| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - Windows XP startet nicht im abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2012, 10:54
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.06.2012, 22:33
| #17 |
 | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Hi Arne,
__________________sry dass ich solange nichts habe von mir hören lassen, ich war ein paar Tage im Ausland unterwegs. Ich habe das Tool laufen lasse und er hat 14 "threads" gefunden. Ich habe auf "Report" geklickt und dieses File kam heraus: Code:
ATTFilter 23:26:42.0222 3892 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
23:26:42.0363 3892 ============================================================
23:26:42.0363 3892 Current date / time: 2012/06/11 23:26:42.0363
23:26:42.0363 3892 SystemInfo:
23:26:42.0363 3892
23:26:42.0363 3892 OS Version: 5.1.2600 ServicePack: 3.0
23:26:42.0363 3892 Product type: Workstation
23:26:42.0363 3892 ComputerName: NOTEBOOK_CH
23:26:42.0363 3892 UserName: Hammann
23:26:42.0363 3892 Windows directory: C:\WINDOWS
23:26:42.0363 3892 System windows directory: C:\WINDOWS
23:26:42.0363 3892 Processor architecture: Intel x86
23:26:42.0363 3892 Number of processors: 1
23:26:42.0363 3892 Page size: 0x1000
23:26:42.0363 3892 Boot type: Normal boot
23:26:42.0363 3892 ============================================================
23:26:44.0769 3892 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:26:44.0785 3892 ============================================================
23:26:44.0785 3892 \Device\Harddisk0\DR0:
23:26:44.0785 3892 MBR partitions:
23:26:44.0785 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3C6CD29
23:26:44.0801 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3C6CDA7, BlocksNum 0xD9A9880
23:26:44.0847 3892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11616666, BlocksNum 0x140245B
23:26:44.0847 3892 ============================================================
23:26:44.0894 3892 C: <-> \Device\Harddisk0\DR0\Partition0
23:26:44.0926 3892 E: <-> \Device\Harddisk0\DR0\Partition1
23:26:45.0004 3892 ============================================================
23:26:45.0004 3892 Initialize success
23:26:45.0004 3892 ============================================================
23:28:19.0863 2400 ============================================================
23:28:19.0863 2400 Scan started
23:28:19.0863 2400 Mode: Manual; SigCheck; TDLFS;
23:28:19.0863 2400 ============================================================
23:28:20.0191 2400 6to4 (0a724c2235a6db7640ccb0a3c095fc0d) C:\WINDOWS\System32\6to4svc.dll
23:28:21.0082 2400 6to4 - ok
23:28:21.0113 2400 Abiosdsk - ok
23:28:21.0129 2400 abp480n5 - ok
23:28:21.0191 2400 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys
23:28:21.0269 2400 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
23:28:21.0269 2400 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
23:28:21.0301 2400 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:28:22.0332 2400 ACPI - ok
23:28:22.0379 2400 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:28:22.0613 2400 ACPIEC - ok
23:28:22.0785 2400 AcrSch2Svc (fbc4bdbd3d00e7a83075db95dcd658d4) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
23:28:22.0832 2400 AcrSch2Svc - ok
23:28:23.0004 2400 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:28:23.0035 2400 AdobeFlashPlayerUpdateSvc - ok
23:28:23.0051 2400 adpu160m - ok
23:28:23.0082 2400 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:28:23.0269 2400 aec - ok
23:28:23.0316 2400 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
23:28:23.0363 2400 afcdp - ok
23:28:23.0582 2400 afcdpsrv (986a134b1a1770599b7af9354cbb066f) C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
23:28:23.0722 2400 afcdpsrv - ok
23:28:23.0879 2400 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
23:28:23.0941 2400 AFD - ok
23:28:23.0941 2400 Aha154x - ok
23:28:23.0957 2400 aic78u2 - ok
23:28:23.0972 2400 aic78xx - ok
23:28:24.0051 2400 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:28:24.0238 2400 Alerter - ok
23:28:24.0285 2400 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:28:24.0363 2400 ALG - ok
23:28:24.0379 2400 AliIde - ok
23:28:24.0426 2400 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:28:24.0488 2400 AmdK8 - ok
23:28:24.0504 2400 amsint - ok
23:28:24.0535 2400 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
23:28:24.0847 2400 androidusb - ok
23:28:24.0957 2400 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
23:28:24.0972 2400 AntiVirSchedulerService - ok
23:28:25.0019 2400 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:28:25.0035 2400 AntiVirService - ok
23:28:25.0129 2400 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:28:25.0144 2400 Apple Mobile Device - ok
23:28:25.0160 2400 AppMgmt - ok
23:28:25.0207 2400 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:28:25.0410 2400 Arp1394 - ok
23:28:25.0441 2400 asc - ok
23:28:25.0441 2400 asc3350p - ok
23:28:25.0457 2400 asc3550 - ok
23:28:25.0504 2400 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
23:28:25.0535 2400 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
23:28:25.0535 2400 Aspi32 - detected UnsignedFile.Multi.Generic (1)
23:28:25.0660 2400 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:28:25.0691 2400 aspnet_state - ok
23:28:25.0707 2400 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:28:25.0910 2400 AsyncMac - ok
23:28:25.0941 2400 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:28:26.0160 2400 atapi - ok
23:28:26.0176 2400 Atdisk - ok
23:28:26.0238 2400 Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe
23:28:26.0285 2400 Ati HotKey Poller - ok
23:28:26.0394 2400 ati2mtag (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:28:26.0472 2400 ati2mtag - ok
23:28:26.0535 2400 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:28:26.0754 2400 Atmarpc - ok
23:28:26.0785 2400 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:28:26.0988 2400 AudioSrv - ok
23:28:27.0035 2400 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:28:27.0254 2400 audstub - ok
23:28:27.0285 2400 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:28:27.0301 2400 avgntflt - ok
23:28:27.0332 2400 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:28:27.0363 2400 avipbb - ok
23:28:27.0394 2400 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:28:27.0410 2400 avkmgr - ok
23:28:27.0441 2400 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
23:28:27.0457 2400 avmeject ( UnsignedFile.Multi.Generic ) - warning
23:28:27.0457 2400 avmeject - detected UnsignedFile.Multi.Generic (1)
23:28:27.0519 2400 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:28:27.0566 2400 BCM43XX - ok
23:28:27.0613 2400 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:28:27.0801 2400 Beep - ok
23:28:27.0879 2400 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:28:28.0113 2400 BITS - ok
23:28:28.0238 2400 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
23:28:28.0269 2400 Bonjour Service - ok
23:28:28.0316 2400 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:28:28.0504 2400 Browser - ok
23:28:28.0535 2400 catchme - ok
23:28:28.0582 2400 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:28:28.0801 2400 cbidf2k - ok
23:28:28.0847 2400 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Programme\Canon\CAL\CALMAIN.exe
23:28:28.0879 2400 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
23:28:28.0879 2400 CCALib8 - detected UnsignedFile.Multi.Generic (1)
23:28:28.0926 2400 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:28:29.0129 2400 CCDECODE - ok
23:28:29.0129 2400 cd20xrnt - ok
23:28:29.0176 2400 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:28:29.0394 2400 Cdaudio - ok
23:28:29.0441 2400 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:28:29.0644 2400 Cdfs - ok
23:28:29.0676 2400 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:28:29.0879 2400 Cdrom - ok
23:28:29.0879 2400 Changer - ok
23:28:29.0926 2400 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:28:30.0097 2400 CiSvc - ok
23:28:30.0207 2400 CLCapSvc (ecf866cfd3068b8f7645f8669bb844a8) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
23:28:30.0222 2400 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
23:28:30.0222 2400 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
23:28:30.0254 2400 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:28:30.0472 2400 ClipSrv - ok
23:28:30.0629 2400 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:28:30.0738 2400 clr_optimization_v2.0.50727_32 - ok
23:28:30.0769 2400 CLSched (936b5db9403e94b365a3aa5a0702dfa8) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
23:28:30.0785 2400 CLSched ( UnsignedFile.Multi.Generic ) - warning
23:28:30.0785 2400 CLSched - detected UnsignedFile.Multi.Generic (1)
23:28:30.0863 2400 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:28:31.0035 2400 CmBatt - ok
23:28:31.0051 2400 CmdIde - ok
23:28:31.0082 2400 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:28:31.0301 2400 Compbatt - ok
23:28:31.0301 2400 COMSysApp - ok
23:28:31.0332 2400 Cpqarray - ok
23:28:31.0660 2400 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:28:31.0863 2400 CryptSvc - ok
23:28:31.0941 2400 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
23:28:31.0972 2400 CVirtA - ok
23:28:34.0129 2400 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
23:28:34.0785 2400 CVPND - ok
23:28:34.0926 2400 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
23:28:34.0957 2400 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
23:28:34.0957 2400 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
23:28:35.0066 2400 CyberLink Media Library Service (7179ca4edb91d2355ec969d6e4c3d705) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
23:28:35.0082 2400 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
23:28:35.0082 2400 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
23:28:35.0082 2400 dac2w2k - ok
23:28:35.0097 2400 dac960nt - ok
23:28:35.0191 2400 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
23:28:35.0269 2400 DcomLaunch - ok
23:28:35.0332 2400 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys
23:28:35.0347 2400 dgderdrv - ok
23:28:35.0410 2400 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:28:35.0582 2400 Dhcp - ok
23:28:35.0629 2400 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:28:36.0066 2400 Disk - ok
23:28:36.0066 2400 dmadmin - ok
23:28:36.0488 2400 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:28:36.0988 2400 dmboot - ok
23:28:37.0066 2400 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:28:37.0504 2400 dmio - ok
23:28:37.0535 2400 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:28:38.0019 2400 dmload - ok
23:28:38.0051 2400 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:28:38.0566 2400 dmserver - ok
23:28:38.0582 2400 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:28:39.0097 2400 DMusic - ok
23:28:39.0176 2400 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
23:28:39.0254 2400 DNE - ok
23:28:39.0316 2400 Dnscache (4548494812ba3b416d489e0c6af8d643) C:\WINDOWS\System32\dnsrslvr.dll
23:28:39.0535 2400 Dnscache - ok
23:28:39.0644 2400 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:28:40.0097 2400 Dot3svc - ok
23:28:40.0097 2400 dpti2o - ok
23:28:40.0144 2400 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:28:40.0488 2400 drmkaud - ok
23:28:40.0504 2400 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:28:41.0019 2400 EapHost - ok
23:28:41.0035 2400 ElbyCDFL (6b3e1cb23f35c755d88944769cab3738) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
23:28:41.0285 2400 ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
23:28:41.0285 2400 ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
23:28:41.0332 2400 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:28:41.0363 2400 ElbyCDIO - ok
23:28:41.0394 2400 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
23:28:41.0426 2400 ElbyDelay - ok
23:28:41.0457 2400 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:28:41.0926 2400 ERSvc - ok
23:28:41.0988 2400 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:28:42.0191 2400 Eventlog - ok
23:28:42.0332 2400 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
23:28:42.0566 2400 EventSystem - ok
23:28:42.0660 2400 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:28:43.0113 2400 Fastfat - ok
23:28:43.0254 2400 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:28:43.0457 2400 FastUserSwitchingCompatibility - ok
23:28:43.0613 2400 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
23:28:44.0004 2400 Fax - ok
23:28:44.0051 2400 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:28:44.0207 2400 Fdc - ok
23:28:44.0254 2400 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
23:28:44.0269 2400 FilterService - ok
23:28:44.0301 2400 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:28:44.0519 2400 Fips - ok
23:28:44.0551 2400 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:28:44.0707 2400 Flpydisk - ok
23:28:44.0769 2400 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:28:44.0910 2400 FltMgr - ok
23:28:45.0066 2400 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:28:45.0082 2400 FontCache3.0.0.0 - ok
23:28:45.0129 2400 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:28:45.0316 2400 Fs_Rec - ok
23:28:45.0347 2400 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:28:45.0535 2400 Ftdisk - ok
23:28:45.0613 2400 fwlanusbn (161f20685595eddc06c0ea1f1d7bc92b) C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys
23:28:45.0676 2400 fwlanusbn - ok
23:28:45.0691 2400 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
23:28:45.0863 2400 gagp30kx - ok
23:28:45.0910 2400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:28:45.0926 2400 GEARAspiWDM - ok
23:28:45.0957 2400 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\system32\GEARSEC.EXE
23:28:45.0988 2400 GEARSecurity ( UnsignedFile.Multi.Generic ) - warning
23:28:45.0988 2400 GEARSecurity - detected UnsignedFile.Multi.Generic (1)
23:28:46.0004 2400 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:28:46.0222 2400 Gpc - ok
23:28:46.0347 2400 gupdate (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
23:28:46.0363 2400 gupdate - ok
23:28:46.0363 2400 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
23:28:46.0394 2400 gupdatem - ok
23:28:46.0441 2400 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:28:46.0629 2400 helpsvc - ok
23:28:46.0660 2400 HidServ - ok
23:28:46.0691 2400 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:28:46.0847 2400 HidUsb - ok
23:28:46.0894 2400 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:28:47.0051 2400 hkmsvc - ok
23:28:47.0051 2400 hpn - ok
23:28:47.0113 2400 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:28:47.0176 2400 HTTP - ok
23:28:47.0222 2400 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:28:47.0551 2400 HTTPFilter - ok
23:28:47.0613 2400 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
23:28:47.0691 2400 hwdatacard - ok
23:28:47.0691 2400 i2omgmt - ok
23:28:47.0722 2400 i2omp - ok
23:28:47.0754 2400 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:28:47.0926 2400 i8042prt - ok
23:28:48.0004 2400 iaStor (bdce6b54e1d7d8399175a83a02274b7a) C:\WINDOWS\system32\drivers\iaStor.sys
23:28:48.0129 2400 iaStor - ok
23:28:48.0316 2400 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:28:48.0379 2400 idsvc - ok
23:28:48.0472 2400 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:28:48.0676 2400 Imapi - ok
23:28:48.0722 2400 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:28:48.0863 2400 ImapiService - ok
23:28:48.0879 2400 ini910u - ok
23:28:48.0894 2400 IntelIde - ok
23:28:48.0926 2400 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:28:49.0082 2400 Ip6Fw - ok
23:28:49.0129 2400 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:28:49.0285 2400 IpFilterDriver - ok
23:28:49.0301 2400 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:28:49.0535 2400 IpInIp - ok
23:28:49.0597 2400 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:28:49.0769 2400 IpNat - ok
23:28:49.0910 2400 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
23:28:49.0972 2400 iPod Service - ok
23:28:50.0019 2400 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:28:50.0176 2400 IPSec - ok
23:28:50.0222 2400 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:28:50.0301 2400 IRENUM - ok
23:28:50.0332 2400 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:28:50.0566 2400 isapnp - ok
23:28:50.0691 2400 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
23:28:50.0707 2400 JavaQuickStarterService - ok
23:28:50.0722 2400 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:28:50.0863 2400 Kbdclass - ok
23:28:50.0894 2400 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:28:51.0066 2400 kmixer - ok
23:28:51.0129 2400 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:28:51.0207 2400 KSecDD - ok
23:28:51.0269 2400 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
23:28:51.0316 2400 lanmanserver - ok
23:28:51.0347 2400 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
23:28:51.0410 2400 lanmanworkstation - ok
23:28:51.0426 2400 lbrtfdc - ok
23:28:51.0472 2400 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:28:51.0676 2400 LmHosts - ok
23:28:51.0707 2400 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
23:28:51.0722 2400 lvpopflt - ok
23:28:51.0754 2400 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
23:28:51.0769 2400 LVPr2Mon - ok
23:28:51.0816 2400 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
23:28:51.0847 2400 LVPrcSrv - ok
23:28:51.0894 2400 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:28:51.0910 2400 LVRS - ok
23:28:52.0410 2400 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:28:52.0863 2400 LVUVC - ok
23:28:53.0004 2400 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:28:53.0019 2400 MBAMProtector - ok
23:28:53.0144 2400 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
23:28:53.0207 2400 MBAMService - ok
23:28:53.0269 2400 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:28:53.0535 2400 Messenger - ok
23:28:53.0551 2400 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:28:53.0722 2400 mnmdd - ok
23:28:53.0801 2400 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:28:53.0957 2400 mnmsrvc - ok
23:28:53.0988 2400 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:28:54.0160 2400 Modem - ok
23:28:54.0191 2400 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:28:54.0332 2400 Mouclass - ok
23:28:54.0379 2400 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:28:54.0551 2400 mouhid - ok
23:28:54.0566 2400 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:28:54.0707 2400 MountMgr - ok
23:28:54.0754 2400 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:28:54.0769 2400 MozillaMaintenance - ok
23:28:54.0785 2400 mraid35x - ok
23:28:54.0801 2400 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:28:54.0941 2400 MRxDAV - ok
23:28:55.0004 2400 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:28:55.0082 2400 MRxSmb - ok
23:28:55.0113 2400 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:28:55.0301 2400 MSDTC - ok
23:28:55.0332 2400 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:28:55.0488 2400 Msfs - ok
23:28:55.0504 2400 MSIServer - ok
23:28:55.0535 2400 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:28:55.0660 2400 MSKSSRV - ok
23:28:55.0676 2400 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:28:55.0816 2400 MSPCLOCK - ok
23:28:55.0832 2400 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:28:55.0972 2400 MSPQM - ok
23:28:56.0019 2400 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:28:56.0176 2400 mssmbios - ok
23:28:56.0222 2400 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:28:56.0363 2400 MSTEE - ok
23:28:56.0410 2400 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:28:56.0457 2400 Mup - ok
23:28:56.0472 2400 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:28:56.0644 2400 NABTSFEC - ok
23:28:56.0722 2400 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:28:56.0879 2400 napagent - ok
23:28:56.0926 2400 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:28:57.0082 2400 NDIS - ok
23:28:57.0097 2400 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:28:57.0254 2400 NdisIP - ok
23:28:57.0301 2400 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:28:57.0347 2400 NdisTapi - ok
23:28:57.0363 2400 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:28:57.0519 2400 Ndisuio - ok
23:28:57.0566 2400 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:28:57.0722 2400 NdisWan - ok
23:28:57.0754 2400 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:28:57.0801 2400 NDProxy - ok
23:28:57.0832 2400 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:28:57.0972 2400 NetBIOS - ok
23:28:58.0004 2400 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:28:58.0144 2400 NetBT - ok
23:28:58.0191 2400 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:28:58.0363 2400 NetDDE - ok
23:28:58.0379 2400 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:28:58.0519 2400 NetDDEdsdm - ok
23:28:58.0566 2400 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:28:58.0707 2400 Netlogon - ok
23:28:58.0754 2400 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:28:58.0894 2400 Netman - ok
23:28:59.0035 2400 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:28:59.0051 2400 NetTcpPortSharing - ok
23:28:59.0066 2400 nhcAcpi_driver - ok
23:28:59.0066 2400 nhcDriverDevice - ok
23:28:59.0097 2400 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:28:59.0254 2400 NIC1394 - ok
23:28:59.0316 2400 Nla (4aa50627b01c0e9c6b4c6bd3af648f12) C:\WINDOWS\System32\mswsock.dll
23:28:59.0363 2400 Nla - ok
23:28:59.0410 2400 nmwcd (b4e87d4f40c57d036e821bd06db1d1b7) C:\WINDOWS\system32\drivers\ccdcmb.sys
23:28:59.0488 2400 nmwcd - ok
23:28:59.0535 2400 nmwcdc (bee0addf01d62725ddc2cc113d6b374c) C:\WINDOWS\system32\drivers\ccdcmbo.sys
23:28:59.0582 2400 nmwcdc - ok
23:28:59.0613 2400 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:28:59.0738 2400 Npfs - ok
23:28:59.0832 2400 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:29:00.0019 2400 Ntfs - ok
23:29:00.0082 2400 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:29:00.0207 2400 NtLmSsp - ok
23:29:00.0285 2400 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:29:00.0441 2400 NtmsSvc - ok
23:29:00.0519 2400 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:29:00.0676 2400 Null - ok
23:29:00.0707 2400 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:29:00.0863 2400 NwlnkFlt - ok
23:29:00.0894 2400 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:29:01.0051 2400 NwlnkFwd - ok
23:29:01.0222 2400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:29:01.0269 2400 odserv - ok
23:29:01.0316 2400 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:29:01.0457 2400 ohci1394 - ok
23:29:01.0535 2400 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:29:01.0551 2400 ose - ok
23:29:01.0597 2400 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
23:29:01.0785 2400 Parport - ok
23:29:01.0816 2400 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:29:01.0972 2400 PartMgr - ok
23:29:02.0051 2400 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:29:02.0222 2400 ParVdm - ok
23:29:02.0238 2400 PCASp50 - ok
23:29:02.0285 2400 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:29:02.0441 2400 PCI - ok
23:29:02.0457 2400 PCIDump - ok
23:29:02.0472 2400 PCIIde - ok
23:29:02.0519 2400 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:29:02.0691 2400 Pcmcia - ok
23:29:02.0691 2400 PDCOMP - ok
23:29:02.0707 2400 PDFRAME - ok
23:29:02.0722 2400 PDRELI - ok
23:29:02.0722 2400 PDRFRAME - ok
23:29:02.0738 2400 perc2 - ok
23:29:02.0754 2400 perc2hib - ok
23:29:02.0801 2400 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
23:29:02.0816 2400 PlugPlay - ok
23:29:02.0847 2400 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:29:02.0972 2400 PolicyAgent - ok
23:29:03.0019 2400 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:29:03.0176 2400 PptpMiniport - ok
23:29:03.0191 2400 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
23:29:03.0832 2400 Processor - ok
23:29:03.0832 2400 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:29:04.0035 2400 ProtectedStorage - ok
23:29:04.0066 2400 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:29:04.0254 2400 PSched - ok
23:29:04.0347 2400 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:29:04.0582 2400 Ptilink - ok
23:29:04.0613 2400 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:29:04.0676 2400 PxHelp20 - ok
23:29:04.0676 2400 ql1080 - ok
23:29:04.0691 2400 Ql10wnt - ok
23:29:04.0707 2400 ql12160 - ok
23:29:04.0707 2400 ql1240 - ok
23:29:04.0722 2400 ql1280 - ok
23:29:04.0832 2400 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:29:04.0972 2400 RasAcd - ok
23:29:05.0144 2400 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:29:05.0332 2400 RasAuto - ok
23:29:05.0597 2400 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:29:05.0816 2400 Rasl2tp - ok
23:29:06.0691 2400 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:29:06.0972 2400 RasMan - ok
23:29:07.0238 2400 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:29:07.0426 2400 RasPppoe - ok
23:29:07.0535 2400 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:29:07.0847 2400 Raspti - ok
23:29:08.0551 2400 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:29:08.0754 2400 Rdbss - ok
23:29:08.0879 2400 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:29:09.0035 2400 RDPCDD - ok
23:29:09.0097 2400 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:29:09.0144 2400 RDPWD - ok
23:29:09.0176 2400 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:29:09.0347 2400 RDSessMgr - ok
23:29:09.0394 2400 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:29:09.0551 2400 redbook - ok
23:29:09.0613 2400 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:29:09.0769 2400 RemoteAccess - ok
23:29:09.0801 2400 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:29:09.0941 2400 RpcLocator - ok
23:29:10.0004 2400 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
23:29:10.0035 2400 RpcSs - ok
23:29:10.0097 2400 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:29:10.0254 2400 RSVP - ok
23:29:10.0301 2400 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
23:29:10.0363 2400 RTL8023xp - ok
23:29:10.0410 2400 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:29:10.0551 2400 SamSs - ok
23:29:10.0613 2400 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:29:10.0769 2400 SCardSvr - ok
23:29:10.0816 2400 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:29:10.0972 2400 Schedule - ok
23:29:11.0019 2400 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:29:11.0082 2400 Secdrv - ok
23:29:11.0113 2400 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:29:11.0285 2400 seclogon - ok
23:29:11.0332 2400 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:29:11.0472 2400 SENS - ok
23:29:11.0535 2400 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
23:29:11.0582 2400 Ser2pl - ok
23:29:11.0629 2400 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:29:11.0785 2400 Serenum - ok
23:29:11.0801 2400 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
23:29:11.0941 2400 Serial - ok
23:29:12.0051 2400 ServiceLayer (78546cd2eca6dd6bdcd4b13048621f88) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
23:29:12.0097 2400 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
23:29:12.0097 2400 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
23:29:12.0191 2400 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:29:12.0332 2400 Sfloppy - ok
23:29:12.0379 2400 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
23:29:12.0551 2400 SharedAccess - ok
23:29:12.0613 2400 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:29:12.0629 2400 ShellHWDetection - ok
23:29:12.0644 2400 Simbad - ok
23:29:12.0691 2400 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\WINDOWS\system32\drivers\SiSRaid2.sys
23:29:12.0738 2400 SiSRaid2 - ok
23:29:12.0769 2400 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:29:12.0926 2400 SLIP - ok
23:29:12.0988 2400 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
23:29:13.0004 2400 snapman - ok
23:29:13.0019 2400 Sparrow - ok
23:29:13.0066 2400 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:29:13.0207 2400 splitter - ok
23:29:13.0254 2400 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:29:13.0285 2400 Spooler - ok
23:29:13.0394 2400 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
23:29:13.0394 2400 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
23:29:13.0394 2400 sptd ( LockedFile.Multi.Generic ) - warning
23:29:13.0394 2400 sptd - detected LockedFile.Multi.Generic (1)
23:29:13.0426 2400 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:29:13.0519 2400 sr - ok
23:29:13.0551 2400 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:29:13.0629 2400 srservice - ok
23:29:13.0691 2400 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:29:13.0738 2400 Srv - ok
23:29:13.0785 2400 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:29:13.0847 2400 ssadbus - ok
23:29:13.0894 2400 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:29:13.0957 2400 ssadmdfl - ok
23:29:14.0019 2400 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:29:14.0066 2400 ssadmdm - ok
23:29:14.0113 2400 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:29:14.0144 2400 ssadserd - ok
23:29:14.0191 2400 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:29:14.0269 2400 SSDPSRV - ok
23:29:14.0316 2400 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:29:14.0332 2400 ssmdrv - ok
23:29:14.0441 2400 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:29:14.0457 2400 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
23:29:14.0457 2400 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
23:29:14.0519 2400 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:29:14.0707 2400 stisvc - ok
23:29:14.0738 2400 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:29:14.0879 2400 streamip - ok
23:29:14.0957 2400 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:29:15.0113 2400 swenum - ok
23:29:15.0144 2400 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:29:15.0301 2400 swmidi - ok
23:29:15.0332 2400 SwPrv - ok
23:29:15.0410 2400 symc810 - ok
23:29:15.0426 2400 symc8xx - ok
23:29:15.0441 2400 sym_hi - ok
23:29:15.0457 2400 sym_u3 - ok
23:29:15.0519 2400 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:29:15.0551 2400 SynTP - ok
23:29:15.0582 2400 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:29:15.0738 2400 sysaudio - ok
23:29:15.0769 2400 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:29:15.0941 2400 SysmonLog - ok
23:29:15.0988 2400 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:29:16.0144 2400 TapiSrv - ok
23:29:16.0207 2400 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:29:16.0238 2400 Tcpip - ok
23:29:16.0316 2400 Tcpip6 (f4a3c6abe7818b1b53f58fa1adb605cd) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
23:29:16.0363 2400 Tcpip6 - ok
23:29:16.0394 2400 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:29:16.0551 2400 TDPIPE - ok
23:29:16.0660 2400 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
23:29:16.0722 2400 tdrpman251 - ok
23:29:16.0754 2400 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:29:16.0910 2400 TDTCP - ok
23:29:16.0957 2400 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:29:17.0082 2400 TermDD - ok
23:29:17.0129 2400 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:29:17.0285 2400 TermService - ok
23:29:17.0332 2400 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
23:29:17.0347 2400 Themes - ok
23:29:17.0426 2400 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
23:29:17.0457 2400 timounter - ok
23:29:17.0472 2400 TosIde - ok
23:29:17.0519 2400 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:29:17.0676 2400 TrkWks - ok
23:29:17.0722 2400 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:29:17.0863 2400 Udfs - ok
23:29:17.0879 2400 ultra - ok
23:29:17.0941 2400 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:29:18.0097 2400 Update - ok
23:29:18.0160 2400 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:29:18.0238 2400 upnphost - ok
23:29:18.0285 2400 upperdev (f5d2aa9d56a3a01a190d01cd961ba0e7) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
23:29:18.0347 2400 upperdev - ok
23:29:18.0363 2400 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:29:18.0535 2400 UPS - ok
23:29:18.0597 2400 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:29:18.0644 2400 USBAAPL - ok
23:29:18.0707 2400 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:29:18.0832 2400 usbaudio - ok
23:29:18.0863 2400 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:29:19.0004 2400 usbccgp - ok
23:29:19.0051 2400 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:29:19.0191 2400 usbehci - ok
23:29:19.0238 2400 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:29:19.0379 2400 usbhub - ok
23:29:19.0410 2400 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:29:19.0566 2400 usbprint - ok
23:29:19.0629 2400 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:29:19.0754 2400 usbscan - ok
23:29:19.0801 2400 UsbserFilt (eb2d3830646e393776e1ef98ac76a43d) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
23:29:19.0863 2400 UsbserFilt - ok
23:29:19.0894 2400 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:29:20.0035 2400 USBSTOR - ok
23:29:20.0066 2400 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:29:20.0191 2400 usbuhci - ok
23:29:20.0222 2400 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:29:20.0363 2400 usbvideo - ok
23:29:20.0394 2400 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
23:29:20.0551 2400 usb_rndisx - ok
23:29:20.0597 2400 VClone (e69eb856ba6528d0373000683cc869a8) C:\WINDOWS\system32\DRIVERS\VClone.sys
23:29:20.0613 2400 VClone ( UnsignedFile.Multi.Generic ) - warning
23:29:20.0613 2400 VClone - detected UnsignedFile.Multi.Generic (1)
23:29:20.0629 2400 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:29:20.0769 2400 VgaSave - ok
23:29:20.0785 2400 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:29:20.0910 2400 ViaIde - ok
23:29:20.0972 2400 viamraid (6aaa39dd79a8341ce0ef9249f21d6b89) C:\WINDOWS\system32\drivers\viamraid.sys
23:29:21.0004 2400 viamraid - ok
23:29:21.0051 2400 VIAudio (7f1223060b10ad566b4f5b10b7db9b6c) C:\WINDOWS\system32\drivers\vinyl97.sys
23:29:21.0082 2400 VIAudio - ok
23:29:21.0113 2400 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:29:21.0254 2400 VolSnap - ok
23:29:21.0316 2400 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
23:29:21.0347 2400 vsdatant - ok
23:29:21.0394 2400 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:29:21.0472 2400 VSS - ok
23:29:21.0629 2400 vvdsvc (9e8c7a7b8a98e4f6ccbbf9f88a1c111f) C:\WINDOWS\system32\nagasoft\vjocx.dll
23:29:21.0722 2400 vvdsvc - ok
23:29:21.0894 2400 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:29:22.0066 2400 W32Time - ok
23:29:22.0129 2400 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:29:22.0254 2400 Wanarp - ok
23:29:22.0285 2400 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
23:29:22.0316 2400 WDC_SAM - ok
23:29:22.0379 2400 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:29:22.0410 2400 Wdf01000 - ok
23:29:22.0426 2400 WDICA - ok
23:29:22.0457 2400 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:29:22.0629 2400 wdmaud - ok
23:29:22.0660 2400 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:29:22.0816 2400 WebClient - ok
23:29:22.0894 2400 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:29:23.0051 2400 winmgmt - ok
23:29:23.0129 2400 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:29:23.0207 2400 WmdmPmSN - ok
23:29:23.0222 2400 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:29:23.0379 2400 WmiAcpi - ok
23:29:23.0441 2400 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:29:23.0582 2400 WmiApSrv - ok
23:29:23.0754 2400 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:29:23.0816 2400 WMPNetworkSvc - ok
23:29:23.0847 2400 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:29:23.0879 2400 WpdUsb - ok
23:29:23.0910 2400 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
23:29:24.0051 2400 wscsvc - ok
23:29:24.0097 2400 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:29:24.0238 2400 WSTCODEC - ok
23:29:24.0363 2400 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Programme\Verbindungsassistent\WTGService.exe
23:29:24.0394 2400 WTGService - ok
23:29:24.0426 2400 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
23:29:24.0566 2400 wuauserv - ok
23:29:24.0613 2400 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:29:24.0691 2400 WudfPf - ok
23:29:24.0722 2400 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:29:24.0754 2400 WudfRd - ok
23:29:24.0801 2400 WudfSvc (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll
23:29:24.0816 2400 WudfSvc - ok
23:29:24.0894 2400 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:29:25.0066 2400 WZCSVC - ok
23:29:25.0113 2400 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:29:25.0254 2400 xmlprov - ok
23:29:25.0426 2400 zlportio - ok
23:29:25.0519 2400 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:29:26.0191 2400 \Device\Harddisk0\DR0 - ok
23:29:26.0207 2400 Boot (0x1200) (5fb9a182921de21126d928101ada8828) \Device\Harddisk0\DR0\Partition0
23:29:26.0207 2400 \Device\Harddisk0\DR0\Partition0 - ok
23:29:26.0238 2400 Boot (0x1200) (a354910525235eb453f70461b090024b) \Device\Harddisk0\DR0\Partition1
23:29:26.0254 2400 \Device\Harddisk0\DR0\Partition1 - ok
23:29:26.0301 2400 Boot (0x1200) (5d15734e3741b276997e91f88cc7409b) \Device\Harddisk0\DR0\Partition2
23:29:26.0301 2400 \Device\Harddisk0\DR0\Partition2 - ok
23:29:26.0301 2400 ============================================================
23:29:26.0301 2400 Scan finished
23:29:26.0301 2400 ============================================================
23:29:26.0426 3120 Detected object count: 14
23:29:26.0426 3120 Actual detected object count: 14
23:30:02.0019 3120 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0019 3120 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0019 3120 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0019 3120 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0019 3120 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0019 3120 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0019 3120 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0019 3120 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0035 3120 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0035 3120 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0035 3120 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0035 3120 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0035 3120 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0035 3120 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0035 3120 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0035 3120 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0035 3120 ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0035 3120 ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0035 3120 GEARSecurity ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0035 3120 GEARSecurity ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0051 3120 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0051 3120 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0051 3120 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:30:02.0051 3120 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:30:02.0051 3120 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0051 3120 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:30:02.0051 3120 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:02.0051 3120 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.06.2012, 10:49
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
12.06.2012, 15:29
| #19 |
| | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus So habs ausgeführt und siehe da, die Symbole auf dem Desktop sind nach einem Neustart wieder da! Das File lässst sich anscheinend nur als Anhang einfügen und so auch nur gezippt, da es ansonsten zu groß ist. Firefox war nach dem Öffnen nicht mehr Standartbrowser, ansonsten schein aber alles normal zu funktionieren. |
|
12.06.2012, 16:25
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Firefox::
FF - ProfilePath - c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\
FF - prefs.js: browser.startup.homepage - http://www.elmundo.es/
FF - prefs.js: keyword.URL - http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2012, 21:47
| #21 |
| | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Hier das Log das erstellt wurde: Code:
ATTFilter ComboFix 12-06-12.01 - Hammann 12.06.2012 20:10:58.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.598 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Hammann\Eigene Dateien\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Hammann\Desktop\CFScript.txt
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD100-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD408-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-12 bis 2012-06-12 ))))))))))))))))))))))))))))))
.
.
2012-06-01 13:32 . 2012-06-01 14:12 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-05-21 23:37 . 2012-05-23 09:57 -------- d-----w- C:\MEGA2
2012-05-21 17:10 . 2012-05-21 17:10 -------- d-----w- c:\programme\Alcohol Soft
2012-05-21 07:02 . 2012-05-21 07:02 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2005-10-06 18:10 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-21 17:04 . 2006-11-10 12:00 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-09 06:08 . 2011-11-02 07:54 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 06:08 . 2011-11-02 07:54 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-16 14:31 . 2012-04-06 08:55 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 14:31 . 2011-05-18 11:41 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50 2071424 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2005-10-06 18:10 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2005-10-06 18:10 2194944 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-03 10:38 . 2009-10-17 02:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 10:38 . 2010-11-28 19:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-25 22:57 . 2011-05-06 15:15 97208 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-10-31 10:08 207808 --sh--r- c:\windows\system32\prapproxy32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-30 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 14:45 313472 ----a-r- c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"e:\\Programme\\Age of Empire II\\age2_x1 k.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programme\\LimeWire 4.2.6 Pro\\LimeWire.exe"=
"c:\\Programme\\CuteSoft\\NetSkat\\Netskat.exe"=
"e:\\Programme\\Commandos 3 - Destination Berlin\\Commandos3.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Command and Conquer Generäle\\game.dat"=
"e:\\Programme\\Jedi Night- Jedi Academy\\GameData\\jamp.exe"=
"c:\\Programme\\PPLive\\PPLive.exe"=
"c:\\Programme\\TVAnts\\Tvants.exe"=
"c:\\Programme\\PPStream\\PPStream.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\PPMate\\ppmate.exe"=
"c:\\Dokumente und Einstellungen\\Hammann\\Eigene Dateien\\Abischnitt_2007\\PPStream.exe"=
"c:\\Programme\\LeechFTP\\Leechftp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Programme\\FIFA 2001\\FIFA2001.ICD"=
"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programme\\PPStream\\PPSAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Programme\\SparVoip.de\\SparVoip\\SparVoip.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Dokumente und Einstellungen\\Hammann\\Anwendungsdaten\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Dokumente und Einstellungen\\Hammann\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2006 14:00 722416]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [23.11.2010 05:40 902432]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [02.11.2011 09:54 36000]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [23.11.2010 05:41 2326920]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [02.11.2011 09:54 86224]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [22.09.2010 23:01 652360]
R2 WTGService;WTGService;c:\programme\Verbindungsassistent\WTGService.exe [03.01.2010 19:01 296400]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [23.11.2010 05:41 159168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.09.2010 23:01 20464]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.07.2009 15:08 133104]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [06.10.2005 20:10 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06.04.2012 10:55 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [04.01.2012 14:08 30312]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [26.08.2009 22:07 4352]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [04.01.2012 13:44 20032]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [26.08.2009 22:06 440832]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [16.07.2009 15:08 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [26.04.2012 00:58 129976]
S3 nhcAcpi_driver;Notebook Hardware Control ACPI Driver;\??\c:\windows\system32\drivers\nhcAcpi.sys --> c:\windows\system32\drivers\nhcAcpi.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [04.01.2012 14:08 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [04.01.2012 14:08 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [04.01.2012 14:08 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [04.01.2012 14:08 114280]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [07.11.2010 20:57 11520]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [06.10.2005 20:10 14336]
S3 zlportio;zlportio;\??\e:\programme\Ultrastar\zlportio.sys --> e:\programme\Ultrastar\zlportio.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IPHLPSVC
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:31]
.
2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zdf.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
FF - ProfilePath - c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-12 20:20
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4084)
c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-06-12 20:24:46
ComboFix-quarantined-files.txt 2012-06-12 18:24
ComboFix2.txt 2012-06-12 14:17
ComboFix3.txt 2010-10-01 08:24
ComboFix4.txt 2010-09-30 08:46
.
Vor Suchlauf: 1.095.163.904 Bytes frei
Nach Suchlauf: 1.065.881.600 Bytes frei
.
- - End Of File - - 27F727369AAC82C5597A25F279C6DF0D
|
|
12.06.2012, 22:48
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 09:30
| #23 |
| | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Also hier man das File von gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-13 10:26:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HC rev.LQ100-10
Running: fem0h524.exe; Driver: C:\DOKUME~1\Hammann\LOKALE~1\Temp\kxroqfow.sys
---- System - GMER 1.0.15 ----
SSDT F7BFDE8C ZwClose
SSDT F7BFDE46 ZwCreateKey
SSDT F7BFDE96 ZwCreateSection
SSDT F7BFDE3C ZwCreateThread
SSDT F7BFDE4B ZwDeleteKey
SSDT F7BFDE55 ZwDeleteValueKey
SSDT F7BFDE87 ZwDuplicateObject
SSDT spzt.sys ZwEnumerateKey [0xF7379DA4]
SSDT spzt.sys ZwEnumerateValueKey [0xF737A132]
SSDT F7BFDE5A ZwLoadKey
SSDT spzt.sys ZwOpenKey [0xF735B0C0]
SSDT F7BFDE28 ZwOpenProcess
SSDT F7BFDE2D ZwOpenThread
SSDT spzt.sys ZwQueryKey [0xF737A20A]
SSDT F7BFDEAF ZwQueryValueKey
SSDT F7BFDE64 ZwReplaceKey
SSDT F7BFDEA0 ZwRequestWaitReplyPort
SSDT F7BFDE5F ZwRestoreKey
SSDT F7BFDE9B ZwSetContextThread
SSDT F7BFDEA5 ZwSetSecurityObject
SSDT F7BFDE50 ZwSetValueKey
SSDT F7BFDEAA ZwSystemDebugControl
SSDT F7BFDE37 ZwTerminateProcess
INT 0x62 ? 8756ABF8
INT 0x74 ? 872BFBF8
INT 0x74 ? 872BFBF8
INT 0x74 ? 872BFBF8
INT 0x74 ? 872BFBF8
INT 0x74 ? 872BFBF8
INT 0x74 ? 872BFBF8
INT 0x82 ? 8756ABF8
INT 0xB1 ? 8756DBF8
INT 0xB1 ? 8756DBF8
INT 0xB4 ? 8756DBF8
---- Kernel code sections - GMER 1.0.15 ----
? spzt.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F64B38AC 5 Bytes JMP 872BF1D8
.text a6pfarg8.SYS F6366386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6pfarg8.SYS F63663AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6pfarg8.SYS F63663C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a6pfarg8.SYS F63663C9 1 Byte [2E]
.text a6pfarg8.SYS F63663C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? System32\Drivers\acybl2pt.SYS Das System kann den angegebenen Pfad nicht finden. !
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xEBCFB000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xEBD3F000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xEBD5B000, 0x8E, 0x42000040]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F735C042] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F735C13E] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F735C0C0] spzt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F735C800] spzt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F735C6D6] spzt.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F736BE9C] spzt.sys
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a6pfarg8.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C63880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C63930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C63A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C639D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 875D61F8
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device \Driver\sptd \Device\405503274 spzt.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 872BE1F8
Device \Driver\usbuhci \Device\USBPDO-1 872BE1F8
Device \Driver\usbuhci \Device\USBPDO-2 872BE1F8
Device \Driver\usbuhci \Device\USBPDO-3 872BE1F8
Device \Driver\usbehci \Device\USBPDO-4 872D21F8
Device \Driver\PCI_PNP7024 \Device\00000062 spzt.sys
Device \Driver\PCI_PNP7024 \Device\00000063 spzt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8756B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\NetBT \Device\NetBT_Tcpip_{CD834581-2D0F-4C28-85BC-3ECC3508D4EE} 86D161F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8756B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Cdrom \Device\CdRom0 872CF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 872CF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8756B1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Cdrom \Device\CdRom2 872CF1F8
Device \Driver\Cdrom \Device\CdRom3 872CF1F8
Device \Driver\Cdrom \Device\CdRom4 872CF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86D161F8
Device \Driver\NetBT \Device\NetbiosSmb 86D161F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FFB665D1-56CF-4497-9200-0665B76BB699} 86D161F8
Device \Driver\usbuhci \Device\USBFDO-0 872BE1F8
Device \Driver\usbuhci \Device\USBFDO-1 872BE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 868911F8
Device \Driver\usbuhci \Device\USBFDO-2 872BE1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 868911F8
Device \Driver\usbuhci \Device\USBFDO-3 872BE1F8
Device \Driver\usbehci \Device\USBFDO-4 872D21F8
Device \Driver\Ftdisk \Device\FtControl 8756B1F8
Device \Driver\sptd \Device\405347024 spzt.sys
Device \Driver\acybl2pt \Device\Scsi\acybl2pt1 871EA1F8
Device \Driver\a6pfarg8 \Device\Scsi\a6pfarg81 871F9500
Device \Driver\VClone \Device\Scsi\VClone1 875D91F8
Device \Driver\viamraid \Device\Scsi\viamraid1 875691F8
Device \Driver\VClone \Device\Scsi\VClone1Port0Path0Target0Lun0 875D91F8
Device \Driver\a6pfarg8 \Device\Scsi\a6pfarg81Port5Path0Target0Lun0 871F9500
Device \Driver\acybl2pt \Device\Scsi\acybl2pt1Port4Path0Target0Lun0 871EA1F8
Device \Driver\VClone \Device\Scsi\VClone1Port0Path0Target1Lun0 875D91F8
Device \FileSystem\Cdfs \Cdfs 87181500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0x81 0x38 0x45 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x76 0xB3 0x83 0x9E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEA 0x14 0xAE 0xD3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1266529610
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 359103737
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0x81 0x38 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x76 0xB3 0x83 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4A 0x94 0x4C 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x15 0x81 0x38 0x45 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x76 0xB3 0x83 0x9E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x4A 0x94 0x4C 0x14 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x86 0x94 0x4A ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0E 0x15 0xBD 0xC8 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x38 0xFF 0x92 0x56 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:37:30 on 13.06.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl "TWEAKUI.CPL" - "Brummelchen@gmx.at" - C:\WINDOWS\system32\TWEAKUI.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\tcpipcfg.dll,-50004" (tdx) - ? - C:\WINDOWS\System32\DRIVERS\tdx.sys (File not found) "a6pfarg8" (a6pfarg8) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a6pfarg8.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys "Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys "acybl2pt" (acybl2pt) - ? - C:\WINDOWS\system32\drivers\acybl2pt.sys (Hidden registry entry, rootkit activity | File not found) "afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys "Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys "dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\WINDOWS\System32\drivers\dgderdrv.sys "ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys "ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kxroqfow" (kxroqfow) - ? - C:\DOKUME~1\Hammann\LOKALE~1\Temp\kxroqfow.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "Notebook Hardware Control ACPI Driver" (nhcAcpi_driver) - ? - C:\WINDOWS\system32\drivers\nhcAcpi.sys (File not found) "Notebook Hardware Control Driver" (nhcDriverDevice) - ? - C:\WINDOWS\system32\drivers\nhcDriver.sys (File not found) "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys "vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "zlportio" (zlportio) - ? - E:\Programme\Ultrastar\zlportio.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll {C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? - C:\Programme\Exifer\exifershellext.dll (File found, but it contains no detailed information) {92085AD4-F48A-450D-BD93-B28CC7DF67CE} "eBay Toolbar" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {EBDF1F20-C829-11D1-8233-0020AF3E97A9} "IPS Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 DragDrop Shell Extension" - ? - (File not found | COM-object registry key not found) {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 Property Sheet Shell Extension" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} "BatchDownloader Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\DigWXMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} "DeskUpdate - Activex Control" - "Fujitsu Siemens Computers" - C:\WINDOWS\DOWNLO~1\activex.ocx / hxxp://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab {3B36B017-7E49-426B-95B0-B5CECD83C2E2} "IfolorUploader Control" - "Ifolor AG" - C:\WINDOWS\DOWNLO~1\IFOLOR~1.OCX / hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://www.extrafilm.de/ImageUploader5.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_20\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_233.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab {406B5949-7190-4245-91A9-30A17DE16AD0} "Snapfish Activia" - "Snapfish" - C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx / hxxp://www3.snapfish.de/SnapfishActivia.cab {D4003189-95B1-4A2F-9A87-F2B03665960D} "VodClient Control Class" - ? - C:\WINDOWS\system32\nagasoft\vjocx.dll (File not found) / hxxp://www.vexcast.com/download/vexcast.cab {00000055-9980-0010-8000-00AA00389B71} "{00000055-9980-0010-8000-00AA00389B71}" - ? - (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ATIPTA" - "ATI Technologies, Inc." - "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Oki Common XP Language Monitor" - "Oki Data Corporation" - C:\WINDOWS\system32\OKLMON32.DLL "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "@%SystemRoot%\system32\iphlpsvc.dll,-200" (iphlpsvc) - ? - C:\WINDOWS\System32\iphlpsvc.dll (File not found) "Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe "Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe "CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "GEARSecurity" (GEARSecurity) - "GEAR Software" - C:\WINDOWS\System32\GEARSEC.EXE "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Defender" (WinDefend) - ? - C:\Programme\Windows Defender\mpsvc.dll (File not found) "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "WTGService" (WTGService) - ? - C:\Programme\Verbindungsassistent\WTGService.exe (File found, but it contains no detailed information) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
13.06.2012, 09:41
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus aswMBR kommt noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 10:34
| #25 |
| | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Ja bitte sehr: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 10:39:07
-----------------------------
10:39:07.437 OS Version: Windows 5.1.2600 Service Pack 3
10:39:07.437 Number of processors: 1 586 0x2402
10:39:07.437 ComputerName: NOTEBOOK_CH UserName: Hammann
10:39:07.843 Initialize success
10:41:23.500 AVAST engine defs: 12061201
10:41:49.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:41:49.406 Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3
10:41:49.468 Disk 0 MBR read successfully
10:41:49.468 Disk 0 MBR scan
10:41:49.578 Disk 0 Windows XP default MBR code
10:41:49.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30937 MB offset 63
10:41:49.593 Disk 0 Partition - 00 0F Extended LBA 121687 MB offset 63360360
10:41:49.640 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 111443 MB offset 63360423
10:41:49.640 Disk 0 Partition - 00 05 Extended 10244 MB offset 291595815
10:41:49.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10244 MB offset 291595878
10:41:49.750 Disk 0 scanning sectors +312576705
10:41:49.937 Disk 0 scanning C:\WINDOWS\system32\drivers
10:42:35.828 Service scanning
10:42:49.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:42:54.281 Modules scanning
10:43:32.625 Disk 0 trace - called modules:
10:43:32.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzt.sys >>UNKNOWN [0x8758b938]<<
10:43:32.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87534ab8]
10:43:32.656 3 CLASSPNP.SYS[f75ccfd7] -> nt!IofCallDriver -> \Device\0000008e[0x8747c9e8]
10:43:32.656 5 ACPI.sys[f7319620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8747cd98]
10:43:34.375 AVAST engine scan C:\WINDOWS
10:44:07.781 AVAST engine scan C:\WINDOWS\system32
10:47:36.734 File: C:\WINDOWS\system32\prapproxy32.dll **INFECTED** Win32:Kryptik-GHU [Trj]
10:51:44.109 AVAST engine scan C:\WINDOWS\system32\drivers
10:52:38.187 AVAST engine scan C:\Dokumente und Einstellungen\Hammann
11:25:47.062 AVAST engine scan C:\Dokumente und Einstellungen\All Users
11:30:07.875 Scan finished successfully
11:33:29.375 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Desktop\MBR.dat"
11:33:29.375 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Desktop\aswMBR.txt"
|
|
13.06.2012, 15:41
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Eine Datei ist uns durch die Lappen gegangen => C:\WINDOWS\system32\prapproxy32.dll Lad die mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html Versuch sie dann mal manuell zu löschen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 16:01
| #27 |
| | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Ich finde die Datei leider nicht. Weder mit der Windows Suche noch manuell mit versteckten Dateien anzeigen. |
|
13.06.2012, 19:56
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Mach einen OTL-Fix, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): Code:
ATTFilter :Files
C:\WINDOWS\system32\prapproxy32.dll
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 22:41
| #29 |
| | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Ok hab den Fix gemacht und den gezippten Ordner hochgeladen. Hier das Log: Code:
ATTFilter ========== FILES ==========
C:\WINDOWS\system32\prapproxy32.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.46.0 log created on 06132012_233907
|
|
14.06.2012, 11:19
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner - Windows XP startet nicht im abgesicherten Modus Mach bitte ein neues Log mit aswMBR
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner - Windows XP startet nicht im abgesicherten Modus |
| abgesicherten, angezeigt, aufrufe, bootet, computer, computer bootet, eingabeaufforderung, fenster, gvu virus, infizierte, melde, meldung, modus, schei, sofort, starte, startet, startet nicht, startleiste, startleiste weg, super, systemwiederherstellung, taskmanager, trojaner, verbindung, virus, w-lan, windows, windows xp |
Linear-Darstellung
