| |
| |||||||
Log-Analyse und Auswertung: S.M.A.R.T. hdd Trojaner - Probleme bei der BeseitigungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.06.2012, 14:27
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2012, 14:55
| #17 |
 | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Hat funktioniert (:
__________________Code:
ATTFilter 15:46:25.0953 3336 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:46:26.0468 3336 ============================================================
15:46:26.0468 3336 Current date / time: 2012/06/19 15:46:26.0468
15:46:26.0468 3336 SystemInfo:
15:46:26.0468 3336
15:46:26.0468 3336 OS Version: 5.1.2600 ServicePack: 3.0
15:46:26.0468 3336 Product type: Workstation
15:46:26.0468 3336 ComputerName: ******
15:46:26.0468 3336 UserName: ****
15:46:26.0468 3336 Windows directory: C:\WINDOWS
15:46:26.0468 3336 System windows directory: C:\WINDOWS
15:46:26.0468 3336 Processor architecture: Intel x86
15:46:26.0468 3336 Number of processors: 2
15:46:26.0468 3336 Page size: 0x1000
15:46:26.0468 3336 Boot type: Normal boot
15:46:26.0468 3336 ============================================================
15:46:28.0890 3336 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:46:28.0890 3336 ============================================================
15:46:28.0890 3336 \Device\Harddisk0\DR0:
15:46:28.0890 3336 MBR partitions:
15:46:28.0890 3336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xBB47FC, BlocksNum 0xD3DEFC5
15:46:28.0890 3336 ============================================================
15:46:28.0906 3336 C: <-> \Device\Harddisk0\DR0\Partition0
15:46:28.0906 3336 ============================================================
15:46:28.0906 3336 Initialize success
15:46:28.0906 3336 ============================================================
15:47:20.0812 3280 ============================================================
15:47:20.0812 3280 Scan started
15:47:20.0812 3280 Mode: Manual; SigCheck; TDLFS;
15:47:20.0812 3280 ============================================================
15:47:21.0281 3280 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
15:47:21.0656 3280 !SASCORE - ok
15:47:21.0890 3280 Abiosdsk - ok
15:47:21.0921 3280 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:47:28.0578 3280 abp480n5 - ok
15:47:28.0640 3280 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:47:28.0953 3280 ACPI - ok
15:47:28.0984 3280 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:47:29.0187 3280 ACPIEC - ok
15:47:29.0265 3280 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:47:29.0468 3280 adpu160m - ok
15:47:29.0500 3280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:47:29.0687 3280 aec - ok
15:47:29.0765 3280 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
15:47:30.0187 3280 Afc - ok
15:47:30.0218 3280 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:47:30.0359 3280 AFD - ok
15:47:30.0390 3280 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:47:30.0687 3280 agp440 - ok
15:47:30.0718 3280 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:47:30.0937 3280 agpCPQ - ok
15:47:30.0953 3280 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:47:31.0031 3280 Aha154x - ok
15:47:31.0062 3280 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:47:31.0250 3280 aic78u2 - ok
15:47:31.0281 3280 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:47:31.0484 3280 aic78xx - ok
15:47:31.0515 3280 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
15:47:31.0734 3280 Alerter - ok
15:47:31.0765 3280 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
15:47:31.0875 3280 ALG - ok
15:47:31.0906 3280 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:47:32.0093 3280 AliIde - ok
15:47:32.0156 3280 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:47:32.0375 3280 alim1541 - ok
15:47:32.0468 3280 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:47:32.0671 3280 amdagp - ok
15:47:32.0765 3280 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:47:32.0843 3280 amsint - ok
15:47:32.0937 3280 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
15:47:32.0968 3280 AntiVirSchedulerService - ok
15:47:33.0000 3280 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:47:33.0015 3280 AntiVirService - ok
15:47:33.0031 3280 AppMgmt - ok
15:47:33.0171 3280 AR5416 (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
15:47:33.0296 3280 AR5416 - ok
15:47:33.0343 3280 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:47:33.0625 3280 asc - ok
15:47:33.0671 3280 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:47:33.0765 3280 asc3350p - ok
15:47:33.0796 3280 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:47:34.0000 3280 asc3550 - ok
15:47:34.0140 3280 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:47:34.0187 3280 aspnet_state - ok
15:47:34.0218 3280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:47:34.0437 3280 AsyncMac - ok
15:47:34.0468 3280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:47:34.0671 3280 atapi - ok
15:47:34.0687 3280 Atdisk - ok
15:47:34.0765 3280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:47:35.0000 3280 Atmarpc - ok
15:47:35.0062 3280 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
15:47:35.0296 3280 AudioSrv - ok
15:47:35.0375 3280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:47:35.0562 3280 audstub - ok
15:47:35.0687 3280 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:47:35.0703 3280 avgntflt - ok
15:47:35.0750 3280 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:47:35.0781 3280 avipbb - ok
15:47:35.0812 3280 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:47:35.0828 3280 avkmgr - ok
15:47:35.0859 3280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:47:36.0093 3280 Beep - ok
15:47:36.0203 3280 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
15:47:36.0484 3280 BITS - ok
15:47:36.0531 3280 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
15:47:36.0796 3280 Browser - ok
15:47:36.0828 3280 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:47:37.0046 3280 cbidf - ok
15:47:37.0046 3280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:47:37.0250 3280 cbidf2k - ok
15:47:37.0296 3280 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:47:37.0515 3280 CCDECODE - ok
15:47:37.0546 3280 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:47:37.0625 3280 cd20xrnt - ok
15:47:37.0640 3280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:47:37.0828 3280 Cdaudio - ok
15:47:37.0859 3280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:47:38.0078 3280 Cdfs - ok
15:47:38.0140 3280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:47:38.0343 3280 Cdrom - ok
15:47:38.0343 3280 Changer - ok
15:47:38.0390 3280 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
15:47:38.0609 3280 CiSvc - ok
15:47:38.0640 3280 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
15:47:38.0859 3280 ClipSrv - ok
15:47:39.0031 3280 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:47:39.0328 3280 clr_optimization_v2.0.50727_32 - ok
15:47:39.0390 3280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:47:39.0484 3280 clr_optimization_v4.0.30319_32 - ok
15:47:39.0515 3280 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:47:39.0843 3280 CmBatt - ok
15:47:39.0890 3280 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:47:40.0078 3280 CmdIde - ok
15:47:40.0140 3280 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:47:40.0343 3280 Compbatt - ok
15:47:40.0343 3280 COMSysApp - ok
15:47:40.0406 3280 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:47:40.0609 3280 Cpqarray - ok
15:47:40.0671 3280 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
15:47:40.0859 3280 CryptSvc - ok
15:47:40.0906 3280 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:47:41.0109 3280 dac2w2k - ok
15:47:41.0140 3280 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:47:41.0343 3280 dac960nt - ok
15:47:41.0484 3280 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:47:41.0562 3280 DcomLaunch - ok
15:47:41.0609 3280 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
15:47:41.0796 3280 Dhcp - ok
15:47:41.0843 3280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:47:42.0109 3280 Disk - ok
15:47:42.0140 3280 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
15:47:42.0171 3280 DKbFltr - ok
15:47:42.0187 3280 dmadmin - ok
15:47:42.0265 3280 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
15:47:42.0515 3280 dmboot - ok
15:47:42.0546 3280 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
15:47:42.0765 3280 dmio - ok
15:47:42.0843 3280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:47:43.0046 3280 dmload - ok
15:47:43.0140 3280 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
15:47:43.0343 3280 dmserver - ok
15:47:43.0453 3280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:47:43.0671 3280 DMusic - ok
15:47:43.0750 3280 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
15:47:43.0843 3280 Dnscache - ok
15:47:43.0875 3280 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
15:47:44.0093 3280 Dot3svc - ok
15:47:44.0140 3280 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:47:44.0359 3280 dpti2o - ok
15:47:44.0437 3280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:47:44.0640 3280 drmkaud - ok
15:47:44.0750 3280 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
15:47:44.0984 3280 EapHost - ok
15:47:45.0031 3280 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
15:47:45.0281 3280 ERSvc - ok
15:47:45.0343 3280 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:47:45.0375 3280 Eventlog - ok
15:47:45.0437 3280 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
15:47:45.0500 3280 EventSystem - ok
15:47:45.0531 3280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:47:45.0765 3280 Fastfat - ok
15:47:45.0812 3280 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:47:45.0921 3280 FastUserSwitchingCompatibility - ok
15:47:45.0968 3280 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
15:47:46.0234 3280 Fax - ok
15:47:46.0265 3280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:47:46.0484 3280 Fdc - ok
15:47:46.0515 3280 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
15:47:46.0734 3280 Fips - ok
15:47:46.0765 3280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:47:46.0953 3280 Flpydisk - ok
15:47:47.0046 3280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:47:47.0234 3280 FltMgr - ok
15:47:47.0390 3280 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:47:47.0421 3280 FontCache3.0.0.0 - ok
15:47:47.0453 3280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:47:47.0656 3280 Fs_Rec - ok
15:47:47.0734 3280 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:47:47.0921 3280 Ftdisk - ok
15:47:47.0953 3280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:47:48.0156 3280 Gpc - ok
15:47:48.0296 3280 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
15:47:48.0328 3280 gupdate - ok
15:47:48.0328 3280 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
15:47:48.0359 3280 gupdatem - ok
15:47:48.0390 3280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:47:48.0578 3280 HDAudBus - ok
15:47:48.0656 3280 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:47:48.0875 3280 helpsvc - ok
15:47:48.0875 3280 HidServ - ok
15:47:48.0937 3280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:47:49.0125 3280 HidUsb - ok
15:47:49.0156 3280 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
15:47:49.0343 3280 hkmsvc - ok
15:47:49.0421 3280 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:47:49.0625 3280 hpn - ok
15:47:49.0687 3280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:47:49.0734 3280 HTTP - ok
15:47:49.0781 3280 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
15:47:49.0984 3280 HTTPFilter - ok
15:47:50.0031 3280 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:47:50.0234 3280 i2omgmt - ok
15:47:50.0328 3280 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:47:50.0515 3280 i2omp - ok
15:47:50.0531 3280 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:47:50.0750 3280 i8042prt - ok
15:47:51.0218 3280 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:47:51.0875 3280 ialm - ok
15:47:51.0953 3280 ICQ Service (5c7d72eab04b1df8c5d2acc6551fde49) C:\Programme\ICQ6Toolbar\ICQ Service.exe
15:47:51.0984 3280 ICQ Service - ok
15:47:52.0171 3280 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:47:52.0265 3280 idsvc - ok
15:47:52.0406 3280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:47:52.0703 3280 Imapi - ok
15:47:52.0765 3280 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
15:47:52.0953 3280 ImapiService - ok
15:47:53.0015 3280 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:47:53.0234 3280 ini910u - ok
15:47:53.0328 3280 int15.sys - ok
15:47:53.0750 3280 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:47:54.0218 3280 IntcAzAudAddService - ok
15:47:54.0390 3280 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:47:54.0593 3280 IntelIde - ok
15:47:54.0625 3280 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:47:54.0859 3280 intelppm - ok
15:47:54.0921 3280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:47:55.0140 3280 Ip6Fw - ok
15:47:55.0218 3280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:47:55.0421 3280 IpFilterDriver - ok
15:47:55.0437 3280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:47:55.0640 3280 IpInIp - ok
15:47:55.0750 3280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:47:55.0937 3280 IpNat - ok
15:47:55.0968 3280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:47:56.0156 3280 IPSec - ok
15:47:56.0218 3280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:47:56.0328 3280 IRENUM - ok
15:47:56.0359 3280 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:47:56.0562 3280 isapnp - ok
15:47:56.0687 3280 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
15:47:56.0703 3280 IviRegMgr - ok
15:47:56.0765 3280 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
15:47:56.0796 3280 JavaQuickStarterService - ok
15:47:56.0828 3280 JMCR (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
15:47:56.0921 3280 JMCR - ok
15:47:56.0937 3280 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:47:57.0140 3280 Kbdclass - ok
15:47:57.0187 3280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:47:57.0406 3280 kmixer - ok
15:47:57.0453 3280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:47:57.0546 3280 KSecDD - ok
15:47:57.0593 3280 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
15:47:57.0656 3280 LanmanServer - ok
15:47:57.0703 3280 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
15:47:57.0765 3280 lanmanworkstation - ok
15:47:57.0781 3280 lbrtfdc - ok
15:47:57.0812 3280 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
15:47:58.0078 3280 LmHosts - ok
15:47:58.0140 3280 M3000Srv (8da3ac548c6ef91b284dcff1a84be3db) C:\WINDOWS\system32\Drivers\M3000KNT.sys
15:47:58.0250 3280 M3000Srv - ok
15:47:58.0281 3280 massfilter (112db6314bb175ba5f27a66e11c01d77) C:\WINDOWS\system32\DRIVERS\massfilter.sys
15:47:58.0359 3280 massfilter - ok
15:47:58.0406 3280 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
15:47:58.0453 3280 MBAMProtector - ok
15:47:58.0578 3280 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
15:47:58.0671 3280 MBAMService - ok
15:47:58.0734 3280 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
15:47:58.0781 3280 MBAMSwissArmy - ok
15:47:58.0812 3280 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
15:47:59.0171 3280 Messenger - ok
15:47:59.0218 3280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:47:59.0406 3280 mnmdd - ok
15:47:59.0421 3280 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
15:47:59.0609 3280 mnmsrvc - ok
15:47:59.0718 3280 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
15:47:59.0921 3280 Modem - ok
15:48:00.0015 3280 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:48:00.0203 3280 Mouclass - ok
15:48:00.0234 3280 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:48:00.0437 3280 mouhid - ok
15:48:00.0468 3280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:48:00.0687 3280 MountMgr - ok
15:48:00.0718 3280 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:48:00.0921 3280 mraid35x - ok
15:48:00.0968 3280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:48:01.0156 3280 MRxDAV - ok
15:48:01.0250 3280 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:48:01.0343 3280 MRxSmb - ok
15:48:01.0406 3280 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
15:48:01.0625 3280 MSDTC - ok
15:48:01.0718 3280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:48:02.0015 3280 Msfs - ok
15:48:02.0015 3280 MSIServer - ok
15:48:02.0062 3280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:48:02.0359 3280 MSKSSRV - ok
15:48:02.0390 3280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:48:02.0578 3280 MSPCLOCK - ok
15:48:02.0609 3280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:48:02.0828 3280 MSPQM - ok
15:48:02.0890 3280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:48:03.0078 3280 mssmbios - ok
15:48:03.0125 3280 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:48:03.0328 3280 MSTEE - ok
15:48:03.0421 3280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:48:03.0484 3280 Mup - ok
15:48:03.0531 3280 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:48:03.0765 3280 NABTSFEC - ok
15:48:03.0843 3280 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
15:48:04.0093 3280 napagent - ok
15:48:04.0125 3280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:48:04.0343 3280 NDIS - ok
15:48:04.0406 3280 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:48:04.0593 3280 NdisIP - ok
15:48:04.0625 3280 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:48:04.0703 3280 NdisTapi - ok
15:48:04.0734 3280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:48:04.0953 3280 Ndisuio - ok
15:48:05.0000 3280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:48:05.0218 3280 NdisWan - ok
15:48:05.0312 3280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:48:05.0375 3280 NDProxy - ok
15:48:05.0406 3280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:48:05.0593 3280 NetBIOS - ok
15:48:05.0640 3280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:48:05.0875 3280 NetBT - ok
15:48:05.0921 3280 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:48:06.0171 3280 NetDDE - ok
15:48:06.0171 3280 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:48:06.0375 3280 NetDDEdsdm - ok
15:48:06.0421 3280 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:48:06.0640 3280 Netlogon - ok
15:48:06.0687 3280 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
15:48:06.0906 3280 Netman - ok
15:48:07.0093 3280 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:48:07.0125 3280 NetTcpPortSharing - ok
15:48:07.0171 3280 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
15:48:07.0218 3280 Nla - ok
15:48:07.0250 3280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:48:07.0437 3280 Npfs - ok
15:48:07.0515 3280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:48:07.0796 3280 Ntfs - ok
15:48:07.0828 3280 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:48:08.0031 3280 NtLmSsp - ok
15:48:08.0140 3280 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
15:48:08.0359 3280 NtmsSvc - ok
15:48:08.0390 3280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:48:08.0593 3280 Null - ok
15:48:08.0609 3280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:48:08.0796 3280 NwlnkFlt - ok
15:48:08.0828 3280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:48:09.0015 3280 NwlnkFwd - ok
15:48:09.0218 3280 odserv (e54aa592a65f317390eee386a8821692) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
15:48:09.0265 3280 odserv - ok
15:48:09.0296 3280 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
15:48:09.0312 3280 ose - ok
15:48:09.0343 3280 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
15:48:09.0562 3280 Parport - ok
15:48:09.0593 3280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:48:09.0875 3280 PartMgr - ok
15:48:09.0906 3280 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
15:48:10.0093 3280 ParVdm - ok
15:48:10.0125 3280 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
15:48:10.0328 3280 PCI - ok
15:48:10.0328 3280 PCIDump - ok
15:48:10.0390 3280 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:48:10.0578 3280 PCIIde - ok
15:48:10.0609 3280 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:48:10.0828 3280 Pcmcia - ok
15:48:10.0843 3280 PDCOMP - ok
15:48:10.0843 3280 PDFRAME - ok
15:48:10.0859 3280 PDRELI - ok
15:48:10.0875 3280 PDRFRAME - ok
15:48:10.0921 3280 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:48:11.0140 3280 perc2 - ok
15:48:11.0203 3280 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:48:11.0390 3280 perc2hib - ok
15:48:11.0468 3280 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:48:11.0515 3280 PlugPlay - ok
15:48:11.0546 3280 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:48:11.0750 3280 PolicyAgent - ok
15:48:11.0812 3280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:48:12.0000 3280 PptpMiniport - ok
15:48:12.0000 3280 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:48:12.0203 3280 ProtectedStorage - ok
15:48:12.0250 3280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:48:12.0437 3280 PSched - ok
15:48:12.0453 3280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:48:12.0656 3280 Ptilink - ok
15:48:12.0687 3280 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:48:12.0875 3280 ql1080 - ok
15:48:12.0906 3280 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:48:13.0109 3280 Ql10wnt - ok
15:48:13.0187 3280 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:48:13.0390 3280 ql12160 - ok
15:48:13.0406 3280 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:48:13.0609 3280 ql1240 - ok
15:48:13.0687 3280 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:48:13.0875 3280 ql1280 - ok
15:48:13.0906 3280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:48:14.0109 3280 RasAcd - ok
15:48:14.0203 3280 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
15:48:14.0390 3280 RasAuto - ok
15:48:14.0406 3280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:48:14.0609 3280 Rasl2tp - ok
15:48:14.0687 3280 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
15:48:14.0890 3280 RasMan - ok
15:48:14.0984 3280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:48:15.0171 3280 RasPppoe - ok
15:48:15.0218 3280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:48:15.0406 3280 Raspti - ok
15:48:15.0453 3280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:48:15.0640 3280 Rdbss - ok
15:48:15.0687 3280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:48:15.0875 3280 RDPCDD - ok
15:48:15.0921 3280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:48:16.0109 3280 rdpdr - ok
15:48:16.0203 3280 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:48:16.0265 3280 RDPWD - ok
15:48:16.0296 3280 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
15:48:16.0515 3280 RDSessMgr - ok
15:48:16.0593 3280 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:48:16.0828 3280 redbook - ok
15:48:16.0906 3280 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
15:48:17.0093 3280 RemoteAccess - ok
15:48:17.0187 3280 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
15:48:17.0375 3280 RpcLocator - ok
15:48:17.0437 3280 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:48:17.0515 3280 RpcSs - ok
15:48:17.0578 3280 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
15:48:17.0781 3280 RSVP - ok
15:48:17.0890 3280 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:48:17.0984 3280 RTLE8023xp - ok
15:48:18.0015 3280 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:48:18.0234 3280 SamSs - ok
15:48:18.0359 3280 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
15:48:18.0375 3280 SASDIFSV - ok
15:48:18.0406 3280 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
15:48:18.0421 3280 SASKUTIL - ok
15:48:18.0468 3280 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
15:48:18.0656 3280 SCardSvr - ok
15:48:18.0703 3280 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
15:48:18.0906 3280 Schedule - ok
15:48:18.0984 3280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:48:19.0078 3280 Secdrv - ok
15:48:19.0093 3280 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
15:48:19.0312 3280 seclogon - ok
15:48:19.0375 3280 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
15:48:19.0562 3280 SENS - ok
15:48:19.0593 3280 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
15:48:19.0781 3280 Serial - ok
15:48:19.0875 3280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:48:20.0093 3280 Sfloppy - ok
15:48:20.0218 3280 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
15:48:20.0406 3280 SharedAccess - ok
15:48:20.0453 3280 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:48:20.0468 3280 ShellHWDetection - ok
15:48:20.0484 3280 Simbad - ok
15:48:20.0500 3280 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:48:20.0734 3280 sisagp - ok
15:48:20.0781 3280 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:48:21.0031 3280 SLIP - ok
15:48:21.0062 3280 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:48:21.0171 3280 Sparrow - ok
15:48:21.0187 3280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:48:21.0375 3280 splitter - ok
15:48:21.0406 3280 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:48:21.0453 3280 Spooler - ok
15:48:21.0484 3280 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
15:48:21.0593 3280 sr - ok
15:48:21.0640 3280 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
15:48:21.0734 3280 srservice - ok
15:48:21.0812 3280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:48:21.0875 3280 Srv - ok
15:48:21.0890 3280 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
15:48:22.0031 3280 SSDPSRV - ok
15:48:22.0078 3280 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:48:22.0109 3280 ssmdrv - ok
15:48:22.0171 3280 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
15:48:22.0453 3280 stisvc - ok
15:48:22.0484 3280 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:48:22.0687 3280 streamip - ok
15:48:22.0781 3280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:48:22.0984 3280 swenum - ok
15:48:23.0078 3280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:48:23.0296 3280 swmidi - ok
15:48:23.0312 3280 SwPrv - ok
15:48:23.0375 3280 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:48:23.0578 3280 symc810 - ok
15:48:23.0609 3280 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:48:23.0812 3280 symc8xx - ok
15:48:23.0859 3280 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:48:24.0046 3280 sym_hi - ok
15:48:24.0078 3280 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:48:24.0281 3280 sym_u3 - ok
15:48:24.0312 3280 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:48:24.0375 3280 SynTP - ok
15:48:24.0421 3280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:48:24.0625 3280 sysaudio - ok
15:48:24.0687 3280 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
15:48:24.0906 3280 SysmonLog - ok
15:48:24.0984 3280 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
15:48:25.0203 3280 TapiSrv - ok
15:48:25.0296 3280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:48:25.0343 3280 Tcpip - ok
15:48:25.0390 3280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:48:25.0593 3280 TDPIPE - ok
15:48:25.0671 3280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:48:25.0875 3280 TDTCP - ok
15:48:25.0890 3280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:48:26.0093 3280 TermDD - ok
15:48:26.0203 3280 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
15:48:26.0421 3280 TermService - ok
15:48:26.0453 3280 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:48:26.0484 3280 Themes - ok
15:48:26.0500 3280 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
15:48:26.0703 3280 TosIde - ok
15:48:26.0781 3280 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
15:48:27.0031 3280 TrkWks - ok
15:48:27.0109 3280 TuneUp.Defrag (0d630405311e1ae574bc2ec6681e485e) C:\WINDOWS\System32\TuneUpDefragService.exe
15:48:27.0140 3280 TuneUp.Defrag - ok
15:48:27.0187 3280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:48:27.0406 3280 Udfs - ok
15:48:27.0421 3280 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:48:27.0546 3280 ultra - ok
15:48:27.0625 3280 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Programme\Unlocker\UnlockerDriver5.sys
15:48:27.0656 3280 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
15:48:27.0656 3280 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
15:48:27.0718 3280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:48:27.0953 3280 Update - ok
15:48:28.0015 3280 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
15:48:28.0140 3280 upnphost - ok
15:48:28.0171 3280 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
15:48:28.0406 3280 UPS - ok
15:48:28.0437 3280 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:48:28.0625 3280 usbaudio - ok
15:48:28.0687 3280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:48:28.0890 3280 usbccgp - ok
15:48:28.0968 3280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:48:29.0187 3280 usbehci - ok
15:48:29.0265 3280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:48:29.0453 3280 usbhub - ok
15:48:29.0484 3280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:48:29.0687 3280 usbprint - ok
15:48:29.0750 3280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:48:29.0968 3280 USBSTOR - ok
15:48:30.0062 3280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:48:30.0234 3280 usbuhci - ok
15:48:30.0281 3280 UxTuneUp (838c97b3d28bfebdd11d12adfe957004) C:\WINDOWS\System32\uxtuneup.dll
15:48:30.0296 3280 UxTuneUp - ok
15:48:30.0312 3280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:48:30.0531 3280 VgaSave - ok
15:48:30.0562 3280 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:48:30.0750 3280 viaagp - ok
15:48:30.0781 3280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:48:30.0984 3280 ViaIde - ok
15:48:31.0031 3280 VMCService (8719bcfbaa239ccdaa3054973661f3e6) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
15:48:31.0046 3280 VMCService ( UnsignedFile.Multi.Generic ) - warning
15:48:31.0046 3280 VMCService - detected UnsignedFile.Multi.Generic (1)
15:48:31.0078 3280 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
15:48:31.0296 3280 VolSnap - ok
15:48:31.0390 3280 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
15:48:31.0484 3280 VSS - ok
15:48:31.0531 3280 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
15:48:31.0765 3280 W32Time - ok
15:48:31.0828 3280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:48:32.0062 3280 Wanarp - ok
15:48:32.0062 3280 WDICA - ok
15:48:32.0109 3280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:48:32.0312 3280 wdmaud - ok
15:48:32.0375 3280 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
15:48:32.0578 3280 WebClient - ok
15:48:32.0703 3280 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:48:32.0890 3280 winmgmt - ok
15:48:32.0984 3280 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
15:48:33.0171 3280 WmdmPmSN - ok
15:48:33.0265 3280 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:48:33.0546 3280 WmiAcpi - ok
15:48:33.0671 3280 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:48:33.0968 3280 WmiApSrv - ok
15:48:34.0171 3280 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:48:34.0250 3280 WPFFontCache_v0400 - ok
15:48:34.0296 3280 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
15:48:34.0500 3280 wscsvc - ok
15:48:34.0531 3280 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:48:34.0796 3280 WSTCODEC - ok
15:48:34.0828 3280 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
15:48:35.0015 3280 wuauserv - ok
15:48:35.0078 3280 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
15:48:35.0296 3280 WZCSVC - ok
15:48:35.0375 3280 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
15:48:35.0593 3280 xmlprov - ok
15:48:35.0671 3280 ZTEusbmdm6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
15:48:35.0765 3280 ZTEusbmdm6k - ok
15:48:35.0812 3280 ZTEusbnet (d788e7d89cc491644d7a45b227f9b25e) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
15:48:35.0875 3280 ZTEusbnet - ok
15:48:35.0921 3280 ZTEusbnmea (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
15:48:35.0953 3280 ZTEusbnmea - ok
15:48:36.0000 3280 ZTEusbser6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
15:48:36.0031 3280 ZTEusbser6k - ok
15:48:36.0062 3280 ZTEusbvoice (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
15:48:36.0093 3280 ZTEusbvoice - ok
15:48:36.0156 3280 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
15:48:36.0203 3280 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:48:36.0203 3280 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:48:36.0234 3280 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:48:36.0234 3280 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:48:36.0281 3280 Boot (0x1200) (c09af61bf711941a97c414e4fa1fc23d) \Device\Harddisk0\DR0\Partition0
15:48:36.0281 3280 \Device\Harddisk0\DR0\Partition0 - ok
15:48:36.0281 3280 ============================================================
15:48:36.0281 3280 Scan finished
15:48:36.0281 3280 ============================================================
15:48:36.0437 3056 Detected object count: 4
15:48:36.0437 3056 Actual detected object count: 4
15:49:34.0500 3056 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0500 3056 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0515 3056 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:34.0515 3056 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:34.0515 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
15:49:34.0515 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
15:49:34.0531 3056 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:49:34.0531 3056 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
19.06.2012, 21:52
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. hdd Trojaner - Probleme bei der BeseitigungCode:
ATTFilter 15:49:34.0515 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
15:49:34.0531 3056 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ |
|
20.06.2012, 13:22
| #19 |
| | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Ich hab jetzt den TDSS-Killer nochmal gestartet, am Ende im 'Threads detected' sind wieder die 4 Funde aufgelistet. In den Drop-Down-Listen gibt es allerdings kein 'Fixen'. Bei dem Rootkit.Boot.SSTb.b gibt es nur 'skip', 'copy to quarantine', 'cure' und 'restore'. Bei dem 'TDSS File System' gibt es noch weniger Optionen: 'skip', 'copy to quarantine' und 'delete'. Soll ich dann beim ersten 'cure' und beim zweiten 'delete' auswählen? |
|
20.06.2012, 15:19
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Rootkit.Boot.SSTb.b => CURE TDSS File System => DELETE
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 16:26
| #21 |
| | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Okay, danke (: Hier das Logfile, nach dem Entfernen & Neustarten [habe eben bemerkt, dass Avira wohl wieder an war. Ich dachte es bleibt aus, wenn ich es nicht wieder manuell einschalte, aber anscheinend nicht.. Hat aber keinen Fehlalarm ausgelöst. Dann ist es auch nicht schlimm, dass es beim erstellen vom Log an war, oder?] Code:
ATTFilter 17:14:28.0265 3944 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:14:28.0484 3944 ============================================================
17:14:28.0484 3944 Current date / time: 2012/06/20 17:14:28.0484
17:14:28.0484 3944 SystemInfo:
17:14:28.0484 3944
17:14:28.0484 3944 OS Version: 5.1.2600 ServicePack: 3.0
17:14:28.0484 3944 Product type: Workstation
17:14:28.0484 3944 ComputerName: ******
17:14:28.0484 3944 UserName: ****
17:14:28.0484 3944 Windows directory: C:\WINDOWS
17:14:28.0484 3944 System windows directory: C:\WINDOWS
17:14:28.0484 3944 Processor architecture: Intel x86
17:14:28.0484 3944 Number of processors: 2
17:14:28.0484 3944 Page size: 0x1000
17:14:28.0484 3944 Boot type: Normal boot
17:14:28.0484 3944 ============================================================
17:14:30.0750 3944 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:14:30.0765 3944 ============================================================
17:14:30.0765 3944 \Device\Harddisk0\DR0:
17:14:30.0765 3944 MBR partitions:
17:14:30.0765 3944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xBB47FC, BlocksNum 0xD3DEFC5
17:14:30.0765 3944 ============================================================
17:14:30.0781 3944 C: <-> \Device\Harddisk0\DR0\Partition0
17:14:30.0828 3944 ============================================================
17:14:30.0828 3944 Initialize success
17:14:30.0828 3944 ============================================================
17:14:37.0125 4056 ============================================================
17:14:37.0125 4056 Scan started
17:14:37.0125 4056 Mode: Manual; SigCheck; TDLFS;
17:14:37.0125 4056 ============================================================
17:14:37.0312 4056 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
17:14:37.0734 4056 !SASCORE - ok
17:14:37.0921 4056 Abiosdsk - ok
17:14:37.0984 4056 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:14:45.0515 4056 abp480n5 - ok
17:14:45.0578 4056 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:14:45.0906 4056 ACPI - ok
17:14:45.0937 4056 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:14:46.0140 4056 ACPIEC - ok
17:14:46.0187 4056 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:14:46.0421 4056 adpu160m - ok
17:14:46.0453 4056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:14:46.0671 4056 aec - ok
17:14:46.0703 4056 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
17:14:47.0078 4056 Afc - ok
17:14:47.0125 4056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:14:47.0281 4056 AFD - ok
17:14:47.0312 4056 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:14:47.0625 4056 agp440 - ok
17:14:47.0656 4056 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:14:47.0890 4056 agpCPQ - ok
17:14:47.0953 4056 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:14:48.0046 4056 Aha154x - ok
17:14:48.0062 4056 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:14:48.0281 4056 aic78u2 - ok
17:14:48.0343 4056 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:14:48.0593 4056 aic78xx - ok
17:14:48.0640 4056 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
17:14:48.0890 4056 Alerter - ok
17:14:48.0937 4056 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
17:14:49.0062 4056 ALG - ok
17:14:49.0109 4056 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:14:49.0328 4056 AliIde - ok
17:14:49.0359 4056 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:14:49.0593 4056 alim1541 - ok
17:14:49.0640 4056 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:14:49.0890 4056 amdagp - ok
17:14:49.0937 4056 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:14:50.0031 4056 amsint - ok
17:14:50.0109 4056 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
17:14:50.0140 4056 AntiVirSchedulerService - ok
17:14:50.0171 4056 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
17:14:50.0203 4056 AntiVirService - ok
17:14:50.0218 4056 AppMgmt - ok
17:14:50.0359 4056 AR5416 (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
17:14:50.0484 4056 AR5416 - ok
17:14:50.0515 4056 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:14:50.0750 4056 asc - ok
17:14:50.0843 4056 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:14:51.0000 4056 asc3350p - ok
17:14:51.0031 4056 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:14:51.0296 4056 asc3550 - ok
17:14:51.0437 4056 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:14:51.0500 4056 aspnet_state - ok
17:14:51.0531 4056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:14:51.0765 4056 AsyncMac - ok
17:14:51.0843 4056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:14:52.0046 4056 atapi - ok
17:14:52.0062 4056 Atdisk - ok
17:14:52.0093 4056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:14:52.0328 4056 Atmarpc - ok
17:14:52.0359 4056 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
17:14:52.0578 4056 AudioSrv - ok
17:14:52.0656 4056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:14:52.0859 4056 audstub - ok
17:14:52.0953 4056 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:14:53.0000 4056 avgntflt - ok
17:14:53.0046 4056 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:14:53.0093 4056 avipbb - ok
17:14:53.0109 4056 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:14:53.0156 4056 avkmgr - ok
17:14:53.0171 4056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:14:53.0406 4056 Beep - ok
17:14:53.0484 4056 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
17:14:53.0765 4056 BITS - ok
17:14:53.0859 4056 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
17:14:54.0078 4056 Browser - ok
17:14:54.0125 4056 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:14:54.0359 4056 cbidf - ok
17:14:54.0375 4056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:14:54.0578 4056 cbidf2k - ok
17:14:54.0609 4056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:14:54.0843 4056 CCDECODE - ok
17:14:54.0937 4056 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:14:55.0031 4056 cd20xrnt - ok
17:14:55.0062 4056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:14:55.0281 4056 Cdaudio - ok
17:14:55.0328 4056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:14:55.0578 4056 Cdfs - ok
17:14:55.0625 4056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:14:55.0843 4056 Cdrom - ok
17:14:55.0859 4056 Changer - ok
17:14:55.0953 4056 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
17:14:56.0171 4056 CiSvc - ok
17:14:56.0234 4056 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
17:14:56.0468 4056 ClipSrv - ok
17:14:56.0609 4056 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:14:56.0937 4056 clr_optimization_v2.0.50727_32 - ok
17:14:57.0015 4056 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:14:57.0140 4056 clr_optimization_v4.0.30319_32 - ok
17:14:57.0171 4056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:14:57.0484 4056 CmBatt - ok
17:14:57.0515 4056 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:14:57.0734 4056 CmdIde - ok
17:14:57.0750 4056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:14:57.0953 4056 Compbatt - ok
17:14:57.0968 4056 COMSysApp - ok
17:14:58.0046 4056 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:14:58.0281 4056 Cpqarray - ok
17:14:58.0343 4056 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
17:14:58.0562 4056 CryptSvc - ok
17:14:58.0687 4056 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:14:58.0937 4056 dac2w2k - ok
17:14:59.0015 4056 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:14:59.0250 4056 dac960nt - ok
17:14:59.0375 4056 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:14:59.0453 4056 DcomLaunch - ok
17:14:59.0515 4056 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
17:14:59.0718 4056 Dhcp - ok
17:14:59.0750 4056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:15:00.0000 4056 Disk - ok
17:15:00.0078 4056 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
17:15:00.0125 4056 DKbFltr - ok
17:15:00.0125 4056 dmadmin - ok
17:15:00.0218 4056 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:15:00.0484 4056 dmboot - ok
17:15:00.0531 4056 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:15:00.0796 4056 dmio - ok
17:15:00.0828 4056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:15:01.0046 4056 dmload - ok
17:15:01.0078 4056 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
17:15:01.0296 4056 dmserver - ok
17:15:01.0328 4056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:15:01.0546 4056 DMusic - ok
17:15:01.0640 4056 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
17:15:01.0734 4056 Dnscache - ok
17:15:01.0750 4056 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
17:15:01.0984 4056 Dot3svc - ok
17:15:02.0031 4056 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:15:02.0312 4056 dpti2o - ok
17:15:02.0343 4056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:15:02.0562 4056 drmkaud - ok
17:15:02.0640 4056 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
17:15:02.0890 4056 EapHost - ok
17:15:02.0921 4056 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
17:15:03.0156 4056 ERSvc - ok
17:15:03.0234 4056 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:15:03.0265 4056 Eventlog - ok
17:15:03.0328 4056 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
17:15:03.0375 4056 EventSystem - ok
17:15:03.0421 4056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:15:03.0671 4056 Fastfat - ok
17:15:03.0703 4056 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:15:03.0796 4056 FastUserSwitchingCompatibility - ok
17:15:03.0843 4056 Fax (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe
17:15:04.0078 4056 Fax - ok
17:15:04.0109 4056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:15:04.0312 4056 Fdc - ok
17:15:04.0343 4056 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:15:04.0578 4056 Fips - ok
17:15:04.0609 4056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:15:04.0828 4056 Flpydisk - ok
17:15:04.0859 4056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:15:05.0109 4056 FltMgr - ok
17:15:05.0187 4056 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:15:05.0218 4056 FontCache3.0.0.0 - ok
17:15:05.0250 4056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:15:05.0468 4056 Fs_Rec - ok
17:15:05.0500 4056 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:15:05.0718 4056 Ftdisk - ok
17:15:05.0734 4056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:15:05.0984 4056 Gpc - ok
17:15:06.0062 4056 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
17:15:06.0125 4056 gupdate - ok
17:15:06.0140 4056 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
17:15:06.0156 4056 gupdatem - ok
17:15:06.0187 4056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:15:06.0390 4056 HDAudBus - ok
17:15:06.0453 4056 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:15:06.0671 4056 helpsvc - ok
17:15:06.0687 4056 HidServ - ok
17:15:06.0734 4056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:15:06.0953 4056 HidUsb - ok
17:15:06.0968 4056 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
17:15:07.0187 4056 hkmsvc - ok
17:15:07.0203 4056 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:15:07.0421 4056 hpn - ok
17:15:07.0468 4056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:15:07.0531 4056 HTTP - ok
17:15:07.0562 4056 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
17:15:07.0828 4056 HTTPFilter - ok
17:15:07.0859 4056 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:15:08.0093 4056 i2omgmt - ok
17:15:08.0140 4056 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:15:08.0359 4056 i2omp - ok
17:15:08.0390 4056 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:15:08.0609 4056 i8042prt - ok
17:15:09.0031 4056 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:15:09.0671 4056 ialm - ok
17:15:09.0765 4056 ICQ Service (5c7d72eab04b1df8c5d2acc6551fde49) C:\Programme\ICQ6Toolbar\ICQ Service.exe
17:15:09.0812 4056 ICQ Service - ok
17:15:10.0015 4056 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:15:10.0187 4056 idsvc - ok
17:15:10.0328 4056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:15:10.0562 4056 Imapi - ok
17:15:10.0640 4056 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
17:15:10.0859 4056 ImapiService - ok
17:15:10.0906 4056 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:15:11.0140 4056 ini910u - ok
17:15:11.0187 4056 int15.sys - ok
17:15:11.0562 4056 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:15:12.0031 4056 IntcAzAudAddService - ok
17:15:12.0234 4056 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:15:12.0562 4056 IntelIde - ok
17:15:12.0593 4056 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:15:12.0828 4056 intelppm - ok
17:15:12.0859 4056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:15:13.0093 4056 Ip6Fw - ok
17:15:13.0140 4056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:15:13.0343 4056 IpFilterDriver - ok
17:15:13.0359 4056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:15:13.0562 4056 IpInIp - ok
17:15:13.0625 4056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:15:13.0828 4056 IpNat - ok
17:15:13.0859 4056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:15:14.0062 4056 IPSec - ok
17:15:14.0078 4056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:15:14.0203 4056 IRENUM - ok
17:15:14.0234 4056 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:15:14.0453 4056 isapnp - ok
17:15:14.0515 4056 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
17:15:14.0546 4056 IviRegMgr - ok
17:15:14.0609 4056 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Programme\Java\jre6\bin\jqs.exe
17:15:14.0640 4056 JavaQuickStarterService - ok
17:15:14.0687 4056 JMCR (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
17:15:14.0765 4056 JMCR - ok
17:15:14.0796 4056 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:15:15.0031 4056 Kbdclass - ok
17:15:15.0062 4056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:15:15.0312 4056 kmixer - ok
17:15:15.0359 4056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:15:15.0468 4056 KSecDD - ok
17:15:15.0500 4056 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
17:15:15.0578 4056 LanmanServer - ok
17:15:15.0640 4056 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
17:15:15.0703 4056 lanmanworkstation - ok
17:15:15.0718 4056 lbrtfdc - ok
17:15:15.0765 4056 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
17:15:16.0046 4056 LmHosts - ok
17:15:16.0093 4056 M3000Srv (8da3ac548c6ef91b284dcff1a84be3db) C:\WINDOWS\system32\Drivers\M3000KNT.sys
17:15:16.0203 4056 M3000Srv - ok
17:15:16.0234 4056 massfilter (112db6314bb175ba5f27a66e11c01d77) C:\WINDOWS\system32\DRIVERS\massfilter.sys
17:15:16.0296 4056 massfilter - ok
17:15:16.0328 4056 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
17:15:16.0359 4056 MBAMProtector - ok
17:15:16.0468 4056 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:15:16.0562 4056 MBAMService - ok
17:15:16.0609 4056 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:15:16.0656 4056 MBAMSwissArmy - ok
17:15:16.0687 4056 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
17:15:16.0984 4056 Messenger - ok
17:15:17.0015 4056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:15:17.0218 4056 mnmdd - ok
17:15:17.0234 4056 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
17:15:17.0453 4056 mnmsrvc - ok
17:15:17.0468 4056 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:15:17.0703 4056 Modem - ok
17:15:17.0734 4056 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:15:17.0937 4056 Mouclass - ok
17:15:17.0968 4056 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:15:18.0171 4056 mouhid - ok
17:15:18.0203 4056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:15:18.0437 4056 MountMgr - ok
17:15:18.0484 4056 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:15:18.0703 4056 mraid35x - ok
17:15:18.0734 4056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:15:18.0953 4056 MRxDAV - ok
17:15:19.0031 4056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:15:19.0171 4056 MRxSmb - ok
17:15:19.0203 4056 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
17:15:19.0421 4056 MSDTC - ok
17:15:19.0468 4056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:15:19.0750 4056 Msfs - ok
17:15:19.0750 4056 MSIServer - ok
17:15:19.0796 4056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:15:20.0000 4056 MSKSSRV - ok
17:15:20.0015 4056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:15:20.0218 4056 MSPCLOCK - ok
17:15:20.0234 4056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:15:20.0453 4056 MSPQM - ok
17:15:20.0484 4056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:15:20.0703 4056 mssmbios - ok
17:15:20.0734 4056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:15:20.0968 4056 MSTEE - ok
17:15:21.0015 4056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:15:21.0078 4056 Mup - ok
17:15:21.0109 4056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:15:21.0343 4056 NABTSFEC - ok
17:15:21.0390 4056 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
17:15:21.0640 4056 napagent - ok
17:15:21.0687 4056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:15:21.0921 4056 NDIS - ok
17:15:21.0984 4056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:15:22.0187 4056 NdisIP - ok
17:15:22.0218 4056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:15:22.0312 4056 NdisTapi - ok
17:15:22.0343 4056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:15:22.0578 4056 Ndisuio - ok
17:15:22.0593 4056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:15:22.0828 4056 NdisWan - ok
17:15:22.0875 4056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:15:22.0953 4056 NDProxy - ok
17:15:22.0968 4056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:15:23.0187 4056 NetBIOS - ok
17:15:23.0234 4056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:15:23.0468 4056 NetBT - ok
17:15:23.0515 4056 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:15:23.0750 4056 NetDDE - ok
17:15:23.0750 4056 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
17:15:23.0953 4056 NetDDEdsdm - ok
17:15:24.0000 4056 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:15:24.0218 4056 Netlogon - ok
17:15:24.0250 4056 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
17:15:24.0468 4056 Netman - ok
17:15:24.0578 4056 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:15:24.0656 4056 NetTcpPortSharing - ok
17:15:24.0718 4056 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
17:15:24.0750 4056 Nla - ok
17:15:24.0796 4056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:15:25.0000 4056 Npfs - ok
17:15:25.0062 4056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:15:25.0375 4056 Ntfs - ok
17:15:25.0421 4056 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:15:25.0640 4056 NtLmSsp - ok
17:15:25.0687 4056 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
17:15:25.0937 4056 NtmsSvc - ok
17:15:25.0953 4056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:15:26.0171 4056 Null - ok
17:15:26.0203 4056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:15:26.0390 4056 NwlnkFlt - ok
17:15:26.0421 4056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:15:26.0640 4056 NwlnkFwd - ok
17:15:26.0781 4056 odserv (e54aa592a65f317390eee386a8821692) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
17:15:26.0843 4056 odserv - ok
17:15:26.0890 4056 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:15:26.0921 4056 ose - ok
17:15:26.0953 4056 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:15:27.0187 4056 Parport - ok
17:15:27.0203 4056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:15:27.0453 4056 PartMgr - ok
17:15:27.0484 4056 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:15:27.0687 4056 ParVdm - ok
17:15:27.0718 4056 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:15:27.0937 4056 PCI - ok
17:15:27.0953 4056 PCIDump - ok
17:15:27.0984 4056 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:15:28.0187 4056 PCIIde - ok
17:15:28.0218 4056 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:15:28.0453 4056 Pcmcia - ok
17:15:28.0468 4056 PDCOMP - ok
17:15:28.0484 4056 PDFRAME - ok
17:15:28.0484 4056 PDRELI - ok
17:15:28.0500 4056 PDRFRAME - ok
17:15:28.0546 4056 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:15:28.0796 4056 perc2 - ok
17:15:28.0828 4056 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:15:29.0046 4056 perc2hib - ok
17:15:29.0109 4056 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
17:15:29.0171 4056 PlugPlay - ok
17:15:29.0187 4056 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:15:29.0390 4056 PolicyAgent - ok
17:15:29.0421 4056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:15:29.0640 4056 PptpMiniport - ok
17:15:29.0640 4056 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:15:29.0859 4056 ProtectedStorage - ok
17:15:29.0890 4056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:15:30.0093 4056 PSched - ok
17:15:30.0109 4056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:15:30.0328 4056 Ptilink - ok
17:15:30.0359 4056 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:15:30.0578 4056 ql1080 - ok
17:15:30.0609 4056 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:15:30.0828 4056 Ql10wnt - ok
17:15:30.0859 4056 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:15:31.0093 4056 ql12160 - ok
17:15:31.0109 4056 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:15:31.0328 4056 ql1240 - ok
17:15:31.0359 4056 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:15:31.0578 4056 ql1280 - ok
17:15:31.0609 4056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:15:31.0812 4056 RasAcd - ok
17:15:31.0843 4056 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
17:15:32.0062 4056 RasAuto - ok
17:15:32.0093 4056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:15:32.0296 4056 Rasl2tp - ok
17:15:32.0343 4056 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
17:15:32.0562 4056 RasMan - ok
17:15:32.0609 4056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:15:32.0812 4056 RasPppoe - ok
17:15:32.0828 4056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:15:33.0031 4056 Raspti - ok
17:15:33.0078 4056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:15:33.0312 4056 Rdbss - ok
17:15:33.0328 4056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:15:33.0546 4056 RDPCDD - ok
17:15:33.0609 4056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:15:33.0843 4056 rdpdr - ok
17:15:33.0890 4056 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:15:33.0968 4056 RDPWD - ok
17:15:34.0000 4056 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
17:15:34.0234 4056 RDSessMgr - ok
17:15:34.0281 4056 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:15:34.0484 4056 redbook - ok
17:15:34.0546 4056 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
17:15:34.0781 4056 RemoteAccess - ok
17:15:34.0812 4056 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
17:15:35.0031 4056 RpcLocator - ok
17:15:35.0093 4056 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
17:15:35.0156 4056 RpcSs - ok
17:15:35.0218 4056 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
17:15:35.0421 4056 RSVP - ok
17:15:35.0468 4056 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:15:35.0531 4056 RTLE8023xp - ok
17:15:35.0546 4056 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
17:15:35.0750 4056 SamSs - ok
17:15:35.0843 4056 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
17:15:35.0859 4056 SASDIFSV - ok
17:15:35.0890 4056 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
17:15:35.0921 4056 SASKUTIL - ok
17:15:35.0953 4056 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
17:15:36.0203 4056 SCardSvr - ok
17:15:36.0234 4056 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
17:15:36.0437 4056 Schedule - ok
17:15:36.0484 4056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:15:36.0578 4056 Secdrv - ok
17:15:36.0593 4056 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
17:15:36.0796 4056 seclogon - ok
17:15:36.0828 4056 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
17:15:37.0015 4056 SENS - ok
17:15:37.0046 4056 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:15:37.0250 4056 Serial - ok
17:15:37.0312 4056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:15:37.0531 4056 Sfloppy - ok
17:15:37.0593 4056 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
17:15:37.0796 4056 SharedAccess - ok
17:15:37.0828 4056 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:15:37.0859 4056 ShellHWDetection - ok
17:15:37.0859 4056 Simbad - ok
17:15:37.0890 4056 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:15:38.0125 4056 sisagp - ok
17:15:38.0171 4056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:15:38.0390 4056 SLIP - ok
17:15:38.0437 4056 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:15:38.0562 4056 Sparrow - ok
17:15:38.0578 4056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:15:38.0796 4056 splitter - ok
17:15:38.0812 4056 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:15:38.0859 4056 Spooler - ok
17:15:38.0875 4056 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:15:39.0000 4056 sr - ok
17:15:39.0062 4056 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
17:15:39.0156 4056 srservice - ok
17:15:39.0218 4056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:15:39.0312 4056 Srv - ok
17:15:39.0328 4056 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
17:15:39.0468 4056 SSDPSRV - ok
17:15:39.0500 4056 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:15:39.0531 4056 ssmdrv - ok
17:15:39.0578 4056 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
17:15:39.0828 4056 stisvc - ok
17:15:39.0859 4056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:15:40.0078 4056 streamip - ok
17:15:40.0109 4056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:15:40.0312 4056 swenum - ok
17:15:40.0343 4056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:15:40.0578 4056 swmidi - ok
17:15:40.0578 4056 SwPrv - ok
17:15:40.0609 4056 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:15:40.0812 4056 symc810 - ok
17:15:40.0828 4056 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:15:41.0062 4056 symc8xx - ok
17:15:41.0093 4056 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:15:41.0296 4056 sym_hi - ok
17:15:41.0312 4056 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:15:41.0515 4056 sym_u3 - ok
17:15:41.0562 4056 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:15:41.0640 4056 SynTP - ok
17:15:41.0671 4056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:15:41.0890 4056 sysaudio - ok
17:15:41.0937 4056 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
17:15:42.0171 4056 SysmonLog - ok
17:15:42.0218 4056 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
17:15:42.0437 4056 TapiSrv - ok
17:15:42.0515 4056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:15:42.0609 4056 Tcpip - ok
17:15:42.0656 4056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:15:42.0875 4056 TDPIPE - ok
17:15:42.0875 4056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:15:43.0093 4056 TDTCP - ok
17:15:43.0109 4056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:15:43.0343 4056 TermDD - ok
17:15:43.0406 4056 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
17:15:43.0609 4056 TermService - ok
17:15:43.0656 4056 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
17:15:43.0671 4056 Themes - ok
17:15:43.0718 4056 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
17:15:43.0937 4056 TosIde - ok
17:15:43.0968 4056 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
17:15:44.0187 4056 TrkWks - ok
17:15:44.0250 4056 TuneUp.Defrag (0d630405311e1ae574bc2ec6681e485e) C:\WINDOWS\System32\TuneUpDefragService.exe
17:15:44.0312 4056 TuneUp.Defrag - ok
17:15:44.0359 4056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:15:44.0562 4056 Udfs - ok
17:15:44.0593 4056 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:15:44.0687 4056 ultra - ok
17:15:44.0750 4056 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Programme\Unlocker\UnlockerDriver5.sys
17:15:44.0781 4056 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
17:15:44.0781 4056 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
17:15:44.0828 4056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:15:45.0078 4056 Update - ok
17:15:45.0125 4056 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
17:15:45.0265 4056 upnphost - ok
17:15:45.0296 4056 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
17:15:45.0531 4056 UPS - ok
17:15:45.0546 4056 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:15:45.0765 4056 usbaudio - ok
17:15:45.0796 4056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:15:46.0031 4056 usbccgp - ok
17:15:46.0062 4056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:15:46.0296 4056 usbehci - ok
17:15:46.0328 4056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:15:46.0531 4056 usbhub - ok
17:15:46.0562 4056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:15:46.0812 4056 usbprint - ok
17:15:46.0843 4056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:15:47.0062 4056 USBSTOR - ok
17:15:47.0078 4056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:15:47.0281 4056 usbuhci - ok
17:15:47.0312 4056 UxTuneUp (838c97b3d28bfebdd11d12adfe957004) C:\WINDOWS\System32\uxtuneup.dll
17:15:47.0328 4056 UxTuneUp - ok
17:15:47.0359 4056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:15:47.0578 4056 VgaSave - ok
17:15:47.0609 4056 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:15:47.0828 4056 viaagp - ok
17:15:47.0843 4056 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:15:48.0062 4056 ViaIde - ok
17:15:48.0109 4056 VMCService (8719bcfbaa239ccdaa3054973661f3e6) C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
17:15:48.0140 4056 VMCService ( UnsignedFile.Multi.Generic ) - warning
17:15:48.0140 4056 VMCService - detected UnsignedFile.Multi.Generic (1)
17:15:48.0171 4056 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:15:48.0390 4056 VolSnap - ok
17:15:48.0468 4056 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
17:15:48.0578 4056 VSS - ok
17:15:48.0625 4056 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
17:15:48.0843 4056 W32Time - ok
17:15:48.0890 4056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:15:49.0109 4056 Wanarp - ok
17:15:49.0125 4056 WDICA - ok
17:15:49.0140 4056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:15:49.0375 4056 wdmaud - ok
17:15:49.0406 4056 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
17:15:49.0625 4056 WebClient - ok
17:15:49.0703 4056 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:15:49.0890 4056 winmgmt - ok
17:15:49.0953 4056 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
17:15:50.0156 4056 WmdmPmSN - ok
17:15:50.0187 4056 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:15:50.0375 4056 WmiAcpi - ok
17:15:50.0421 4056 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:15:50.0640 4056 WmiApSrv - ok
17:15:50.0859 4056 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:15:50.0937 4056 WPFFontCache_v0400 - ok
17:15:51.0000 4056 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
17:15:51.0234 4056 wscsvc - ok
17:15:51.0265 4056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:15:51.0468 4056 WSTCODEC - ok
17:15:51.0484 4056 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
17:15:51.0687 4056 wuauserv - ok
17:15:51.0750 4056 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
17:15:51.0984 4056 WZCSVC - ok
17:15:52.0046 4056 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
17:15:52.0281 4056 xmlprov - ok
17:15:52.0343 4056 ZTEusbmdm6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
17:15:52.0437 4056 ZTEusbmdm6k - ok
17:15:52.0484 4056 ZTEusbnet (d788e7d89cc491644d7a45b227f9b25e) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
17:15:52.0562 4056 ZTEusbnet - ok
17:15:52.0609 4056 ZTEusbnmea (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
17:15:52.0656 4056 ZTEusbnmea - ok
17:15:52.0703 4056 ZTEusbser6k (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
17:15:52.0734 4056 ZTEusbser6k - ok
17:15:52.0765 4056 ZTEusbvoice (d169ecbde1291b7d720441550d15d104) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
17:15:52.0812 4056 ZTEusbvoice - ok
17:15:52.0859 4056 MBR (0x1B8) (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
17:16:00.0921 4056 \Device\Harddisk0\DR0 - ok
17:16:00.0953 4056 Boot (0x1200) (c09af61bf711941a97c414e4fa1fc23d) \Device\Harddisk0\DR0\Partition0
17:16:00.0968 4056 \Device\Harddisk0\DR0\Partition0 - ok
17:16:00.0968 4056 ============================================================
17:16:00.0968 4056 Scan finished
17:16:00.0968 4056 ============================================================
17:16:01.0078 4048 Detected object count: 2
17:16:01.0078 4048 Actual detected object count: 2
17:17:43.0296 4048 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:43.0296 4048 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:17:43.0296 4048 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
17:17:43.0296 4048 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.06.2012, 22:38
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Hast du gut gemacht   Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 23:22
| #23 |
| | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Wuhuuuu, mein Desktop ist wieder voll (: Sieht ja vielversprechend aus (: Schonmal vieeeelen Dank (: Hier das Log: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-20.02 - **** 21.06.2012 0:03.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1012.552 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-20 bis 2012-06-20 ))))))))))))))))))))))))))))))
.
.
2012-06-20 15:10 . 2012-06-20 15:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-18 11:47 . 2012-06-18 11:47 -------- d-----w- c:\programme\7-Zip
2012-06-15 10:54 . 2012-06-20 21:45 1244860 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-13 15:42 . 2012-06-13 15:43 -------- d-----w- c:\dokumente und einstellungen\Administrator\.gimp-2.6
2012-06-13 15:39 . 2012-06-18 11:55 -------- d-----w- C:\_OTL
2012-06-13 13:24 . 2012-06-13 13:24 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\PrivacIE
2012-06-11 21:16 . 2012-06-11 21:16 -------- d-sh--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-11 21:16 . 2012-06-11 21:16 -------- d--h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2012-06-07 23:50 . 2012-06-07 23:50 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2012-06-07 23:50 . 2012-06-07 23:50 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 12:00 604160 ---ha-w- c:\windows\system32\crypt32.dll
2012-05-08 20:33 . 2012-01-09 18:07 137928 ---ha-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 20:33 . 2012-01-09 18:07 83392 ---ha-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-11 13:51 . 2008-04-14 12:00 2029056 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2008-04-14 12:00 2150912 ---ha-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2008-04-14 12:00 1862400 ---ha-w- c:\windows\system32\win32k.sys
2012-04-04 13:56 . 2012-03-06 15:55 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 09:18 . 2012-03-27 09:18 40776 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"LaunchApp"="Alaunch" [X]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-03-25 2499584]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programme\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Gast\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\****\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ---ha-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.01.2012 20:07 36000]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.01.2012 20:07 86224]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [06.10.2008 12:47 246520]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [25.03.2010 02:32 9216]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05.05.2008 09:01 254976]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.01.2011 21:29 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [04.01.2011 21:29 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [21.05.2008 10:11 96856]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [30.06.2011 15:02 9728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.03.2012 17:55 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27.03.2012 11:18 40776]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [30.06.2011 15:03 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [30.06.2011 15:03 105088]
S4 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.03.2012 17:55 654408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-20 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-15 09:54]
.
2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-04 19:28]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-04 19:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://global.acer.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PhotoScape - f:\photoscape\uninstall.exe
AddRemove-VLC media player - d:\vlc\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-21 00:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
Zeit der Fertigstellung: 2012-06-21 00:16:04
ComboFix-quarantined-files.txt 2012-06-20 22:16
.
Vor Suchlauf: 3 Verzeichnis(se), 82.739.539.968 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 83.160.973.312 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E09FD7456176DA4824C59860BF560B5D
|
|
21.06.2012, 11:48
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
Folder::
c:\programme\ICQ6Toolbar
Driver::
ICQ Service
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 13:25
| #25 |
| | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Hat funktioniert, war ja gar nicht so kompliziert wie es auf den ersten Blick schien :'D Hier die Log-Datei 'Combofix.txt': [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-21.03 - **** 22.06.2012 13:41:07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1012.532 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\****\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\****\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\ICQ6Toolbar
c:\programme\ICQ6Toolbar\config.xml
c:\programme\ICQ6Toolbar\Icons.bmp
c:\programme\ICQ6Toolbar\ICQ Service.exe
c:\programme\ICQ6Toolbar\icq6Toolbar.ico
c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
c:\programme\ICQ6Toolbar\logo_small.gif
c:\programme\ICQ6Toolbar\ServiceStarter.exe
c:\programme\ICQ6Toolbar\short.wav
c:\programme\ICQ6Toolbar\Version.txt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-22 bis 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-20 15:10 . 2012-06-20 15:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-18 11:47 . 2012-06-18 11:47 -------- d-----w- c:\programme\7-Zip
2012-06-13 15:42 . 2012-06-13 15:43 -------- d-----w- c:\dokumente und einstellungen\Administrator\.gimp-2.6
2012-06-13 15:39 . 2012-06-18 11:55 -------- d-----w- C:\_OTL
2012-06-13 13:24 . 2012-06-13 13:24 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\PrivacIE
2012-06-11 21:16 . 2012-06-11 21:16 -------- d-sh--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-11 21:16 . 2012-06-11 21:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2012-06-07 23:50 . 2012-06-07 23:50 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2012-06-07 23:50 . 2012-06-07 23:50 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-08 20:33 . 2012-01-09 18:07 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 20:33 . 2012-01-09 18:07 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-11 13:51 . 2008-04-14 12:00 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2008-04-14 12:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-04-04 13:56 . 2012-03-06 15:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-27 09:18 . 2012-03-27 09:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-20_22.10.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-22 11:50 . 2012-06-22 11:50 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
+ 2008-07-11 14:08 . 2012-06-22 11:21 88494 c:\windows\system32\perfc009.dat
+ 2008-07-11 14:08 . 2012-06-22 11:21 503728 c:\windows\system32\perfh009.dat
+ 2008-07-11 14:08 . 2012-06-22 11:21 529186 c:\windows\system32\perfh007.dat
+ 2008-07-11 14:08 . 2012-06-22 11:21 106162 c:\windows\system32\perfc007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"LaunchApp"="Alaunch" [X]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2010-03-25 2499584]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"AzMixerSel"="c:\programme\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Gast\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\Gabi\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09.01.2012 20:07 36000]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.01.2012 20:07 86224]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [25.03.2010 02:32 9216]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05.05.2008 09:01 254976]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.01.2011 21:29 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [04.01.2011 21:29 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [21.05.2008 10:11 96856]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [30.06.2011 15:02 9728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.03.2012 17:55 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27.03.2012 11:18 40776]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [30.06.2011 15:03 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [30.06.2011 15:03 105088]
S4 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.03.2012 17:55 654408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-15 09:54]
.
2012-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-04 19:28]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-04 19:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://global.acer.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-22 13:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3080)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\igfxext.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\dokume~1\****\LOKALE~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22 13:56:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-22 11:56
ComboFix2.txt 2012-06-20 22:16
.
Vor Suchlauf: 22 Verzeichnis(se), 82.992.721.920 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 82.896.293.888 Bytes frei
.
- - End Of File - - EB407AC891D76599BF142252AD653F1A
|
|
22.06.2012, 13:49
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.06.2012, 20:49
| #27 |
| | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Hat alles funktioniert (: Zuerst das GMER-Log: Code:
ATTFilter GMER Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:41:19 on 23.06.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-24 21:25:58
-----------------------------
21:25:58.687 OS Version: Windows 5.1.2600 Service Pack 3
21:25:58.687 Number of processors: 2 586 0x1C02
21:25:58.687 ComputerName: ****** UserName: ****
21:25:59.281 Initialize success
21:26:13.000 AVAST engine defs: 12062300
21:26:18.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:26:18.203 Disk 0 Vendor: Hitachi_HTS543212L9A300 FBBOC40C Size: 114473MB BusType: 3
21:26:18.250 Disk 0 MBR read successfully
21:26:18.265 Disk 0 MBR scan
21:26:18.359 Disk 0 unknown MBR code
21:26:18.375 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 5992 MB offset 63
21:26:18.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108477 MB offset 12273660
21:26:18.640 Disk 0 scanning sectors +234436545
21:26:18.796 Disk 0 scanning C:\WINDOWS\system32\drivers
21:26:36.250 Service scanning
21:27:10.031 Modules scanning
21:27:21.453 Disk 0 trace - called modules:
21:27:21.500 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:27:21.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86365030]
21:27:21.578 3 CLASSPNP.SYS[f7767fd7] -> nt!IofCallDriver -> \Device\00000093[0x863a3030]
21:27:21.593 5 ACPI.sys[f765d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86345940]
21:27:22.203 AVAST engine scan C:\WINDOWS
21:27:45.015 AVAST engine scan C:\WINDOWS\system32
21:34:10.968 AVAST engine scan C:\WINDOWS\system32\drivers
21:34:36.468 AVAST engine scan C:\Dokumente und Einstellungen\****
21:36:50.687 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:37:19.781 Scan finished successfully
21:37:33.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\****\Desktop\MBR.dat"
21:37:33.343 The log file has been saved successfully to "C:\Dokumente und Einstellungen\****\Desktop\aswMBR.txt"
|
|
25.06.2012, 13:06
| #29 |
| | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Oje, stimmt, da hab ich wohl beim kopieren Mist gebaut .__. Hier nochmal der Log von OSAM: [code] OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:41:19 on 23.06.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AzMixerSel" - "Realtek Semiconductor Corp." - C:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe "LaunchApp" - "Acer Inc." - Alaunch "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE "M3000Mnt" - ? - Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt (File signed by Microsoft | File found, but it contains no detailed information) "MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent "MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC (File signed by Microsoft | File found, but it contains no detailed information) "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== |
|
25.06.2012, 14:17
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu S.M.A.R.T. hdd Trojaner - Probleme bei der Beseitigung |
| abgesicherten, administrator, beendet, beseitigung, einstellungen, entfernen, erwischt, explorer.exe, fehler, hallo zusammen, hilfe!, hintergrund, installation, klicke, link, logfile, löschen, malwarebytes, probleme, s.m.a.r.t hdd, speicher, suche, symbol, systemwiederherstellung, trojaner, windows |
Linear-Darstellung
