Windows XP vom Suisa Trojaner befallen.

noob77 · 16.05.2012, 17:13

Ich hoffe, dass das der Log ist:

Code:

ATTFilter

18:06:06.0171 3496	TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
18:06:06.0250 3496	============================================================
18:06:06.0250 3496	Current date / time: 2012/05/16 18:06:06.0250
18:06:06.0250 3496	SystemInfo:
18:06:06.0250 3496	
18:06:06.0250 3496	OS Version: 5.1.2600 ServicePack: 3.0
18:06:06.0250 3496	Product type: Workstation
18:06:06.0250 3496	ComputerName: PC-FLEISCHMANN
18:06:06.0250 3496	UserName: Fleischmann
18:06:06.0250 3496	Windows directory: C:\WINDOWS
18:06:06.0250 3496	System windows directory: C:\WINDOWS
18:06:06.0250 3496	Processor architecture: Intel x86
18:06:06.0250 3496	Number of processors: 2
18:06:06.0250 3496	Page size: 0x1000
18:06:06.0250 3496	Boot type: Normal boot
18:06:06.0250 3496	============================================================
18:06:07.0062 3496	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:06:07.0109 3496	============================================================
18:06:07.0109 3496	\Device\Harddisk0\DR0:
18:06:07.0109 3496	MBR partitions:
18:06:07.0109 3496	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
18:06:07.0109 3496	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1869E598, BlocksNum 0x21CE66A9
18:06:07.0109 3496	============================================================
18:06:07.0125 3496	C: <-> \Device\Harddisk0\DR0\Partition0
18:06:07.0156 3496	D: <-> \Device\Harddisk0\DR0\Partition1
18:06:07.0156 3496	============================================================
18:06:07.0156 3496	Initialize success
18:06:07.0156 3496	============================================================
18:07:26.0453 1428	============================================================
18:07:26.0453 1428	Scan started
18:07:26.0453 1428	Mode: Manual; SigCheck; TDLFS; 
18:07:26.0453 1428	============================================================
18:07:26.0921 1428	Abiosdsk - ok
18:07:26.0921 1428	abp480n5 - ok
18:07:26.0953 1428	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:07:28.0265 1428	ACPI - ok
18:07:28.0281 1428	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:07:28.0390 1428	ACPIEC - ok
18:07:28.0453 1428	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:28.0468 1428	AdobeFlashPlayerUpdateSvc - ok
18:07:28.0468 1428	adpu160m - ok
18:07:28.0484 1428	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:07:28.0562 1428	aec - ok
18:07:28.0593 1428	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:07:28.0640 1428	AFD - ok
18:07:28.0640 1428	Aha154x - ok
18:07:28.0640 1428	aic78u2 - ok
18:07:28.0640 1428	aic78xx - ok
18:07:28.0671 1428	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
18:07:28.0750 1428	Alerter - ok
18:07:28.0765 1428	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
18:07:28.0828 1428	ALG - ok
18:07:28.0828 1428	AliIde - ok
18:07:28.0828 1428	amsint - ok
18:07:28.0890 1428	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:28.0906 1428	Apple Mobile Device - ok
18:07:28.0937 1428	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
18:07:29.0015 1428	AppMgmt - ok
18:07:29.0031 1428	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:07:29.0093 1428	Arp1394 - ok
18:07:29.0109 1428	asc - ok
18:07:29.0109 1428	asc3350p - ok
18:07:29.0109 1428	asc3550 - ok
18:07:29.0171 1428	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:07:29.0218 1428	aspnet_state - ok
18:07:29.0234 1428	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:07:29.0296 1428	AsyncMac - ok
18:07:29.0312 1428	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:07:29.0390 1428	atapi - ok
18:07:29.0421 1428	AtcL001         (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
18:07:29.0437 1428	AtcL001 - ok
18:07:29.0437 1428	Atdisk - ok
18:07:29.0500 1428	Ati HotKey Poller (43c1105ca8492931b45f1a090fa562c8) C:\WINDOWS\system32\Ati2evxx.exe
18:07:29.0546 1428	Ati HotKey Poller - ok
18:07:29.0765 1428	ati2mtag        (c026951271d59ff97deb2a6b4895b416) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:07:29.0859 1428	ati2mtag - ok
18:07:29.0953 1428	AtiHdmiService  (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:07:30.0000 1428	AtiHdmiService - ok
18:07:30.0031 1428	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:07:30.0093 1428	Atmarpc - ok
18:07:30.0171 1428	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
18:07:30.0312 1428	AudioSrv - ok
18:07:30.0343 1428	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:07:30.0406 1428	audstub - ok
18:07:30.0437 1428	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:07:30.0500 1428	Beep - ok
18:07:30.0562 1428	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
18:07:30.0734 1428	BITS - ok
18:07:30.0812 1428	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
18:07:30.0828 1428	Bonjour Service - ok
18:07:30.0843 1428	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
18:07:30.0921 1428	Browser - ok
18:07:30.0937 1428	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:07:31.0015 1428	cbidf2k - ok
18:07:31.0046 1428	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:07:31.0109 1428	CCDECODE - ok
18:07:31.0109 1428	cd20xrnt - ok
18:07:31.0125 1428	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:07:31.0203 1428	Cdaudio - ok
18:07:31.0203 1428	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:07:31.0265 1428	Cdfs - ok
18:07:31.0281 1428	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:07:31.0359 1428	Cdrom - ok
18:07:31.0359 1428	Changer - ok
18:07:31.0375 1428	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
18:07:31.0453 1428	CiSvc - ok
18:07:31.0468 1428	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
18:07:31.0531 1428	ClipSrv - ok
18:07:31.0593 1428	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:31.0703 1428	clr_optimization_v2.0.50727_32 - ok
18:07:31.0703 1428	CmdIde - ok
18:07:31.0703 1428	COMSysApp - ok
18:07:31.0718 1428	Cpqarray - ok
18:07:31.0718 1428	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
18:07:31.0796 1428	CryptSvc - ok
18:07:31.0796 1428	dac2w2k - ok
18:07:31.0796 1428	dac960nt - ok
18:07:31.0828 1428	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:07:31.0875 1428	DcomLaunch - ok
18:07:31.0906 1428	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
18:07:31.0984 1428	Dhcp - ok
18:07:32.0000 1428	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:07:32.0078 1428	Disk - ok
18:07:32.0078 1428	dmadmin - ok
18:07:32.0140 1428	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:07:32.0234 1428	dmboot - ok
18:07:32.0234 1428	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:07:32.0312 1428	dmio - ok
18:07:32.0343 1428	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:07:32.0406 1428	dmload - ok
18:07:32.0500 1428	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
18:07:32.0578 1428	dmserver - ok
18:07:32.0578 1428	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:07:32.0640 1428	DMusic - ok
18:07:32.0671 1428	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
18:07:32.0718 1428	Dnscache - ok
18:07:32.0750 1428	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
18:07:32.0812 1428	Dot3svc - ok
18:07:32.0812 1428	dpti2o - ok
18:07:32.0843 1428	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:07:32.0906 1428	drmkaud - ok
18:07:32.0921 1428	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
18:07:33.0000 1428	EapHost - ok
18:07:33.0031 1428	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
18:07:33.0109 1428	ERSvc - ok
18:07:33.0140 1428	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:07:33.0156 1428	Eventlog - ok
18:07:33.0203 1428	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
18:07:33.0234 1428	EventSystem - ok
18:07:33.0250 1428	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:07:33.0328 1428	Fastfat - ok
18:07:33.0359 1428	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:07:33.0390 1428	FastUserSwitchingCompatibility - ok
18:07:33.0406 1428	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:07:33.0468 1428	Fdc - ok
18:07:33.0468 1428	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:07:33.0531 1428	Fips - ok
18:07:33.0546 1428	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:07:33.0625 1428	Flpydisk - ok
18:07:33.0640 1428	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:07:33.0703 1428	FltMgr - ok
18:07:33.0796 1428	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:07:33.0796 1428	FontCache3.0.0.0 - ok
18:07:33.0812 1428	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:07:33.0890 1428	Fs_Rec - ok
18:07:33.0906 1428	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:07:33.0984 1428	Ftdisk - ok
18:07:34.0015 1428	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:07:34.0015 1428	GEARAspiWDM - ok
18:07:34.0046 1428	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:07:34.0109 1428	Gpc - ok
18:07:34.0140 1428	GTNDIS5         (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
18:07:34.0140 1428	GTNDIS5 ( UnsignedFile.Multi.Generic ) - warning
18:07:34.0140 1428	GTNDIS5 - detected UnsignedFile.Multi.Generic (1)
18:07:34.0218 1428	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
18:07:34.0234 1428	gupdate - ok
18:07:34.0234 1428	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
18:07:34.0234 1428	gupdatem - ok
18:07:34.0281 1428	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
18:07:34.0281 1428	gusvc - ok
18:07:34.0312 1428	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:07:34.0375 1428	HDAudBus - ok
18:07:34.0421 1428	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:07:34.0500 1428	helpsvc - ok
18:07:34.0531 1428	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
18:07:34.0609 1428	HidServ - ok
18:07:34.0609 1428	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:07:34.0671 1428	hidusb - ok
18:07:34.0703 1428	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
18:07:34.0781 1428	hkmsvc - ok
18:07:34.0828 1428	HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
18:07:34.0875 1428	HP Port Resolver - ok
18:07:34.0890 1428	HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
18:07:34.0921 1428	HP Status Server - ok
18:07:34.0921 1428	hpn - ok
18:07:34.0968 1428	HTCAND32        (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
18:07:35.0000 1428	HTCAND32 - ok
18:07:35.0015 1428	htcnprot        (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
18:07:35.0046 1428	htcnprot - ok
18:07:35.0078 1428	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:07:35.0109 1428	HTTP - ok
18:07:35.0125 1428	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
18:07:35.0187 1428	HTTPFilter - ok
18:07:35.0187 1428	i2omgmt - ok
18:07:35.0203 1428	i2omp - ok
18:07:35.0218 1428	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:07:35.0296 1428	i8042prt - ok
18:07:35.0390 1428	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:07:35.0421 1428	idsvc - ok
18:07:35.0453 1428	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:07:35.0531 1428	Imapi - ok
18:07:35.0562 1428	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
18:07:35.0640 1428	ImapiService - ok
18:07:35.0640 1428	ini910u - ok
18:07:35.0828 1428	IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:07:35.0968 1428	IntcAzAudAddService - ok
18:07:36.0031 1428	IntelIde - ok
18:07:36.0062 1428	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:07:36.0125 1428	intelppm - ok
18:07:36.0156 1428	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:07:36.0218 1428	Ip6Fw - ok
18:07:36.0250 1428	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:07:36.0328 1428	IpFilterDriver - ok
18:07:36.0343 1428	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:07:36.0421 1428	IpInIp - ok
18:07:36.0437 1428	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:07:36.0515 1428	IpNat - ok
18:07:36.0593 1428	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
18:07:36.0625 1428	iPod Service - ok
18:07:36.0625 1428	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:07:36.0703 1428	IPSec - ok
18:07:36.0718 1428	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:07:36.0796 1428	IRENUM - ok
18:07:36.0812 1428	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:07:36.0875 1428	isapnp - ok
18:07:36.0953 1428	JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Programme\Java\jre6\bin\jqs.exe
18:07:36.0968 1428	JavaQuickStarterService - ok
18:07:36.0984 1428	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:07:37.0046 1428	Kbdclass - ok
18:07:37.0062 1428	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:07:37.0125 1428	kbdhid - ok
18:07:37.0156 1428	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:07:37.0218 1428	kmixer - ok
18:07:37.0234 1428	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:07:37.0312 1428	KSecDD - ok
18:07:37.0328 1428	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
18:07:37.0343 1428	lanmanserver - ok
18:07:37.0390 1428	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
18:07:37.0406 1428	lanmanworkstation - ok
18:07:37.0406 1428	lbrtfdc - ok
18:07:37.0421 1428	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
18:07:37.0484 1428	LmHosts - ok
18:07:37.0500 1428	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
18:07:37.0578 1428	Messenger - ok
18:07:37.0640 1428	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
18:07:37.0656 1428	Microsoft Office Groove Audit Service - ok
18:07:37.0687 1428	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:07:37.0750 1428	mnmdd - ok
18:07:37.0781 1428	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
18:07:37.0843 1428	mnmsrvc - ok
18:07:37.0890 1428	mod7700         (cca3c610519e98e9eb99ce137f7a4105) C:\WINDOWS\system32\Drivers\dvb7700all.sys
18:07:37.0937 1428	mod7700 - ok
18:07:37.0953 1428	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:07:38.0031 1428	Modem - ok
18:07:38.0046 1428	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:07:38.0125 1428	Mouclass - ok
18:07:38.0140 1428	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:07:38.0218 1428	mouhid - ok
18:07:38.0234 1428	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:07:38.0296 1428	MountMgr - ok
18:07:38.0296 1428	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
18:07:38.0375 1428	MPE - ok
18:07:38.0375 1428	mraid35x - ok
18:07:38.0390 1428	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:07:38.0453 1428	MRxDAV - ok
18:07:38.0484 1428	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:38.0531 1428	MRxSmb - ok
18:07:38.0562 1428	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
18:07:38.0625 1428	MSDTC - ok
18:07:38.0625 1428	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:07:38.0687 1428	Msfs - ok
18:07:38.0687 1428	MSIServer - ok
18:07:38.0703 1428	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:38.0765 1428	MSKSSRV - ok
18:07:38.0781 1428	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:38.0843 1428	MSPCLOCK - ok
18:07:38.0843 1428	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:38.0921 1428	MSPQM - ok
18:07:38.0937 1428	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:07:39.0000 1428	mssmbios - ok
18:07:39.0015 1428	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:07:39.0078 1428	MSTEE - ok
18:07:39.0109 1428	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:07:39.0125 1428	MTsensor - ok
18:07:39.0156 1428	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:07:39.0156 1428	Mup - ok
18:07:39.0171 1428	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:07:39.0250 1428	NABTSFEC - ok
18:07:39.0281 1428	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
18:07:39.0359 1428	napagent - ok
18:07:39.0375 1428	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:07:39.0453 1428	NDIS - ok
18:07:39.0468 1428	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:07:39.0531 1428	NdisIP - ok
18:07:39.0546 1428	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:39.0578 1428	NdisTapi - ok
18:07:39.0593 1428	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:39.0671 1428	Ndisuio - ok
18:07:39.0687 1428	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:39.0765 1428	NdisWan - ok
18:07:39.0781 1428	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:39.0796 1428	NDProxy - ok
18:07:39.0796 1428	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:39.0875 1428	NetBIOS - ok
18:07:39.0890 1428	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:07:39.0968 1428	NetBT - ok
18:07:40.0000 1428	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:07:40.0062 1428	NetDDE - ok
18:07:40.0062 1428	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:07:40.0125 1428	NetDDEdsdm - ok
18:07:40.0156 1428	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:40.0218 1428	Netlogon - ok
18:07:40.0218 1428	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
18:07:40.0281 1428	Netman - ok
18:07:40.0343 1428	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:07:40.0343 1428	NetTcpPortSharing - ok
18:07:40.0359 1428	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:07:40.0421 1428	NIC1394 - ok
18:07:40.0453 1428	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
18:07:40.0468 1428	Nla - ok
18:07:40.0500 1428	NMIndexingService - ok
18:07:40.0500 1428	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:07:40.0562 1428	Npfs - ok
18:07:40.0609 1428	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:40.0687 1428	Ntfs - ok
18:07:40.0687 1428	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:40.0750 1428	NtLmSsp - ok
18:07:40.0781 1428	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
18:07:40.0859 1428	NtmsSvc - ok
18:07:40.0890 1428	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:07:40.0968 1428	Null - ok
18:07:40.0984 1428	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:07:41.0046 1428	NwlnkFlt - ok
18:07:41.0078 1428	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:07:41.0156 1428	NwlnkFwd - ok
18:07:41.0218 1428	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
18:07:41.0234 1428	odserv - ok
18:07:41.0250 1428	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:07:41.0328 1428	ohci1394 - ok
18:07:41.0359 1428	ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:07:41.0375 1428	ose - ok
18:07:41.0390 1428	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
18:07:41.0453 1428	Parport - ok
18:07:41.0468 1428	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:07:41.0546 1428	PartMgr - ok
18:07:41.0562 1428	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:07:41.0625 1428	ParVdm - ok
18:07:41.0671 1428	PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
18:07:41.0687 1428	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
18:07:41.0687 1428	PassThru Service - detected UnsignedFile.Multi.Generic (1)
18:07:41.0687 1428	PCASp50 - ok
18:07:41.0718 1428	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:07:41.0734 1428	pccsmcfd - ok
18:07:41.0750 1428	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:07:41.0828 1428	PCI - ok
18:07:41.0828 1428	PCIDump - ok
18:07:41.0843 1428	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:07:41.0906 1428	PCIIde - ok
18:07:41.0921 1428	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:07:41.0984 1428	Pcmcia - ok
18:07:42.0000 1428	PDCOMP - ok
18:07:42.0000 1428	PDFRAME - ok
18:07:42.0000 1428	PDRELI - ok
18:07:42.0000 1428	PDRFRAME - ok
18:07:42.0000 1428	perc2 - ok
18:07:42.0000 1428	perc2hib - ok
18:07:42.0031 1428	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:07:42.0046 1428	PlugPlay - ok
18:07:42.0062 1428	Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
18:07:42.0093 1428	Pml Driver HPZ12 - ok
18:07:42.0109 1428	PnkBstrA        (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
18:07:42.0109 1428	PnkBstrA - ok
18:07:42.0125 1428	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:42.0187 1428	PolicyAgent - ok
18:07:42.0203 1428	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:07:42.0281 1428	PptpMiniport - ok
18:07:42.0281 1428	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:42.0343 1428	ProtectedStorage - ok
18:07:42.0343 1428	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:07:42.0421 1428	PSched - ok
18:07:42.0453 1428	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:07:42.0515 1428	Ptilink - ok
18:07:42.0531 1428	PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:07:42.0546 1428	PxHelp20 - ok
18:07:42.0546 1428	ql1080 - ok
18:07:42.0562 1428	Ql10wnt - ok
18:07:42.0562 1428	ql12160 - ok
18:07:42.0562 1428	ql1240 - ok
18:07:42.0562 1428	ql1280 - ok
18:07:42.0578 1428	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:42.0640 1428	RasAcd - ok
18:07:42.0656 1428	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
18:07:42.0718 1428	RasAuto - ok
18:07:42.0734 1428	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:07:42.0796 1428	Rasl2tp - ok
18:07:42.0828 1428	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
18:07:42.0906 1428	RasMan - ok
18:07:42.0906 1428	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:42.0968 1428	RasPppoe - ok
18:07:42.0984 1428	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:07:43.0062 1428	Raspti - ok
18:07:43.0078 1428	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:43.0140 1428	Rdbss - ok
18:07:43.0156 1428	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:07:43.0218 1428	RDPCDD - ok
18:07:43.0234 1428	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:07:43.0296 1428	rdpdr - ok
18:07:43.0328 1428	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:07:43.0375 1428	RDPWD - ok
18:07:43.0390 1428	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
18:07:43.0468 1428	RDSessMgr - ok
18:07:43.0468 1428	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:07:43.0546 1428	redbook - ok
18:07:43.0562 1428	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
18:07:43.0625 1428	RemoteAccess - ok
18:07:43.0640 1428	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
18:07:43.0703 1428	RemoteRegistry - ok
18:07:43.0718 1428	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
18:07:43.0781 1428	RpcLocator - ok
18:07:43.0828 1428	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:07:43.0843 1428	RpcSs - ok
18:07:43.0875 1428	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:07:43.0953 1428	RSVP - ok
18:07:43.0984 1428	RT2500          (e2988349fe0567cbe4161cc653575a8e) C:\WINDOWS\system32\DRIVERS\RT2500.sys
18:07:44.0015 1428	RT2500 - ok
18:07:44.0078 1428	RTL8192su       (e598def689b7f137d478c2d2a65c6998) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
18:07:44.0093 1428	RTL8192su ( UnsignedFile.Multi.Generic ) - warning
18:07:44.0093 1428	RTL8192su - detected UnsignedFile.Multi.Generic (1)
18:07:44.0109 1428	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:44.0171 1428	SamSs - ok
18:07:44.0203 1428	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
18:07:44.0281 1428	SCardSvr - ok
18:07:44.0312 1428	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
18:07:44.0375 1428	Schedule - ok
18:07:44.0406 1428	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:07:44.0468 1428	Secdrv - ok
18:07:44.0484 1428	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
18:07:44.0546 1428	seclogon - ok
18:07:44.0562 1428	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
18:07:44.0640 1428	SENS - ok
18:07:44.0656 1428	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:07:44.0734 1428	serenum - ok
18:07:44.0750 1428	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:07:44.0812 1428	Serial - ok
18:07:44.0906 1428	ServiceLayer    (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
18:07:44.0937 1428	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
18:07:44.0937 1428	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
18:07:44.0937 1428	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:07:45.0015 1428	Sfloppy - ok
18:07:45.0031 1428	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
18:07:45.0109 1428	SharedAccess - ok
18:07:45.0156 1428	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:07:45.0156 1428	ShellHWDetection - ok
18:07:45.0156 1428	Simbad - ok
18:07:45.0234 1428	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Programme\Skype\Updater\Updater.exe
18:07:45.0234 1428	SkypeUpdate - ok
18:07:45.0250 1428	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:07:45.0328 1428	SLIP - ok
18:07:45.0328 1428	Sparrow - ok
18:07:45.0343 1428	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:07:45.0421 1428	splitter - ok
18:07:45.0453 1428	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:07:45.0468 1428	Spooler - ok
18:07:45.0468 1428	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:07:45.0531 1428	sr - ok
18:07:45.0578 1428	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
18:07:45.0640 1428	srservice - ok
18:07:45.0656 1428	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:45.0703 1428	Srv - ok
18:07:45.0718 1428	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
18:07:45.0796 1428	SSDPSRV - ok
18:07:45.0828 1428	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
18:07:45.0890 1428	stisvc - ok
18:07:45.0906 1428	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:07:45.0984 1428	streamip - ok
18:07:46.0015 1428	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:07:46.0078 1428	swenum - ok
18:07:46.0109 1428	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:07:46.0171 1428	swmidi - ok
18:07:46.0171 1428	SwPrv - ok
18:07:46.0171 1428	symc810 - ok
18:07:46.0171 1428	symc8xx - ok
18:07:46.0187 1428	sym_hi - ok
18:07:46.0187 1428	sym_u3 - ok
18:07:46.0187 1428	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:07:46.0250 1428	sysaudio - ok
18:07:46.0281 1428	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
18:07:46.0343 1428	SysmonLog - ok
18:07:46.0375 1428	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
18:07:46.0437 1428	TapiSrv - ok
18:07:46.0484 1428	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:46.0515 1428	Tcpip - ok
18:07:46.0531 1428	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:07:46.0593 1428	TDPIPE - ok
18:07:46.0609 1428	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:07:46.0671 1428	TDTCP - ok
18:07:46.0687 1428	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:07:46.0750 1428	TermDD - ok
18:07:46.0781 1428	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
18:07:46.0859 1428	TermService - ok
18:07:46.0875 1428	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:07:46.0890 1428	Themes - ok
18:07:46.0906 1428	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
18:07:46.0968 1428	TlntSvr - ok
18:07:46.0968 1428	TosIde - ok
18:07:47.0000 1428	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
18:07:47.0062 1428	TrkWks - ok
18:07:47.0078 1428	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:07:47.0140 1428	Udfs - ok
18:07:47.0156 1428	ultra - ok
18:07:47.0187 1428	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:07:47.0281 1428	Update - ok
18:07:47.0296 1428	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
18:07:47.0375 1428	upnphost - ok
18:07:47.0375 1428	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
18:07:47.0437 1428	UPS - ok
18:07:47.0468 1428	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:07:47.0484 1428	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:07:47.0484 1428	USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:07:47.0500 1428	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:07:47.0562 1428	usbaudio - ok
18:07:47.0578 1428	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:07:47.0640 1428	usbccgp - ok
18:07:47.0656 1428	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:07:47.0718 1428	usbehci - ok
18:07:47.0734 1428	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:07:47.0796 1428	usbhub - ok
18:07:47.0812 1428	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:07:47.0875 1428	usbprint - ok
18:07:47.0875 1428	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:07:47.0937 1428	USBSTOR - ok
18:07:47.0937 1428	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:07:48.0000 1428	usbuhci - ok
18:07:48.0015 1428	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:07:48.0078 1428	VgaSave - ok
18:07:48.0078 1428	ViaIde - ok
18:07:48.0078 1428	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:07:48.0140 1428	VolSnap - ok
18:07:48.0171 1428	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
18:07:48.0234 1428	VSS - ok
18:07:48.0250 1428	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
18:07:48.0312 1428	W32Time - ok
18:07:48.0312 1428	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:07:48.0375 1428	Wanarp - ok
18:07:48.0421 1428	Wdf01000        (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:07:48.0437 1428	Wdf01000 - ok
18:07:48.0437 1428	WDICA - ok
18:07:48.0468 1428	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:07:48.0546 1428	wdmaud - ok
18:07:48.0562 1428	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
18:07:48.0640 1428	WebClient - ok
18:07:48.0687 1428	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:07:48.0765 1428	winmgmt - ok
18:07:48.0796 1428	WLNdis50        (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
18:07:48.0796 1428	WLNdis50 ( UnsignedFile.Multi.Generic ) - warning
18:07:48.0796 1428	WLNdis50 - detected UnsignedFile.Multi.Generic (1)
18:07:48.0843 1428	WLSVC           (5bf6d377d3c277a3a174cafae32e5831) C:\Programme\TRENDnet\TEW-648UB\WLSVC.exe
18:07:48.0843 1428	WLSVC ( UnsignedFile.Multi.Generic ) - warning
18:07:48.0843 1428	WLSVC - detected UnsignedFile.Multi.Generic (1)
18:07:48.0875 1428	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:07:48.0906 1428	WmdmPmSN - ok
18:07:48.0968 1428	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
18:07:49.0000 1428	Wmi - ok
18:07:49.0015 1428	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:07:49.0078 1428	WmiApSrv - ok
18:07:49.0109 1428	WMP54Gv4SVC     (ccfdecd6060ea8eb0f8466782a97ff21) C:\Programme\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
18:07:49.0109 1428	WMP54Gv4SVC ( UnsignedFile.Multi.Generic ) - warning
18:07:49.0109 1428	WMP54Gv4SVC - detected UnsignedFile.Multi.Generic (1)
18:07:49.0203 1428	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
18:07:49.0234 1428	WMPNetworkSvc - ok
18:07:49.0265 1428	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
18:07:49.0328 1428	wscsvc - ok
18:07:49.0375 1428	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:07:49.0437 1428	WSTCODEC - ok
18:07:49.0453 1428	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
18:07:49.0531 1428	wuauserv - ok
18:07:49.0562 1428	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:07:49.0578 1428	WudfPf - ok
18:07:49.0593 1428	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:07:49.0687 1428	WudfSvc - ok
18:07:49.0734 1428	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
18:07:49.0812 1428	WZCSVC - ok
18:07:49.0828 1428	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
18:07:49.0921 1428	xmlprov - ok
18:07:49.0937 1428	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:07:50.0328 1428	\Device\Harddisk0\DR0 - ok
18:07:50.0328 1428	Boot (0x1200)   (315e1a3b42c58005eaea7dc89de19bb9) \Device\Harddisk0\DR0\Partition0
18:07:50.0328 1428	\Device\Harddisk0\DR0\Partition0 - ok
18:07:50.0343 1428	Boot (0x1200)   (9df2de385d126668114fdc2454f51165) \Device\Harddisk0\DR0\Partition1
18:07:50.0343 1428	\Device\Harddisk0\DR0\Partition1 - ok
18:07:50.0343 1428	============================================================
18:07:50.0343 1428	Scan finished
18:07:50.0343 1428	============================================================
18:07:50.0453 1140	Detected object count: 8
18:07:50.0453 1140	Actual detected object count: 8
18:08:13.0640 1140	GTNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	GTNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	RTL8192su ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	RTL8192su ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	WLNdis50 ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	WLNdis50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	WLSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	WLSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:08:13.0640 1140	WMP54Gv4SVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:13.0640 1140	WMP54Gv4SVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 16.05.2012, 20:57

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

noob77 · 17.05.2012, 13:13

Der ComboFix zeigt mir an, dass sich Norton 360 auf meinem PC befindet und ich den deaktivieren soll.
Nun habe ich das Problem, dass ich Norton nirgens finden kann.
Weder in der Systemsteuerung --> Software noch bei allen Programmen.
Was soll ich nun machen?

cosinus · 17.05.2012, 18:17

Wenn das nicht drauf ist, kannst du diese Meldung ignorieren und einfach weitermachen

noob77 · 17.05.2012, 18:49

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-17.05 - Fleischmann 17.05.2012  19:36:07.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.41.1031.18.3327.2506 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Fleischmann\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Fleischmann\Favoriten\Thumbs.db
c:\dokumente und einstellungen\Fleischmann\Recent\Thumbs.db
c:\dokumente und einstellungen\Fleischmann\WINDOWS
c:\windows\system32\HPZipm12.1
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PASSWORD
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-17 bis 2012-05-17  ))))))))))))))))))))))))))))))
.
.
2012-05-15 16:01 . 2012-05-15 16:01	--------	d-----w-	c:\dokumente und einstellungen\Fleischmann\Anwendungsdaten\Outlook
2012-05-15 16:00 . 2007-11-27 01:24	14640	------w-	c:\windows\system32\spmsgXP_2k3.dll
2012-05-15 15:54 . 2009-06-10 13:49	24576	----a-w-	c:\windows\system32\drivers\ANDROIDUSB.sys
2012-05-15 15:54 . 2009-06-09 11:41	1122664	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2012-05-15 15:54 . 2012-05-15 15:54	--------	d-----w-	c:\programme\Spirent Communications
2012-05-15 15:54 . 2012-05-16 16:14	--------	d-----w-	c:\programme\HTC
2012-05-15 15:54 . 2012-05-15 15:54	--------	d-----w-	c:\programme\Gemeinsame Dateien\Adobe AIR
2012-05-12 10:28 . 2012-05-12 10:28	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-05-12 10:28 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-11 23:40 . 2012-05-11 23:40	--------	d-----w-	c:\programme\ESET
2012-05-11 15:45 . 2012-05-11 15:45	--------	d-----w-	c:\dokumente und einstellungen\Fleischmann\Anwendungsdaten\Malwarebytes
2012-05-11 15:44 . 2012-05-11 15:44	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-05-10 15:24 . 2012-05-10 15:24	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Favoriten
2012-05-09 02:10 . 2012-05-09 02:10	--------	d-----w-	C:\_OTL
2012-05-08 20:15 . 2012-05-10 19:13	--------	d-----w-	c:\windows\system32\NtmsData
2012-05-07 16:18 . 2012-05-07 16:18	--------	d-----w-	c:\dokumente und einstellungen\Administrator
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 19:44 . 2012-04-02 16:26	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-08 19:44 . 2012-01-22 18:16	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2007-10-29 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2007-10-29 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2007-10-29 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2007-10-29 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2007-10-29 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2007-10-29 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2007-10-29 12:00	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-10-29 12:00	385024	----a-w-	c:\windows\system32\html.iec
2011-05-18 18:25 . 2011-05-18 18:25	142296	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Wireless Configuration Utility.lnk - c:\programme\TRENDnet\TEW-648UB\WlanCU.exe [2010-7-22 368640]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41	49152	----a-w-	c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05	421736	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2008-04-18 18:57	20480	----a-w-	c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12	3872080	----a-w-	c:\programme\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 10:56	39408	----a-w-	c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"N360"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Trend\\Clusterball\\Clusterballs.exe"=
"c:\\Programme\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Programme\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Programme\\Steam\\SteamApps\\muesch\\day of defeat source\\hl2.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Steam\\SteamApps\\muesch\\counter-strike source\\hl2.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R2 PassThru Service;Internet Pass-Through Service;c:\programme\HTC\Internet Pass-Through\PassThruSvr.exe [23.03.2012 14:25 87040]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [22.07.2010 14:41 20480]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [18.04.2008 11:20 38656]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [01.02.2010 13:41 135664]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [15.02.2012 14:30 158856]
S2 WLSVC;WLSVC;c:\programme\TRENDnet\TEW-648UB\WLSVC.exe [22.07.2010 14:45 167936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [02.04.2012 18:26 257696]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [01.02.2010 13:41 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [15.05.2012 17:54 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.06.2010 18:01 21248]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [22.07.2010 14:45 587392]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - GTNDIS5
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 19:44]
.
2012-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:57]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-01 11:41]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-01 11:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uInternet Connection Wizard,ShellNext = hxxp://www.google.ch/
uInternet Settings,ProxyOverride = localhost;*.local
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Fleischmann\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Fleischmann\Anwendungsdaten\Mozilla\Firefox\Profiles\hty4jsbx.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-MobiLink Lite - c:\programme\Novatel Wireless\MobiLink\Lite.exe
MSConfigStartUp-NeroFilterCheck - c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Studio_is1 - c:\programme\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-Multicheck-Kurztest - c:\multicheck\DeIsL2.isu
AddRemove-softonic-de3 Toolbar - c:\programme\softonic-de3\uninstall.exe
AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - c:\programme\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\programme\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-17 19:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3604)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Samsung\Samsung PC Studio 7\phonebrowser.dll
c:\programme\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\programme\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\programme\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-17  19:46:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-17 17:46
.
Vor Suchlauf: 9 Verzeichnis(se), 75'904'438'272 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 78'987'145'216 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EB91121197D7D5C7D23EE3DBEC8D90F6

--- --- ---

cosinus · 17.05.2012, 19:12

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

noob77 · 18.05.2012, 16:39

Ich habe jetzt einen Log vom aswMBR und einen Log von osam auf dem Desktop.
Nun versteh ich nicht ganz, wie ich den Log vom awMBR mit dem osam erstellen und posten soll

Mit, [ code ] Text [ /code ] , soll ich ja nicht mehr posten.

cosinus · 19.05.2012, 12:08

Zitat:

Mit, [ code ] Text [ /code ] , soll ich ja nicht mehr posten.

Wie kommst du auf diesen Unsinn?! Natürlich sollst du die Logs in CODE-Tags posten!

noob77 · 19.05.2012, 14:36

Du sagtest:
Bitte nun Logs mit GMER und OSAM erstellen und posten.

Log vom aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-17 20:24:13
-----------------------------
20:24:13.500    OS Version: Windows 5.1.2600 Service Pack 3
20:24:13.500    Number of processors: 2 586 0xF0B
20:24:13.500    ComputerName: PC-FLEISCHMANN  UserName: Fleischmann
20:24:14.062    Initialize success
20:28:05.390    AVAST engine defs: 12051700
20:29:31.343    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
20:29:31.359    Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476940MB BusType: 3
20:29:31.375    Disk 0 MBR read successfully
20:29:31.375    Disk 0 MBR scan
20:29:31.390    Disk 0 Windows XP default MBR code
20:29:31.390    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       199996 MB offset 63
20:29:31.421    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       276940 MB offset 409593240
20:29:31.421    Disk 0 scanning sectors +976768065
20:29:31.484    Disk 0 scanning C:\WINDOWS\system32\drivers
20:29:37.718    Service scanning
20:29:46.343    Modules scanning
20:29:53.125    Disk 0 trace - called modules:
20:29:53.125    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:29:53.125    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b181ab8]
20:29:53.125    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8b1a49e8]
20:29:53.125    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-12[0x8b183d98]
20:29:53.625    AVAST engine scan C:\WINDOWS
20:30:10.250    AVAST engine scan C:\WINDOWS\system32
20:32:09.531    AVAST engine scan C:\WINDOWS\system32\drivers
20:32:22.515    AVAST engine scan C:\Dokumente und Einstellungen\Fleischmann
20:58:36.578    AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:59:56.421    Scan finished successfully
21:03:04.906    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Fleischmann\Desktop\MBR.dat"
21:03:04.906    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Fleischmann\Desktop\LOg vom aswMBR.txt"

cosinus · 20.05.2012, 19:43

Zitat:

Du sagtest:
Bitte nun Logs mit GMER und OSAM erstellen und posten.

Und was ist daran nicht zu versehen? Soll ich jetzt jedesmal reinschreiben, dass du die Logs on CODE-Tags zu posten hast?
Was ist denn nun mit OSAM und GMER?

noob77 · 21.05.2012, 19:12

Sorry, ich habe dich missverstanden.
Ich dachte, ich muss mit Hilfe von OSAM oder GMER einen Log vom aswMBR erstellen.

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:05:32 on 21.05.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SamsungConnectionManager" - ? - C:\PROGRA~1\Samsung\SAMSUN~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"GTNDIS5 NDIS Protocol Driver" (GTNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\GTNDIS5.SYS
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter" (RTL8192su) - "Realtek Semiconductor Corporation                           " - C:\WINDOWS\System32\DRIVERS\RTL8192su.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Wireless Lan NDIS Protocol I/O Control" (WLNdis50) - ? - C:\WINDOWS\System32\DRIVERS\wlndis50.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{B062CBE9-07D9-4EA1-A103-3041708C2392} "Samsung Phone Browser" - ? - C:\Programme\Samsung\Samsung PC Studio 7\phonebrowser.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{A40526DD-F152-4C1D-844C-CE668D29B77E} "Shell extension for NTP" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{f955b925-355b-47f5-891f-85576a173ac2} "StructureFilePreview.StructureFileThumbnailExtention" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{85b625bf-db20-4606-850b-5770bdb78771} "StructureFilePreview.StructureFileThumbnailProvider" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Wireless Configuration Utility.lnk" - ? - C:\Programme\TRENDnet\TEW-648UB\WlanCU.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Fleischmann\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /minimized /regrun
"Sonexaavad" - ? - "C:\Dokumente und Einstellungen\Fleischmann\Anwendungsdaten\Vopy\woyly.exe"  (File found, but it contains no detailed information)
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Internet Pass-Through Service" (PassThru Service) - ? - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"NMIndexingService" (NMIndexingService) - ? - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe"  (File not found)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WLSVC" (WLSVC) - ? - C:\Programme\TRENDnet\TEW-648UB\WLSVC.exe
"WMP54Gv4SVC" (WMP54Gv4SVC) - "GEMTEKS" - C:\Programme\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

Nun habe ich ein anderes Problem.
Beim Herunterladen vom GMER öffnet sich eine Seite mit '' Error 404 ( Not found ) ''.
Was nun?

cosinus · 21.05.2012, 20:08

Zitat:

Beim Herunterladen vom GMER öffnet sich eine Seite mit '' Error 404 ( Not found ) ''.

Du klickst auch hier drauf => GMER - Rootkit Detector and Remover

noob77 · 25.05.2012, 19:00

Sobald ich auf den Link klicke, öffnet sich bei mir Google...

cosinus · 25.05.2012, 23:30

Sowas kann eigentlich nur ein DNS-Problem sein

Aus dem Stegreif fallen mir drei mögliche Stellen ein wo man nachschauen muss

1.) Hosts-Datei
2.) DNS-Einstellung auf diesem Rechner
3.) eingestellter DNS-Server auf deinem Router

Ich glaube 3.) ist am wahrscheinlichsten, denn dein Rechner nimmt lt. Log die DNS-Vorgaben die auch in deinem Router hinterlegt sind

Wurde vom Router mal das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst! Und achte bei EInsatz von WLAN auf sichere Verschlüsselungen!

noob77 · 01.06.2012, 19:08

Soviel ich weiss, wurde das Kennwort des Routers nicht geändert.
Da es nicht mein Router ist, kann bzw. darf ich ihn nicht zurücksetzen und neu konfigurieren.

17.05.2012, 18:17	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows XP vom Suisa Trojaner befallen. Wenn das nicht drauf ist, kannst du diese Meldung ignorieren und einfach weitermachen __________________ Logfiles bitte immer in CODE-Tags posten

Windows XP vom Suisa Trojaner befallen.

Plagegeister aller Art und deren Bekämpfung: Windows XP vom Suisa Trojaner befallen.