok
18:48:54.0218 3192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:48:54.0359 3192 RDPCDD - ok
18:48:54.0546 3192 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
18:48:54.0687 3192 RDPWD - ok
18:48:54.0734 3192 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
18:48:54.0875 3192 RDSessMgr - ok
18:48:54.0921 3192 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:48:55.0062 3192 redbook - ok
18:48:55.0125 3192 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
18:48:55.0250 3192 RemoteAccess - ok
18:48:55.0281 3192 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
18:48:55.0406 3192 RpcLocator - ok
18:48:55.0484 3192 RpcSs (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll
18:48:55.0656 3192 RpcSs - ok
18:48:55.0718 3192 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:48:55.0812 3192 RSVP - ok
18:48:55.0843 3192 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:55.0968 3192 SamSs - ok
18:48:56.0015 3192 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
18:48:56.0140 3192 SCardSvr - ok
18:48:56.0203 3192 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
18:48:56.0343 3192 Schedule - ok
18:48:56.0375 3192 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:48:56.0453 3192 Secdrv - ok
18:48:56.0500 3192 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
18:48:56.0609 3192 seclogon - ok
18:48:56.0640 3192 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
18:48:56.0750 3192 SENS - ok
18:48:56.0812 3192 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:48:56.0937 3192 serenum - ok
18:48:57.0000 3192 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
18:48:57.0109 3192 Serial - ok
18:48:57.0234 3192 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:48:57.0343 3192 Sfloppy - ok
18:48:57.0406 3192 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
18:48:57.0562 3192 SharedAccess - ok
18:48:57.0625 3192 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
18:48:57.0750 3192 ShellHWDetection - ok
18:48:57.0781 3192 Simbad - ok
18:48:57.0843 3192 Sparrow - ok
18:48:57.0906 3192 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
18:48:58.0031 3192 splitter - ok
18:48:58.0093 3192 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe
18:48:58.0203 3192 Spooler - ok
18:48:58.0265 3192 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:48:58.0312 3192 sr - ok
18:48:58.0343 3192 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
18:48:58.0406 3192 srservice - ok
18:48:58.0453 3192 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
18:48:58.0609 3192 Srv - ok
18:48:58.0656 3192 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
18:48:58.0718 3192 SSDPSRV - ok
18:48:58.0765 3192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:48:58.0781 3192 ssmdrv - ok
18:48:58.0828 3192 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll
18:48:58.0953 3192 stisvc - ok
18:48:59.0000 3192 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:48:59.0125 3192 swenum - ok
18:48:59.0156 3192 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:48:59.0281 3192 swmidi - ok
18:48:59.0296 3192 SwPrv - ok
18:48:59.0312 3192 symc810 - ok
18:48:59.0343 3192 symc8xx - ok
18:48:59.0375 3192 sym_hi - ok
18:48:59.0406 3192 sym_u3 - ok
18:48:59.0453 3192 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:48:59.0578 3192 sysaudio - ok
18:48:59.0625 3192 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
18:48:59.0750 3192 SysmonLog - ok
18:48:59.0828 3192 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll
18:48:59.0937 3192 TapiSrv - ok
18:49:00.0015 3192 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:49:00.0187 3192 Tcpip - ok
18:49:00.0250 3192 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:49:00.0390 3192 TDPIPE - ok
18:49:00.0453 3192 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:49:00.0562 3192 TDTCP - ok
18:49:00.0625 3192 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:49:00.0734 3192 TermDD - ok
18:49:00.0781 3192 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
18:49:00.0906 3192 TermService - ok
18:49:00.0984 3192 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
18:49:01.0109 3192 Themes - ok
18:49:01.0125 3192 TosIde - ok
18:49:01.0171 3192 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
18:49:01.0281 3192 TrkWks - ok
18:49:01.0343 3192 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:49:01.0500 3192 Udfs - ok
18:49:01.0515 3192 ultra - ok
18:49:01.0578 3192 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
18:49:01.0734 3192 Update - ok
18:49:01.0781 3192 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll
18:49:01.0859 3192 upnphost - ok
18:49:01.0890 3192 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
18:49:02.0000 3192 UPS - ok
18:49:02.0062 3192 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:49:02.0187 3192 usbccgp - ok
18:49:02.0234 3192 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:49:02.0359 3192 usbehci - ok
18:49:02.0390 3192 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:49:02.0531 3192 usbhub - ok
18:49:02.0625 3192 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:49:02.0750 3192 usbprint - ok
18:49:02.0812 3192 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:49:02.0937 3192 usbscan - ok
18:49:02.0968 3192 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:49:03.0093 3192 usbstor - ok
18:49:03.0156 3192 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:49:03.0265 3192 usbuhci - ok
18:49:03.0296 3192 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:49:03.0406 3192 VgaSave - ok
18:49:03.0437 3192 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:49:03.0562 3192 ViaIde - ok
18:49:03.0625 3192 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
18:49:03.0750 3192 VIAudio - ok
18:49:03.0796 3192 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
18:49:03.0906 3192 VolSnap - ok
18:49:03.0984 3192 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
18:49:04.0062 3192 VSS - ok
18:49:04.0140 3192 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
18:49:04.0296 3192 W32Time - ok
18:49:04.0343 3192 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:49:04.0531 3192 Wanarp - ok
18:49:04.0531 3192 WDICA - ok
18:49:04.0578 3192 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
18:49:04.0781 3192 wdmaud - ok
18:49:04.0812 3192 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll
18:49:05.0031 3192 WebClient - ok
18:49:05.0109 3192 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:49:05.0296 3192 winmgmt - ok
18:49:05.0343 3192 WmdmPmSN (d68cc4ebf7b03fd770d5962295ad814e) C:\WINDOWS\system32\mspmsnsv.dll
18:49:05.0468 3192 WmdmPmSN - ok
18:49:05.0515 3192 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:49:05.0656 3192 WmiApSrv - ok
18:49:05.0828 3192 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:49:05.0937 3192 WPFFontCache_v0400 - ok
18:49:05.0968 3192 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
18:49:06.0125 3192 wscsvc - ok
18:49:06.0156 3192 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
18:49:06.0281 3192 wuauserv - ok
18:49:06.0328 3192 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
18:49:06.0500 3192 WZCSVC - ok
18:49:06.0531 3192 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
18:49:06.0671 3192 xmlprov - ok
18:49:06.0703 3192 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:49:07.0234 3192 \Device\Harddisk0\DR0 - ok
18:49:07.0265 3192 Boot (0x1200) (045fcb80311f5cdef9ecf6b0d681b54a) \Device\Harddisk0\DR0\Partition0
18:49:07.0265 3192 \Device\Harddisk0\DR0\Partition0 - ok
18:49:07.0281 3192 Boot (0x1200) (2e5dc041902eade2a4fafd039b616af2) \Device\Harddisk0\DR0\Partition1
18:49:07.0296 3192 \Device\Harddisk0\DR0\Partition1 - ok
18:49:07.0296 3192 ============================================================
18:49:07.0296 3192 Scan finished
18:49:07.0296 3192 ============================================================
18:49:07.0421 3184 Detected object count: 2
18:49:07.0421 3184 Actual detected object count: 2
|
|
28.05.2012, 14:49
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht. Log ist unvollständig, die untere Zusammenfassung fehlt
__________________
__________________ |
|
28.05.2012, 20:17
| #34 |
| | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Code:
ATTFilter 18:47:33.0828 1964 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:47:33.0921 1964 ============================================================
18:47:33.0921 1964 Current date / time: 2012/05/27 18:47:33.0921
18:47:33.0921 1964 SystemInfo:
18:47:33.0921 1964
18:47:33.0921 1964 OS Version: 5.1.2600 ServicePack: 2.0
18:47:33.0921 1964 Product type: Workstation
18:47:33.0921 1964 ComputerName: BUERO
18:47:33.0921 1964 UserName: Anwender
18:47:33.0921 1964 Windows directory: C:\WINDOWS
18:47:33.0921 1964 System windows directory: C:\WINDOWS
18:47:33.0921 1964 Processor architecture: Intel x86
18:47:33.0921 1964 Number of processors: 1
18:47:33.0921 1964 Page size: 0x1000
18:47:33.0921 1964 Boot type: Normal boot
18:47:33.0921 1964 ============================================================
18:47:34.0968 1964 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:47:35.0000 1964 ============================================================
18:47:35.0000 1964 \Device\Harddisk0\DR0:
18:47:35.0000 1964 MBR partitions:
18:47:35.0000 1964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
18:47:35.0031 1964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x1FDA120
18:47:35.0031 1964 ============================================================
18:47:35.0218 1964 C: <-> \Device\Harddisk0\DR0\Partition0
18:47:35.0265 1964 D: <-> \Device\Harddisk0\DR0\Partition1
18:47:35.0281 1964 ============================================================
18:47:35.0281 1964 Initialize success
18:47:35.0281 1964 ============================================================
18:48:23.0078 3192 ============================================================
18:48:23.0078 3192 Scan started
18:48:23.0078 3192 Mode: Manual; SigCheck; TDLFS;
18:48:23.0078 3192 ============================================================
18:48:23.0421 3192 Abiosdsk - ok
18:48:23.0453 3192 abp480n5 - ok
18:48:23.0515 3192 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:48:24.0203 3192 ACPI - ok
18:48:24.0234 3192 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:48:24.0406 3192 ACPIEC - ok
18:48:24.0421 3192 adpu160m - ok
18:48:24.0468 3192 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
18:48:24.0609 3192 aec - ok
18:48:24.0640 3192 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
18:48:24.0812 3192 AFD - ok
18:48:24.0828 3192 Aha154x - ok
18:48:24.0859 3192 aic78u2 - ok
18:48:24.0875 3192 aic78xx - ok
18:48:24.0953 3192 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
18:48:25.0078 3192 ALCXSENS - ok
18:48:25.0156 3192 ALCXWDM (4dd2c10fc6434fedcb7c71fbdc1f107a) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:48:25.0250 3192 ALCXWDM - ok
18:48:25.0296 3192 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
18:48:25.0453 3192 Alerter - ok
18:48:25.0468 3192 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
18:48:25.0531 3192 ALG - ok
18:48:25.0546 3192 AliIde - ok
18:48:25.0578 3192 amsint - ok
18:48:25.0718 3192 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
18:48:25.0734 3192 AntiVirSchedulerService - ok
18:48:25.0812 3192 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:48:25.0828 3192 AntiVirService - ok
18:48:25.0843 3192 AppMgmt - ok
18:48:25.0890 3192 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:48:26.0031 3192 Arp1394 - ok
18:48:26.0046 3192 asc - ok
18:48:26.0078 3192 asc3350p - ok
18:48:26.0109 3192 asc3550 - ok
18:48:26.0250 3192 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:48:26.0281 3192 aspnet_state - ok
18:48:26.0312 3192 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:48:26.0437 3192 AsyncMac - ok
18:48:26.0500 3192 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:48:26.0671 3192 atapi - ok
18:48:26.0718 3192 Atdisk - ok
18:48:26.0750 3192 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:48:26.0968 3192 Atmarpc - ok
18:48:27.0031 3192 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
18:48:27.0171 3192 AudioSrv - ok
18:48:27.0234 3192 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:48:27.0375 3192 audstub - ok
18:48:27.0437 3192 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
18:48:27.0453 3192 avgio - ok
18:48:27.0484 3192 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:48:27.0500 3192 avgntflt - ok
18:48:27.0562 3192 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:48:27.0562 3192 avipbb - ok
18:48:27.0593 3192 AVMCOWAN (0bcb6b3df2e248c8e8f2ffc6f58d1341) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
18:48:27.0640 3192 AVMCOWAN - ok
18:48:27.0687 3192 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
18:48:27.0859 3192 AVMWAN - ok
18:48:27.0921 3192 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:48:28.0078 3192 Beep - ok
18:48:28.0140 3192 BITS (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
18:48:28.0375 3192 BITS - ok
18:48:28.0437 3192 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
18:48:28.0593 3192 Browser - ok
18:48:28.0640 3192 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:48:28.0796 3192 cbidf2k - ok
18:48:28.0812 3192 cd20xrnt - ok
18:48:28.0859 3192 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:48:29.0000 3192 Cdaudio - ok
18:48:29.0062 3192 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
18:48:29.0218 3192 Cdfs - ok
18:48:29.0265 3192 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:48:29.0421 3192 Cdrom - ok
18:48:29.0437 3192 Changer - ok
18:48:29.0484 3192 CiSvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
18:48:29.0656 3192 CiSvc - ok
18:48:29.0703 3192 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
18:48:29.0843 3192 ClipSrv - ok
18:48:29.0906 3192 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:29.0921 3192 clr_optimization_v2.0.50727_32 - ok
18:48:29.0984 3192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:30.0031 3192 clr_optimization_v4.0.30319_32 - ok
18:48:30.0062 3192 CmdIde - ok
18:48:30.0093 3192 COMSysApp - ok
18:48:30.0156 3192 Cpqarray - ok
18:48:30.0187 3192 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
18:48:30.0328 3192 CryptSvc - ok
18:48:30.0343 3192 dac2w2k - ok
18:48:30.0375 3192 dac960nt - ok
18:48:30.0453 3192 DcomLaunch (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll
18:48:30.0656 3192 DcomLaunch - ok
18:48:30.0859 3192 Dhcp (69f986b2688ba95a0d9362b0e233d5ff) C:\WINDOWS\System32\dhcpcsvc.dll
18:48:31.0000 3192 Dhcp - ok
18:48:31.0046 3192 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
18:48:31.0171 3192 Disk - ok
18:48:31.0187 3192 dmadmin - ok
18:48:31.0250 3192 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
18:48:31.0437 3192 dmboot - ok
18:48:31.0500 3192 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
18:48:31.0640 3192 dmio - ok
18:48:31.0671 3192 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:48:31.0843 3192 dmload - ok
18:48:31.0875 3192 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
18:48:32.0031 3192 dmserver - ok
18:48:32.0109 3192 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
18:48:32.0218 3192 DMusic - ok
18:48:32.0281 3192 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
18:48:32.0421 3192 Dnscache - ok
18:48:32.0437 3192 dpti2o - ok
18:48:32.0500 3192 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
18:48:32.0625 3192 drmkaud - ok
18:48:32.0656 3192 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
18:48:32.0812 3192 ERSvc - ok
18:48:32.0875 3192 Eventlog (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe
18:48:33.0000 3192 Eventlog - ok
18:48:33.0062 3192 EventSystem (4e1a8645ee77cb9454ffe53c59620a25) C:\WINDOWS\system32\es.dll
18:48:33.0203 3192 EventSystem - ok
18:48:33.0265 3192 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
18:48:33.0421 3192 Fastfat - ok
18:48:33.0468 3192 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
18:48:33.0609 3192 FastUserSwitchingCompatibility - ok
18:48:33.0656 3192 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:48:33.0796 3192 Fdc - ok
18:48:33.0859 3192 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
18:48:34.0000 3192 FETNDIS - ok
18:48:34.0031 3192 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
18:48:34.0171 3192 Fips - ok
18:48:34.0218 3192 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:48:34.0359 3192 Flpydisk - ok
18:48:34.0421 3192 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:48:34.0562 3192 FltMgr - ok
18:48:34.0656 3192 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:48:34.0750 3192 FontCache3.0.0.0 - ok
18:48:34.0796 3192 fpcibase (25baa9e7e21ca204b3202637c4f0d44e) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
18:48:34.0890 3192 fpcibase - ok
18:48:34.0937 3192 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:48:35.0078 3192 Fs_Rec - ok
18:48:35.0125 3192 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:48:35.0265 3192 Ftdisk - ok
18:48:35.0296 3192 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
18:48:35.0453 3192 gagp30kx - ok
18:48:35.0500 3192 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:48:35.0625 3192 Gpc - ok
18:48:35.0750 3192 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:48:35.0875 3192 helpsvc - ok
18:48:35.0937 3192 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
18:48:36.0093 3192 HidServ - ok
18:48:36.0156 3192 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:48:36.0296 3192 hidusb - ok
18:48:36.0312 3192 hpn - ok
18:48:36.0390 3192 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
18:48:36.0531 3192 HTTP - ok
18:48:36.0593 3192 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
18:48:36.0734 3192 HTTPFilter - ok
18:48:36.0765 3192 i2omgmt - ok
18:48:36.0781 3192 i2omp - ok
18:48:36.0828 3192 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:48:36.0968 3192 i8042prt - ok
18:48:37.0109 3192 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:48:37.0250 3192 idsvc ( UnsignedFile.Multi.Generic ) - warning
18:48:37.0250 3192 idsvc - detected UnsignedFile.Multi.Generic (1)
18:48:37.0312 3192 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:48:37.0437 3192 Imapi - ok
18:48:37.0500 3192 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
18:48:37.0640 3192 ImapiService - ok
18:48:37.0687 3192 ini910u - ok
18:48:37.0718 3192 IntelIde - ok
18:48:37.0781 3192 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:48:37.0921 3192 Ip6Fw - ok
18:48:37.0984 3192 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:48:38.0109 3192 IpFilterDriver - ok
18:48:38.0156 3192 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:48:38.0281 3192 IpInIp - ok
18:48:38.0312 3192 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:48:38.0468 3192 IpNat - ok
18:48:38.0703 3192 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:48:38.0843 3192 IPSec - ok
18:48:38.0906 3192 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:48:38.0968 3192 IRENUM - ok
18:48:39.0031 3192 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:48:39.0171 3192 isapnp - ok
18:48:39.0218 3192 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:48:39.0359 3192 Kbdclass - ok
18:48:39.0390 3192 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:48:39.0531 3192 kbdhid - ok
18:48:39.0609 3192 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
18:48:39.0765 3192 kmixer - ok
18:48:39.0796 3192 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
18:48:39.0953 3192 KSecDD - ok
18:48:40.0015 3192 lanmanserver (f8170aa51cd202bc062b8a0983f361b7) C:\WINDOWS\System32\srvsvc.dll
18:48:40.0156 3192 lanmanserver - ok
18:48:40.0218 3192 lanmanworkstation (36d74668f5448d55887fa3958488dc06) C:\WINDOWS\System32\wkssvc.dll
18:48:40.0359 3192 lanmanworkstation - ok
18:48:40.0375 3192 lbrtfdc - ok
18:48:40.0468 3192 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
18:48:40.0609 3192 LmHosts - ok
18:48:40.0640 3192 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
18:48:40.0640 3192 MBAMProtector - ok
18:48:40.0765 3192 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
18:48:40.0796 3192 MBAMService - ok
18:48:41.0234 3192 MDM (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
18:48:41.0265 3192 MDM - ok
18:48:41.0312 3192 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
18:48:41.0468 3192 Messenger - ok
18:48:41.0500 3192 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:48:41.0640 3192 mnmdd - ok
18:48:41.0687 3192 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
18:48:41.0828 3192 mnmsrvc - ok
18:48:41.0890 3192 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
18:48:42.0031 3192 Modem - ok
18:48:42.0093 3192 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:48:42.0218 3192 Mouclass - ok
18:48:42.0281 3192 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:48:42.0406 3192 mouhid - ok
18:48:42.0421 3192 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
18:48:42.0562 3192 MountMgr - ok
18:48:42.0609 3192 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:48:42.0625 3192 MozillaMaintenance - ok
18:48:42.0640 3192 mraid35x - ok
18:48:42.0703 3192 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:48:42.0828 3192 MRxDAV - ok
18:48:42.0890 3192 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:48:43.0078 3192 MRxSmb - ok
18:48:43.0125 3192 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
18:48:43.0250 3192 MSDTC - ok
18:48:43.0312 3192 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
18:48:43.0453 3192 Msfs - ok
18:48:43.0468 3192 MSIServer - ok
18:48:43.0546 3192 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:48:43.0687 3192 MSKSSRV - ok
18:48:43.0734 3192 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:48:43.0906 3192 MSPCLOCK - ok
18:48:43.0937 3192 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
18:48:44.0078 3192 MSPQM - ok
18:48:44.0156 3192 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:48:44.0281 3192 mssmbios - ok
18:48:44.0312 3192 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
18:48:44.0453 3192 Mup - ok
18:48:44.0500 3192 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
18:48:44.0640 3192 NDIS - ok
18:48:44.0671 3192 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:48:44.0781 3192 NdisTapi - ok
18:48:44.0843 3192 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:48:44.0984 3192 Ndisuio - ok
18:48:45.0031 3192 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:48:45.0156 3192 NdisWan - ok
18:48:45.0218 3192 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
18:48:45.0343 3192 NDProxy - ok
18:48:45.0375 3192 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:48:45.0515 3192 NetBIOS - ok
18:48:45.0578 3192 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:48:45.0703 3192 NetBT - ok
18:48:45.0765 3192 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
18:48:45.0906 3192 NetDDE - ok
18:48:45.0921 3192 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
18:48:46.0062 3192 NetDDEdsdm - ok
18:48:46.0140 3192 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:46.0265 3192 Netlogon - ok
18:48:46.0500 3192 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll
18:48:46.0625 3192 Netman - ok
18:48:46.0765 3192 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:48:46.0828 3192 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - warning
18:48:46.0828 3192 NetTcpPortSharing - detected UnsignedFile.Multi.Generic (1)
18:48:46.0890 3192 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:48:47.0000 3192 NIC1394 - ok
18:48:47.0062 3192 Nla (b36e08f680bae4dfc5c24d00a2dfc9e7) C:\WINDOWS\System32\mswsock.dll
18:48:47.0156 3192 Nla - ok
18:48:47.0218 3192 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
18:48:47.0359 3192 Npfs - ok
18:48:47.0406 3192 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
18:48:47.0593 3192 Ntfs - ok
18:48:47.0609 3192 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:47.0734 3192 NtLmSsp - ok
18:48:47.0828 3192 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
18:48:47.0968 3192 NtmsSvc - ok
18:48:48.0000 3192 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:48:48.0140 3192 Null - ok
18:48:48.0593 3192 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:48:49.0312 3192 nv - ok
18:48:49.0421 3192 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
18:48:49.0437 3192 nvsvc - ok
18:48:49.0500 3192 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:48:49.0625 3192 NwlnkFlt - ok
18:48:49.0671 3192 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:48:49.0812 3192 NwlnkFwd - ok
18:48:49.0875 3192 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:48:50.0000 3192 ohci1394 - ok
18:48:50.0078 3192 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:48:50.0093 3192 ose - ok
18:48:50.0171 3192 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
18:48:50.0296 3192 Parport - ok
18:48:50.0359 3192 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
18:48:50.0484 3192 PartMgr - ok
18:48:50.0515 3192 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:48:50.0640 3192 ParVdm - ok
18:48:50.0687 3192 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
18:48:50.0828 3192 PCI - ok
18:48:50.0843 3192 PCIDump - ok
18:48:50.0906 3192 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:48:51.0031 3192 PCIIde - ok
18:48:51.0078 3192 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:48:51.0218 3192 Pcmcia - ok
18:48:51.0250 3192 PDCOMP - ok
18:48:51.0281 3192 PDFRAME - ok
18:48:51.0312 3192 PDRELI - ok
18:48:51.0343 3192 PDRFRAME - ok
18:48:51.0375 3192 perc2 - ok
18:48:51.0406 3192 perc2hib - ok
18:48:51.0546 3192 PlugPlay (edb6b81761bd60f32f740bbc40afb676) C:\WINDOWS\system32\services.exe
18:48:51.0718 3192 PlugPlay - ok
18:48:51.0750 3192 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:51.0859 3192 PolicyAgent - ok
18:48:51.0890 3192 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:48:52.0000 3192 PptpMiniport - ok
18:48:52.0046 3192 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
18:48:52.0156 3192 Processor - ok
18:48:52.0187 3192 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:52.0296 3192 ProtectedStorage - ok
18:48:52.0328 3192 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
18:48:52.0453 3192 PSched - ok
18:48:52.0500 3192 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:48:52.0625 3192 Ptilink - ok
18:48:52.0640 3192 ql1080 - ok
18:48:52.0656 3192 Ql10wnt - ok
18:48:52.0687 3192 ql12160 - ok
18:48:52.0718 3192 ql1240 - ok
18:48:52.0750 3192 ql1280 - ok
18:48:52.0796 3192 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:48:52.0890 3192 RasAcd - ok
18:48:52.0937 3192 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
18:48:53.0078 3192 RasAuto - ok
18:48:53.0125 3192 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:48:53.0250 3192 Rasl2tp - ok
18:48:53.0312 3192 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll
18:48:53.0406 3192 RasMan - ok
18:48:53.0437 3192 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:48:53.0562 3192 RasPppoe - ok
18:48:53.0625 3192 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:48:53.0765 3192 Raspti - ok
18:48:54.0031 3192 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:48:54.0187 3192 Rdbss - ok
18:48:54.0218 3192 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:48:54.0359 3192 RDPCDD - ok
18:48:54.0546 3192 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
18:48:54.0687 3192 RDPWD - ok
18:48:54.0734 3192 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
18:48:54.0875 3192 RDSessMgr - ok
18:48:54.0921 3192 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:48:55.0062 3192 redbook - ok
18:48:55.0125 3192 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
18:48:55.0250 3192 RemoteAccess - ok
18:48:55.0281 3192 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
18:48:55.0406 3192 RpcLocator - ok
18:48:55.0484 3192 RpcSs (9f28ff58d6d67b123272869d89d14004) C:\WINDOWS\system32\rpcss.dll
18:48:55.0656 3192 RpcSs - ok
18:48:55.0718 3192 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:48:55.0812 3192 RSVP - ok
18:48:55.0843 3192 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
18:48:55.0968 3192 SamSs - ok
18:48:56.0015 3192 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
18:48:56.0140 3192 SCardSvr - ok
18:48:56.0203 3192 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
18:48:56.0343 3192 Schedule - ok
18:48:56.0375 3192 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:48:56.0453 3192 Secdrv - ok
18:48:56.0500 3192 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
18:48:56.0609 3192 seclogon - ok
18:48:56.0640 3192 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
18:48:56.0750 3192 SENS - ok
18:48:56.0812 3192 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:48:56.0937 3192 serenum - ok
18:48:57.0000 3192 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
18:48:57.0109 3192 Serial - ok
18:48:57.0234 3192 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:48:57.0343 3192 Sfloppy - ok
18:48:57.0406 3192 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
18:48:57.0562 3192 SharedAccess - ok
18:48:57.0625 3192 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
18:48:57.0750 3192 ShellHWDetection - ok
18:48:57.0781 3192 Simbad - ok
18:48:57.0843 3192 Sparrow - ok
18:48:57.0906 3192 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
18:48:58.0031 3192 splitter - ok
18:48:58.0093 3192 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe
18:48:58.0203 3192 Spooler - ok
18:48:58.0265 3192 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:48:58.0312 3192 sr - ok
18:48:58.0343 3192 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
18:48:58.0406 3192 srservice - ok
18:48:58.0453 3192 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
18:48:58.0609 3192 Srv - ok
18:48:58.0656 3192 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
18:48:58.0718 3192 SSDPSRV - ok
18:48:58.0765 3192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:48:58.0781 3192 ssmdrv - ok
18:48:58.0828 3192 stisvc (7e751068ada60fc77638622e86a7cd9e) C:\WINDOWS\system32\wiaservc.dll
18:48:58.0953 3192 stisvc - ok
18:48:59.0000 3192 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:48:59.0125 3192 swenum - ok
18:48:59.0156 3192 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
18:48:59.0281 3192 swmidi - ok
18:48:59.0296 3192 SwPrv - ok
18:48:59.0312 3192 symc810 - ok
18:48:59.0343 3192 symc8xx - ok
18:48:59.0375 3192 sym_hi - ok
18:48:59.0406 3192 sym_u3 - ok
18:48:59.0453 3192 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
18:48:59.0578 3192 sysaudio - ok
18:48:59.0625 3192 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
18:48:59.0750 3192 SysmonLog - ok
18:48:59.0828 3192 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll
18:48:59.0937 3192 TapiSrv - ok
18:49:00.0015 3192 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:49:00.0187 3192 Tcpip - ok
18:49:00.0250 3192 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:49:00.0390 3192 TDPIPE - ok
18:49:00.0453 3192 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
18:49:00.0562 3192 TDTCP - ok
18:49:00.0625 3192 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:49:00.0734 3192 TermDD - ok
18:49:00.0781 3192 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
18:49:00.0906 3192 TermService - ok
18:49:00.0984 3192 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
18:49:01.0109 3192 Themes - ok
18:49:01.0125 3192 TosIde - ok
18:49:01.0171 3192 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
18:49:01.0281 3192 TrkWks - ok
18:49:01.0343 3192 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
18:49:01.0500 3192 Udfs - ok
18:49:01.0515 3192 ultra - ok
18:49:01.0578 3192 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
18:49:01.0734 3192 Update - ok
18:49:01.0781 3192 upnphost (09d4a2d7c5a8abec227d118765faaddf) C:\WINDOWS\System32\upnphost.dll
18:49:01.0859 3192 upnphost - ok
18:49:01.0890 3192 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
18:49:02.0000 3192 UPS - ok
18:49:02.0062 3192 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:49:02.0187 3192 usbccgp - ok
18:49:02.0234 3192 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:49:02.0359 3192 usbehci - ok
18:49:02.0390 3192 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:49:02.0531 3192 usbhub - ok
18:49:02.0625 3192 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:49:02.0750 3192 usbprint - ok
18:49:02.0812 3192 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:49:02.0937 3192 usbscan - ok
18:49:02.0968 3192 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:49:03.0093 3192 usbstor - ok
18:49:03.0156 3192 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:49:03.0265 3192 usbuhci - ok
18:49:03.0296 3192 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
18:49:03.0406 3192 VgaSave - ok
18:49:03.0437 3192 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:49:03.0562 3192 ViaIde - ok
18:49:03.0625 3192 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
18:49:03.0750 3192 VIAudio - ok
18:49:03.0796 3192 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
18:49:03.0906 3192 VolSnap - ok
18:49:03.0984 3192 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
18:49:04.0062 3192 VSS - ok
18:49:04.0140 3192 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
18:49:04.0296 3192 W32Time - ok
18:49:04.0343 3192 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:49:04.0531 3192 Wanarp - ok
18:49:04.0531 3192 WDICA - ok
18:49:04.0578 3192 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
18:49:04.0781 3192 wdmaud - ok
18:49:04.0812 3192 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll
18:49:05.0031 3192 WebClient - ok
18:49:05.0109 3192 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:49:05.0296 3192 winmgmt - ok
18:49:05.0343 3192 WmdmPmSN (d68cc4ebf7b03fd770d5962295ad814e) C:\WINDOWS\system32\mspmsnsv.dll
18:49:05.0468 3192 WmdmPmSN - ok
18:49:05.0515 3192 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:49:05.0656 3192 WmiApSrv - ok
18:49:05.0828 3192 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:49:05.0937 3192 WPFFontCache_v0400 - ok
18:49:05.0968 3192 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
18:49:06.0125 3192 wscsvc - ok
18:49:06.0156 3192 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
18:49:06.0281 3192 wuauserv - ok
18:49:06.0328 3192 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
18:49:06.0500 3192 WZCSVC - ok
18:49:06.0531 3192 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
18:49:06.0671 3192 xmlprov - ok
18:49:06.0703 3192 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:49:07.0234 3192 \Device\Harddisk0\DR0 - ok
18:49:07.0265 3192 Boot (0x1200) (045fcb80311f5cdef9ecf6b0d681b54a) \Device\Harddisk0\DR0\Partition0
18:49:07.0265 3192 \Device\Harddisk0\DR0\Partition0 - ok
18:49:07.0281 3192 Boot (0x1200) (2e5dc041902eade2a4fafd039b616af2) \Device\Harddisk0\DR0\Partition1
18:49:07.0296 3192 \Device\Harddisk0\DR0\Partition1 - ok
18:49:07.0296 3192 ============================================================
18:49:07.0296 3192 Scan finished
18:49:07.0296 3192 ============================================================
18:49:07.0421 3184 Detected object count: 2
18:49:07.0421 3184 Actual detected object count: 2
00:29:59.0375 3184 idsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:29:59.0375 3184 idsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:29:59.0390 3184 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - skipped by user
00:29:59.0390 3184 NetTcpPortSharing ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:30:00.0703 2172 Deinitialize success
|
|
29.05.2012, 08:28
| #35 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 16:27
| #36 |
| | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Code:
ATTFilter Combofix Logfile: hoffe das hilft weiter ?! ach ja, es kam keine fehlermeldung oä. |
|
30.05.2012, 20:36
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.05.2012, 20:11
| #38 |
| | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Code:
ATTFilter GMER Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:15:33 on 31.05.2012 OS: Windows XP Home Edition Service Pack 2 (Build 2600) Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\DOKUME~1\Anwender\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft | File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "uxtdqpob" (uxtdqpob) - ? - C:\DOKUME~1\Anwender\LOKALE~1\Temp\uxtdqpob.sys (Hidden registry entry, rootkit activity | File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11f.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet "OpwareSE4" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" "SSBkgdUpdate" - "Scansoft, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaColorMon.dll "FRITZ!fax Port Monitor" - "AVM Berlin" - C:\WINDOWS\system32\FritzVistaMon.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] aswMBR läuft...  Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 21:18:18
-----------------------------
21:18:18.046 OS Version: Windows 5.1.2600 Service Pack 2
21:18:18.046 Number of processors: 1 586 0x2C02
21:18:18.046 ComputerName: BUERO UserName:
21:18:18.250 Initialize success
21:23:52.609 AVAST engine defs: 12053100
21:39:12.328 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Anwender\Desktop\aswMBR.txt"
|
|
31.05.2012, 20:49
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht. aswMBR ging irgendwie schief. Bitte nochmal richtig machen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2012, 15:32
| #40 |
| | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-01 16:22:48
-----------------------------
16:22:48.687 OS Version: Windows 5.1.2600 Service Pack 2
16:22:48.687 Number of processors: 1 586 0x2C02
16:22:48.687 ComputerName: BUERO UserName:
16:22:48.828 Initialize success
16:22:58.859 AVAST engine defs: 12053100
16:23:00.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-12
16:23:00.125 Disk 0 Vendor: ST3802110A 3.AAE Size: 76318MB BusType: 3
16:23:00.140 Disk 0 MBR read successfully
16:23:00.140 Disk 0 MBR scan
16:23:00.156 Disk 0 Windows XP default MBR code
16:23:00.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
16:23:00.171 Disk 0 Partition - 00 0F Extended LBA 16308 MB offset 122881185
16:23:00.203 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 16308 MB offset 122881248
16:23:00.234 Disk 0 scanning sectors +156280320
16:23:00.328 Disk 0 scanning C:\WINDOWS\system32\drivers
16:23:08.953 Service scanning
16:23:32.359 Modules scanning
16:23:44.234 Disk 0 trace - called modules:
16:23:44.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
16:23:44.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3cab8]
16:23:44.750 3 CLASSPNP.SYS[f75f105b] -> nt!IofCallDriver -> \Device\00000062[0x86f919e8]
16:23:44.765 5 ACPI.sys[f7466620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-12[0x86f80940]
16:23:44.906 AVAST engine scan C:\WINDOWS
16:23:48.781 AVAST engine scan C:\WINDOWS\system32
16:26:07.765 AVAST engine scan C:\WINDOWS\system32\drivers
16:26:17.234 AVAST engine scan C:\Dokumente und Einstellungen\Anwender
16:28:53.468 AVAST engine scan C:\Dokumente und Einstellungen\All Users
16:29:10.500 Scan finished successfully
16:30:38.656 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Anwender\Desktop\MBR.dat"
16:30:38.656 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Anwender\Desktop\aswMBR.txt"
|
|
02.06.2012, 15:17
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2012, 15:21
| #42 |
| | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.08.08 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Anwender :: BUERO [Administrator] Schutz: Aktiviert 08.05.2012 20:21:44 mbam-log-2012-05-08 (20-21-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210364 Laufzeit: 30 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
07.06.2012, 15:49
| #43 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht.Zitat:
 Wieso postest du ein vier Wochen altes Log??
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2012, 16:01
| #44 |
| | Nach Kaspersky Rescue CD sind alle Daten gelöscht. hoppla, sorry falscher anfang ... ():-) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.07.04 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Anwender :: BUERO [Administrator] Schutz: Deaktiviert 07.06.2012 15:36:34 mbam-log-2012-06-07 (15-36-34).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221226 Laufzeit: 41 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/07/2012 at 05:03 PM
Application Version : 5.0.1148
Core Rules Database Version : 8698
Trace Rules Database Version: 6510
Scan type : Quick Scan
Total Scan Time : 00:04:46
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator
Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 28752
Registry threats detected : 0
File items scanned : 6375
File threats detected : 28
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@ad.dyntracker[1].txt [ /ad.dyntracker ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@ad.zanox[1].txt [ /ad.zanox ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@ad4.adfarm1.adition[1].txt [ /ad4.adfarm1.adition ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@adfarm1.adition[2].txt [ /adfarm1.adition ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@adx.chip[2].txt [ /adx.chip ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@apmebf[1].txt [ /apmebf ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@atdmt[1].txt [ /atdmt ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@c.atdmt[2].txt [ /c.atdmt ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@c1.atdmt[1].txt [ /c1.atdmt ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@counter.hitslink[1].txt [ /counter.hitslink ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@doubleclick[1].txt [ /doubleclick ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@imrworldwide[2].txt [ /imrworldwide ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@invitemedia[2].txt [ /invitemedia ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@mediaplex[1].txt [ /mediaplex ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@revsci[2].txt [ /revsci ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@serving-sys[2].txt [ /serving-sys ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@smartadserver[2].txt [ /smartadserver ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@tracking.quisma[1].txt [ /tracking.quisma ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@unister-adservices[1].txt [ /unister-adservices ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@unister-adservices[2].txt [ /unister-adservices ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@unitymedia[2].txt [ /unitymedia ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@webmasterplan[2].txt [ /webmasterplan ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@www.windowsmedia[1].txt [ /www.windowsmedia ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@xiti[1].txt [ /xiti ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@zanox-affiliate[1].txt [ /zanox-affiliate ]
C:\Dokumente und Einstellungen\Anwender\Cookies\anwender@zanox[2].txt [ /zanox ]
|
|
07.06.2012, 20:04
| #45 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Kaspersky Rescue CD sind alle Daten gelöscht. Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach Kaspersky Rescue CD sind alle Daten gelöscht. |
| bilder, bildschirm, dateien, daten, direkt, excel, folge, folgende, funktioniert, gelöscht, hallo zusammen, internet, kaspersky, lizenz, meldung, microsoft, modus, nicht mehr, nichts, report, rescue cd, software, start, version, viren |
Linear-Darstellung
