| |
| |||||||
Log-Analyse und Auswertung: Windows verschluesselungs TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.06.2012, 13:40
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows verschluesselungs Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2012.06.26 23:42:27 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net
[2011.11.19 23:23:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\ajveAUpJsjgXEtDOf
[2011.07.30 20:35:35 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\DENEEDefdQJqqTp
[2012.02.17 15:22:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\dlujyXTtxrroLleVUv
[2012.02.19 20:15:10 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\DtDrfoJlqfaJGy
[2011.10.04 20:59:21 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\eQpuGArXExDrdoJl
[2011.08.21 17:14:15 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\gAslgVouDyVaQxqN
[2011.12.08 18:59:00 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\GodovlqUaJsygTnt
[2011.06.25 13:39:16 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\JUjTXttOrLoslVVuvA
[2012.04.04 18:17:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\JvaXxtOOnosldVQuAy
[2011.03.23 09:18:14 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\LTrdLveAUpJsjO
[2011.04.29 20:50:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\nVAfaQGjNTEGer
[2011.08.17 12:39:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\qjxxrOoLDsUUvu
[2011.05.06 22:21:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\qsntDOfLQljVTu
[2012.02.02 19:42:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\QuXTsxNroLDsVUvvqAaX
[2011.09.10 22:45:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\soNroLDsVUvvyAaXx
[2011.05.06 22:20:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\TfqgTnxegdLQejUpu
[2012.06.15 09:39:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\TjtOOnosldVQuAypT
[2012.02.14 08:21:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\txonssdVvuqAppsxgN
[2011.09.05 11:01:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\ysnssgVnQeAfpQGjN
O7 - HKU\S-1-5-21-343818398-926492609-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-926492609-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
:Files
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\WinZip165International.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.06.2012, 13:54
| #17 |
 | Windows verschluesselungs Trojaner Das OTL Log nach dem Fix und Neustart:
__________________Code:
ATTFilter ========== OTL ==========
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\search\engine folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net\components folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\extensions\toolbar@gmx.net folder moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\ajveAUpJsjgXEtDOf moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\DENEEDefdQJqqTp moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\dlujyXTtxrroLleVUv moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\DtDrfoJlqfaJGy moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\eQpuGArXExDrdoJl moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\gAslgVouDyVaQxqN moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\GodovlqUaJsygTnt moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\JUjTXttOrLoslVVuvA moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\JvaXxtOOnosldVQuAy moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\LTrdLveAUpJsjO moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\nVAfaQGjNTEGer moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\qjxxrOoLDsUUvu moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\qsntDOfLQljVTu moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\QuXTsxNroLDsVUvvqAaX moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\soNroLDsVUvvyAaXx moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\TfqgTnxegdLQejUpu moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\TjtOOnosldVQuAypT moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\txonssdVvuqAppsxgN moved successfully.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\searchplugins\ysnssgVnQeAfpQGjN moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-926492609-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-926492609-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\WinZip165International.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 38410014 bytes
->Temporary Internet Files folder emptied: 262137856 bytes
->FireFox cache emptied: 237936585 bytes
->Google Chrome cache emptied: 5837168 bytes
->Flash cache emptied: 8179 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 301808 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2771214 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3118115 bytes
Total Files Cleaned = 525,00 mb
[EMPTYFLASH]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5947392 bytes
->FireFox cache emptied: 50590816 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
Total Flash Files Cleaned = 54,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 06282012_144820
Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\startupCache\startupCache.4.little moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\Cache\_CACHE_001_ moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\Cache\_CACHE_002_ moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\Cache\_CACHE_003_ moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\Cache\_CACHE_MAP_ moved successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\urlclassifier3.sqlite moved successfully.
Registry entries deleted on Reboot...
|
|
29.06.2012, 09:35
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
29.06.2012, 10:28
| #19 |
| | Windows verschluesselungs Trojaner TDSSKiller Report: Code:
ATTFilter 11:19:17.0250 2540 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
11:19:18.0453 2540 ============================================================
11:19:18.0453 2540 Current date / time: 2012/06/29 11:19:18.0453
11:19:18.0453 2540 SystemInfo:
11:19:18.0453 2540
11:19:18.0453 2540 OS Version: 5.1.2600 ServicePack: 3.0
11:19:18.0453 2540 Product type: Workstation
11:19:18.0453 2540 ComputerName: JOHNDOO-7214670
11:19:18.0453 2540 UserName: Administrator
11:19:18.0453 2540 Windows directory: C:\WINDOWS
11:19:18.0453 2540 System windows directory: C:\WINDOWS
11:19:18.0453 2540 Processor architecture: Intel x86
11:19:18.0453 2540 Number of processors: 2
11:19:18.0453 2540 Page size: 0x1000
11:19:18.0453 2540 Boot type: Normal boot
11:19:18.0453 2540 ============================================================
11:19:19.0875 2540 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:19:19.0875 2540 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:19:19.0875 2540 ============================================================
11:19:19.0875 2540 \Device\Harddisk0\DR0:
11:19:19.0875 2540 MBR partitions:
11:19:19.0875 2540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3FEEFCE
11:19:19.0890 2540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3FEF04C, BlocksNum 0xEA29A75
11:19:19.0890 2540 \Device\Harddisk1\DR1:
11:19:19.0890 2540 MBR partitions:
11:19:19.0890 2540 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xA04159D
11:19:19.0890 2540 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xA0454DC, BlocksNum 0x89D35E5
11:19:19.0890 2540 ============================================================
11:19:19.0906 2540 C: <-> \Device\Harddisk0\DR0\Partition0
11:19:19.0906 2540 D: <-> \Device\Harddisk0\DR0\Partition1
11:19:19.0937 2540 E: <-> \Device\Harddisk1\DR1\Partition0
11:19:19.0937 2540 F: <-> \Device\Harddisk1\DR1\Partition1
11:19:19.0937 2540 ============================================================
11:19:19.0937 2540 Initialize success
11:19:19.0937 2540 ============================================================
11:20:28.0906 2708 ============================================================
11:20:28.0906 2708 Scan started
11:20:28.0906 2708 Mode: Manual;
11:20:28.0906 2708 ============================================================
11:20:29.0187 2708 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
11:20:29.0187 2708 !SASCORE - ok
11:20:29.0250 2708 Abiosdsk - ok
11:20:29.0265 2708 abp480n5 - ok
11:20:29.0296 2708 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:20:29.0296 2708 ACPI - ok
11:20:29.0328 2708 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:20:29.0328 2708 ACPIEC - ok
11:20:29.0390 2708 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:29.0406 2708 AdobeFlashPlayerUpdateSvc - ok
11:20:29.0406 2708 adpu160m - ok
11:20:29.0421 2708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:20:29.0421 2708 aec - ok
11:20:29.0453 2708 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:20:29.0453 2708 AFD - ok
11:20:29.0453 2708 Aha154x - ok
11:20:29.0468 2708 aic78u2 - ok
11:20:29.0468 2708 aic78xx - ok
11:20:29.0500 2708 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:20:29.0500 2708 Alerter - ok
11:20:29.0515 2708 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:20:29.0515 2708 ALG - ok
11:20:29.0531 2708 AliIde - ok
11:20:29.0625 2708 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:20:29.0671 2708 Ambfilt - ok
11:20:29.0750 2708 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
11:20:29.0765 2708 AmdLLD - ok
11:20:29.0765 2708 amsint - ok
11:20:29.0859 2708 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
11:20:29.0859 2708 AntiVirSchedulerService - ok
11:20:29.0890 2708 AntiVirService (8003169bb5b5cdc2be2dff4c95a88cd5) C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:20:29.0890 2708 AntiVirService - ok
11:20:29.0921 2708 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:20:29.0921 2708 AppMgmt - ok
11:20:29.0953 2708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:20:29.0953 2708 Arp1394 - ok
11:20:29.0953 2708 asc - ok
11:20:29.0953 2708 asc3350p - ok
11:20:29.0968 2708 asc3550 - ok
11:20:30.0031 2708 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:20:30.0046 2708 aspnet_state - ok
11:20:30.0062 2708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:20:30.0062 2708 AsyncMac - ok
11:20:30.0078 2708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:20:30.0078 2708 atapi - ok
11:20:30.0093 2708 Atdisk - ok
11:20:30.0109 2708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:20:30.0109 2708 Atmarpc - ok
11:20:30.0140 2708 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:20:30.0140 2708 AudioSrv - ok
11:20:30.0171 2708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:20:30.0171 2708 audstub - ok
11:20:30.0203 2708 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:20:30.0203 2708 avgntflt - ok
11:20:30.0234 2708 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:20:30.0250 2708 avipbb - ok
11:20:30.0250 2708 avkmgr - ok
11:20:30.0281 2708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:20:30.0281 2708 Beep - ok
11:20:30.0328 2708 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:20:30.0359 2708 BITS - ok
11:20:30.0375 2708 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:20:30.0375 2708 Browser - ok
11:20:30.0406 2708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:20:30.0406 2708 cbidf2k - ok
11:20:30.0437 2708 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:20:30.0437 2708 CCDECODE - ok
11:20:30.0437 2708 cd20xrnt - ok
11:20:30.0453 2708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:20:30.0453 2708 Cdaudio - ok
11:20:30.0468 2708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:20:30.0468 2708 Cdfs - ok
11:20:30.0500 2708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:20:30.0500 2708 Cdrom - ok
11:20:30.0500 2708 Changer - ok
11:20:30.0515 2708 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:20:30.0515 2708 CiSvc - ok
11:20:30.0531 2708 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:20:30.0531 2708 ClipSrv - ok
11:20:30.0578 2708 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:30.0593 2708 clr_optimization_v2.0.50727_32 - ok
11:20:30.0609 2708 CmdIde - ok
11:20:30.0609 2708 COMSysApp - ok
11:20:30.0609 2708 Cpqarray - ok
11:20:30.0671 2708 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:20:30.0671 2708 CryptSvc - ok
11:20:30.0671 2708 dac2w2k - ok
11:20:30.0671 2708 dac960nt - ok
11:20:30.0718 2708 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:20:30.0718 2708 DcomLaunch - ok
11:20:30.0765 2708 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:20:30.0765 2708 Dhcp - ok
11:20:30.0765 2708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:20:30.0765 2708 Disk - ok
11:20:30.0765 2708 dmadmin - ok
11:20:30.0828 2708 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:20:30.0828 2708 dmboot - ok
11:20:30.0843 2708 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:20:30.0859 2708 dmio - ok
11:20:30.0875 2708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:20:30.0875 2708 dmload - ok
11:20:30.0875 2708 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:20:30.0875 2708 dmserver - ok
11:20:30.0890 2708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:20:30.0890 2708 DMusic - ok
11:20:30.0906 2708 Dnscache (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
11:20:30.0906 2708 Dnscache - ok
11:20:30.0953 2708 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:20:30.0953 2708 Dot3svc - ok
11:20:30.0953 2708 dpti2o - ok
11:20:30.0953 2708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:20:30.0953 2708 drmkaud - ok
11:20:30.0984 2708 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:20:30.0984 2708 EapHost - ok
11:20:31.0015 2708 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:20:31.0015 2708 ERSvc - ok
11:20:31.0046 2708 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:20:31.0046 2708 Eventlog - ok
11:20:31.0093 2708 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:20:31.0093 2708 EventSystem - ok
11:20:31.0109 2708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:20:31.0109 2708 Fastfat - ok
11:20:31.0140 2708 FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
11:20:31.0140 2708 FastUserSwitchingCompatibility - ok
11:20:31.0156 2708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:20:31.0156 2708 Fdc - ok
11:20:31.0171 2708 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:20:31.0171 2708 Fips - ok
11:20:31.0171 2708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:20:31.0171 2708 Flpydisk - ok
11:20:31.0218 2708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:20:31.0218 2708 FltMgr - ok
11:20:31.0328 2708 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:20:31.0328 2708 FontCache3.0.0.0 - ok
11:20:31.0359 2708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:20:31.0359 2708 Fs_Rec - ok
11:20:31.0375 2708 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:20:31.0375 2708 Ftdisk - ok
11:20:31.0390 2708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:20:31.0390 2708 Gpc - ok
11:20:31.0406 2708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:20:31.0406 2708 HDAudBus - ok
11:20:31.0437 2708 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:20:31.0437 2708 helpsvc - ok
11:20:31.0484 2708 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
11:20:31.0484 2708 HidServ - ok
11:20:31.0484 2708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:20:31.0484 2708 hidusb - ok
11:20:31.0531 2708 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:20:31.0531 2708 hkmsvc - ok
11:20:31.0531 2708 hpn - ok
11:20:31.0578 2708 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:20:31.0578 2708 HTTP - ok
11:20:31.0609 2708 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:20:31.0609 2708 HTTPFilter - ok
11:20:31.0609 2708 i2omgmt - ok
11:20:31.0625 2708 i2omp - ok
11:20:31.0625 2708 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
11:20:31.0625 2708 i8042prt - ok
11:20:31.0703 2708 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:20:31.0718 2708 idsvc - ok
11:20:31.0718 2708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:20:31.0718 2708 Imapi - ok
11:20:31.0750 2708 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:20:31.0750 2708 ImapiService - ok
11:20:31.0765 2708 ini910u - ok
11:20:32.0031 2708 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:20:32.0062 2708 IntcAzAudAddService - ok
11:20:32.0125 2708 IntelIde - ok
11:20:32.0140 2708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:20:32.0140 2708 Ip6Fw - ok
11:20:32.0171 2708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:20:32.0171 2708 IpFilterDriver - ok
11:20:32.0187 2708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:20:32.0187 2708 IpInIp - ok
11:20:32.0203 2708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:20:32.0203 2708 IpNat - ok
11:20:32.0234 2708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:20:32.0234 2708 IPSec - ok
11:20:32.0250 2708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:20:32.0250 2708 IRENUM - ok
11:20:32.0265 2708 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:20:32.0265 2708 isapnp - ok
11:20:32.0281 2708 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:20:32.0281 2708 Kbdclass - ok
11:20:32.0281 2708 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:20:32.0281 2708 kbdhid - ok
11:20:32.0312 2708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:20:32.0312 2708 kmixer - ok
11:20:32.0312 2708 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:20:32.0312 2708 KSecDD - ok
11:20:32.0328 2708 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
11:20:32.0343 2708 lanmanserver - ok
11:20:32.0375 2708 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:20:32.0375 2708 lanmanworkstation - ok
11:20:32.0375 2708 lbrtfdc - ok
11:20:32.0390 2708 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:20:32.0390 2708 LmHosts - ok
11:20:32.0406 2708 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:20:32.0406 2708 Messenger - ok
11:20:32.0421 2708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:20:32.0421 2708 mnmdd - ok
11:20:32.0437 2708 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:20:32.0437 2708 mnmsrvc - ok
11:20:32.0453 2708 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:20:32.0453 2708 Modem - ok
11:20:32.0546 2708 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:20:32.0593 2708 Monfilt - ok
11:20:32.0609 2708 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:20:32.0609 2708 Mouclass - ok
11:20:32.0625 2708 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:20:32.0625 2708 mouhid - ok
11:20:32.0625 2708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:20:32.0625 2708 MountMgr - ok
11:20:32.0625 2708 mraid35x - ok
11:20:32.0656 2708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:20:32.0656 2708 MRxDAV - ok
11:20:32.0703 2708 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:20:32.0718 2708 MRxSmb - ok
11:20:32.0734 2708 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:20:32.0734 2708 MSDTC - ok
11:20:32.0734 2708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:20:32.0750 2708 Msfs - ok
11:20:32.0750 2708 MSIServer - ok
11:20:32.0781 2708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:20:32.0781 2708 MSKSSRV - ok
11:20:32.0796 2708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:20:32.0796 2708 MSPCLOCK - ok
11:20:32.0796 2708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:20:32.0796 2708 MSPQM - ok
11:20:32.0812 2708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:20:32.0812 2708 mssmbios - ok
11:20:32.0843 2708 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:20:32.0843 2708 MSTEE - ok
11:20:32.0843 2708 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:20:32.0843 2708 Mup - ok
11:20:32.0890 2708 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:20:32.0890 2708 NABTSFEC - ok
11:20:32.0937 2708 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:20:32.0953 2708 napagent - ok
11:20:32.0953 2708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:20:32.0968 2708 NDIS - ok
11:20:32.0984 2708 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:20:32.0984 2708 NdisIP - ok
11:20:33.0000 2708 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:20:33.0000 2708 NdisTapi - ok
11:20:33.0000 2708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:20:33.0000 2708 Ndisuio - ok
11:20:33.0015 2708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:20:33.0015 2708 NdisWan - ok
11:20:33.0015 2708 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:20:33.0015 2708 NDProxy - ok
11:20:33.0031 2708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:20:33.0031 2708 NetBIOS - ok
11:20:33.0046 2708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:20:33.0046 2708 NetBT - ok
11:20:33.0078 2708 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:20:33.0078 2708 NetDDE - ok
11:20:33.0078 2708 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:20:33.0078 2708 NetDDEdsdm - ok
11:20:33.0093 2708 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:20:33.0109 2708 Netlogon - ok
11:20:33.0109 2708 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:20:33.0125 2708 Netman - ok
11:20:33.0203 2708 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:20:33.0203 2708 NetTcpPortSharing - ok
11:20:33.0218 2708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:20:33.0218 2708 NIC1394 - ok
11:20:33.0265 2708 Nla (acd8bd448a74f344d46fcaf21bab92af) C:\WINDOWS\System32\mswsock.dll
11:20:33.0265 2708 Nla - ok
11:20:33.0265 2708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:20:33.0265 2708 Npfs - ok
11:20:33.0296 2708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:20:33.0296 2708 Ntfs - ok
11:20:33.0296 2708 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:20:33.0296 2708 NtLmSsp - ok
11:20:33.0328 2708 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:20:33.0343 2708 NtmsSvc - ok
11:20:33.0359 2708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:20:33.0375 2708 Null - ok
11:20:33.0859 2708 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:20:34.0578 2708 nv - ok
11:20:35.0140 2708 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
11:20:35.0140 2708 NVHDA - ok
11:20:35.0171 2708 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
11:20:35.0187 2708 NVSvc - ok
11:20:35.0390 2708 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:20:35.0406 2708 nvUpdatusService - ok
11:20:35.0484 2708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:20:35.0484 2708 NwlnkFlt - ok
11:20:35.0484 2708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:20:35.0484 2708 NwlnkFwd - ok
11:20:35.0515 2708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:20:35.0515 2708 ohci1394 - ok
11:20:35.0531 2708 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
11:20:35.0531 2708 Parport - ok
11:20:35.0531 2708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:20:35.0531 2708 PartMgr - ok
11:20:35.0562 2708 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:20:35.0562 2708 ParVdm - ok
11:20:35.0593 2708 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:20:35.0593 2708 PCI - ok
11:20:35.0593 2708 PCIDump - ok
11:20:35.0625 2708 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:20:35.0625 2708 PCIIde - ok
11:20:35.0656 2708 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:20:35.0656 2708 Pcmcia - ok
11:20:35.0671 2708 PDCOMP - ok
11:20:35.0671 2708 PDFRAME - ok
11:20:35.0671 2708 PDRELI - ok
11:20:35.0687 2708 PDRFRAME - ok
11:20:35.0687 2708 perc2 - ok
11:20:35.0687 2708 perc2hib - ok
11:20:35.0750 2708 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:20:35.0750 2708 PlugPlay - ok
11:20:35.0796 2708 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:20:35.0796 2708 PolicyAgent - ok
11:20:35.0812 2708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:20:35.0812 2708 PptpMiniport - ok
11:20:35.0843 2708 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys
11:20:35.0843 2708 PQNTDrv - ok
11:20:35.0843 2708 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
11:20:35.0843 2708 Processor - ok
11:20:35.0859 2708 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:20:35.0859 2708 ProtectedStorage - ok
11:20:35.0875 2708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:20:35.0875 2708 PSched - ok
11:20:35.0875 2708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:20:35.0875 2708 Ptilink - ok
11:20:35.0890 2708 ql1080 - ok
11:20:35.0890 2708 Ql10wnt - ok
11:20:35.0890 2708 ql12160 - ok
11:20:35.0906 2708 ql1240 - ok
11:20:35.0906 2708 ql1280 - ok
11:20:35.0921 2708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:20:35.0921 2708 RasAcd - ok
11:20:35.0953 2708 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:20:35.0953 2708 RasAuto - ok
11:20:35.0984 2708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:20:35.0984 2708 Rasl2tp - ok
11:20:36.0015 2708 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:20:36.0015 2708 RasMan - ok
11:20:36.0015 2708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:20:36.0031 2708 RasPppoe - ok
11:20:36.0031 2708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:20:36.0031 2708 Raspti - ok
11:20:36.0046 2708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:20:36.0046 2708 Rdbss - ok
11:20:36.0046 2708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:20:36.0046 2708 RDPCDD - ok
11:20:36.0062 2708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:20:36.0078 2708 rdpdr - ok
11:20:36.0109 2708 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:20:36.0109 2708 RDPWD - ok
11:20:36.0156 2708 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:20:36.0156 2708 RDSessMgr - ok
11:20:36.0171 2708 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:20:36.0171 2708 redbook - ok
11:20:36.0218 2708 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:20:36.0218 2708 RemoteAccess - ok
11:20:36.0250 2708 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:20:36.0265 2708 RemoteRegistry - ok
11:20:36.0312 2708 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:20:36.0312 2708 RpcLocator - ok
11:20:36.0375 2708 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:20:36.0375 2708 RpcSs - ok
11:20:36.0406 2708 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:20:36.0421 2708 RSVP - ok
11:20:36.0453 2708 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
11:20:36.0453 2708 RTL8023xp - ok
11:20:36.0484 2708 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:20:36.0484 2708 rtl8139 - ok
11:20:36.0515 2708 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:20:36.0515 2708 SamSs - ok
11:20:36.0593 2708 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
11:20:36.0593 2708 SASDIFSV - ok
11:20:36.0609 2708 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
11:20:36.0609 2708 SASKUTIL - ok
11:20:36.0640 2708 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:20:36.0640 2708 SCardSvr - ok
11:20:36.0671 2708 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:20:36.0687 2708 Schedule - ok
11:20:36.0718 2708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:20:36.0718 2708 Secdrv - ok
11:20:36.0734 2708 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:20:36.0734 2708 seclogon - ok
11:20:36.0781 2708 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:20:36.0781 2708 SENS - ok
11:20:36.0843 2708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:20:36.0843 2708 serenum - ok
11:20:36.0890 2708 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:20:36.0890 2708 Serial - ok
11:20:36.0937 2708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:20:36.0937 2708 Sfloppy - ok
11:20:36.0953 2708 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:20:36.0953 2708 SharedAccess - ok
11:20:37.0000 2708 ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
11:20:37.0000 2708 ShellHWDetection - ok
11:20:37.0000 2708 Simbad - ok
11:20:37.0015 2708 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:20:37.0015 2708 SLIP - ok
11:20:37.0140 2708 SmcService (f3cc67ebbd33ec8d87be51169b5add6d) C:\Programme\Sygate\SPF\smc.exe
11:20:37.0156 2708 SmcService - ok
11:20:37.0265 2708 Sparrow - ok
11:20:37.0296 2708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:20:37.0296 2708 splitter - ok
11:20:37.0312 2708 Spooler (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
11:20:37.0312 2708 Spooler - ok
11:20:37.0375 2708 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:20:37.0390 2708 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:20:37.0390 2708 sptd ( LockedFile.Multi.Generic ) - warning
11:20:37.0390 2708 sptd - detected LockedFile.Multi.Generic (1)
11:20:37.0390 2708 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:20:37.0390 2708 sr - ok
11:20:37.0421 2708 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:20:37.0421 2708 srservice - ok
11:20:37.0468 2708 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
11:20:37.0468 2708 Srv - ok
11:20:37.0484 2708 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:20:37.0484 2708 SSDPSRV - ok
11:20:37.0531 2708 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:20:37.0531 2708 ssmdrv - ok
11:20:37.0593 2708 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:20:37.0609 2708 stisvc - ok
11:20:37.0656 2708 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:20:37.0656 2708 streamip - ok
11:20:37.0671 2708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:20:37.0671 2708 swenum - ok
11:20:37.0687 2708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:20:37.0687 2708 swmidi - ok
11:20:37.0687 2708 SwPrv - ok
11:20:37.0703 2708 symc810 - ok
11:20:37.0703 2708 symc8xx - ok
11:20:37.0718 2708 sym_hi - ok
11:20:37.0718 2708 sym_u3 - ok
11:20:37.0734 2708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:20:37.0734 2708 sysaudio - ok
11:20:37.0843 2708 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:20:37.0843 2708 SysmonLog - ok
11:20:37.0875 2708 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:20:37.0890 2708 TapiSrv - ok
11:20:38.0187 2708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:20:38.0234 2708 Tcpip - ok
11:20:38.0265 2708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:20:38.0265 2708 TDPIPE - ok
11:20:38.0296 2708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:20:38.0296 2708 TDTCP - ok
11:20:38.0390 2708 Teefer (64e59fcf5f81f55442e8476ce8e54ca0) C:\WINDOWS\system32\Drivers\Teefer.sys
11:20:38.0390 2708 Teefer - ok
11:20:38.0484 2708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:20:38.0484 2708 TermDD - ok
11:20:38.0781 2708 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:20:38.0781 2708 TermService - ok
11:20:38.0921 2708 Themes (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
11:20:38.0921 2708 Themes - ok
11:20:39.0046 2708 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:20:39.0046 2708 TlntSvr - ok
11:20:39.0062 2708 TosIde - ok
11:20:39.0218 2708 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:20:39.0250 2708 TrkWks - ok
11:20:39.0484 2708 TuneUp.Defrag (233fcd3443cfbbaa27e7e463dccbc528) C:\WINDOWS\System32\TuneUpDefragService.exe
11:20:39.0515 2708 TuneUp.Defrag - ok
11:20:39.0640 2708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:20:39.0656 2708 Udfs - ok
11:20:39.0656 2708 ultra - ok
11:20:39.0734 2708 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
11:20:39.0750 2708 UMWdf - ok
11:20:40.0000 2708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:20:40.0062 2708 Update - ok
11:20:40.0234 2708 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:20:40.0265 2708 upnphost - ok
11:20:40.0328 2708 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:20:40.0343 2708 UPS - ok
11:20:40.0421 2708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:20:40.0437 2708 usbccgp - ok
11:20:40.0484 2708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:20:40.0484 2708 usbehci - ok
11:20:40.0578 2708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:20:40.0593 2708 usbhub - ok
11:20:40.0640 2708 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:20:40.0656 2708 usbohci - ok
11:20:40.0734 2708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:20:40.0734 2708 usbscan - ok
11:20:40.0796 2708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:20:40.0796 2708 USBSTOR - ok
11:20:40.0968 2708 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:20:40.0984 2708 usbvideo - ok
11:20:41.0062 2708 UxTuneUp (d81cd7e761c1a52dec20f0d4eaea3259) C:\WINDOWS\System32\uxtuneup.dll
11:20:41.0062 2708 UxTuneUp - ok
11:20:41.0187 2708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:20:41.0203 2708 VgaSave - ok
11:20:41.0203 2708 ViaIde - ok
11:20:41.0265 2708 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:20:41.0265 2708 VolSnap - ok
11:20:41.0437 2708 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:20:41.0453 2708 VSS - ok
11:20:42.0265 2708 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:20:42.0265 2708 vToolbarUpdater11.2.0 - ok
11:20:42.0453 2708 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:20:42.0468 2708 W32Time - ok
11:20:42.0531 2708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:20:42.0546 2708 Wanarp - ok
11:20:42.0562 2708 WDICA - ok
11:20:42.0625 2708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:20:42.0625 2708 wdmaud - ok
11:20:42.0703 2708 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:20:42.0703 2708 WebClient - ok
11:20:42.0765 2708 wg3n (8e95e30e9031c3ac25ec2455da19831f) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
11:20:42.0765 2708 wg3n - ok
11:20:42.0906 2708 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:20:42.0906 2708 winmgmt - ok
11:20:45.0359 2708 WMConnectCDS (f2e9fcb970d02e1647e185da1d2e3ca9) C:\Programme\Windows Media Connect 2\wmccds.exe
11:20:45.0375 2708 WMConnectCDS - ok
11:20:45.0406 2708 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
11:20:45.0406 2708 WmdmPmSN - ok
11:20:45.0453 2708 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:20:45.0468 2708 Wmi - ok
11:20:45.0546 2708 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:20:45.0546 2708 WmiApSrv - ok
11:20:45.0578 2708 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:20:45.0578 2708 WpdUsb - ok
11:20:45.0625 2708 wpsdrvnt (f62a090f00c5b4e597e8aa4b1048ce05) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
11:20:45.0625 2708 wpsdrvnt - ok
11:20:45.0703 2708 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:20:45.0703 2708 wscsvc - ok
11:20:45.0734 2708 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:20:45.0750 2708 WSTCODEC - ok
11:20:45.0765 2708 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:20:45.0796 2708 wuauserv - ok
11:20:45.0828 2708 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:20:45.0843 2708 WZCSVC - ok
11:20:45.0875 2708 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
11:20:45.0875 2708 X10Hid - ok
11:20:45.0937 2708 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
11:20:45.0937 2708 x10nets - ok
11:20:45.0968 2708 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:20:45.0984 2708 xmlprov - ok
11:20:46.0000 2708 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:20:46.0375 2708 \Device\Harddisk0\DR0 - ok
11:20:46.0406 2708 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
11:20:46.0406 2708 \Device\Harddisk1\DR1 - ok
11:20:46.0421 2708 Boot (0x1200) (81ae3a177e9078b4e937be843c0eaba0) \Device\Harddisk0\DR0\Partition0
11:20:46.0421 2708 \Device\Harddisk0\DR0\Partition0 - ok
11:20:46.0437 2708 Boot (0x1200) (dbcc142e0e15f327a4c89d64eef5a225) \Device\Harddisk0\DR0\Partition1
11:20:46.0437 2708 \Device\Harddisk0\DR0\Partition1 - ok
11:20:46.0453 2708 Boot (0x1200) (b26c80c4c9b431da9b3707e60d01a93a) \Device\Harddisk1\DR1\Partition0
11:20:46.0453 2708 \Device\Harddisk1\DR1\Partition0 - ok
11:20:46.0468 2708 Boot (0x1200) (74a09427f7ea5b0e27997f46a9cf8de4) \Device\Harddisk1\DR1\Partition1
11:20:46.0468 2708 \Device\Harddisk1\DR1\Partition1 - ok
11:20:46.0468 2708 ============================================================
11:20:46.0468 2708 Scan finished
11:20:46.0468 2708 ============================================================
11:20:46.0484 2716 Detected object count: 1
11:20:46.0484 2716 Actual detected object count: 1
11:21:26.0656 2716 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:21:26.0656 2716 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:21:32.0015 3040 ============================================================
11:21:32.0015 3040 Scan started
11:21:32.0015 3040 Mode: Manual; SigCheck; TDLFS;
11:21:32.0015 3040 ============================================================
11:21:32.0265 3040 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Programme\SUPERAntiSpyware\SASCORE.EXE
11:21:32.0359 3040 !SASCORE - ok
11:21:32.0375 3040 Abiosdsk - ok
11:21:32.0375 3040 abp480n5 - ok
11:21:32.0421 3040 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:21:32.0984 3040 ACPI - ok
11:21:33.0000 3040 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:21:33.0140 3040 ACPIEC - ok
11:21:33.0203 3040 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:21:33.0218 3040 AdobeFlashPlayerUpdateSvc - ok
11:21:33.0218 3040 adpu160m - ok
11:21:33.0234 3040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:21:33.0359 3040 aec - ok
11:21:33.0390 3040 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:21:33.0421 3040 AFD - ok
11:21:33.0421 3040 Aha154x - ok
11:21:33.0437 3040 aic78u2 - ok
11:21:33.0437 3040 aic78xx - ok
11:21:33.0453 3040 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:21:33.0578 3040 Alerter - ok
11:21:33.0593 3040 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:21:33.0687 3040 ALG - ok
11:21:33.0687 3040 AliIde - ok
11:21:33.0781 3040 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:21:33.0859 3040 Ambfilt - ok
11:21:33.0921 3040 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
11:21:33.0953 3040 AmdLLD - ok
11:21:33.0953 3040 amsint - ok
11:21:34.0046 3040 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
11:21:34.0062 3040 AntiVirSchedulerService - ok
11:21:34.0093 3040 AntiVirService (8003169bb5b5cdc2be2dff4c95a88cd5) C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:21:34.0109 3040 AntiVirService - ok
11:21:34.0125 3040 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:21:34.0250 3040 AppMgmt - ok
11:21:34.0281 3040 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:21:34.0406 3040 Arp1394 - ok
11:21:34.0406 3040 asc - ok
11:21:34.0406 3040 asc3350p - ok
11:21:34.0406 3040 asc3550 - ok
11:21:34.0484 3040 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:21:34.0500 3040 aspnet_state - ok
11:21:34.0515 3040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:21:34.0625 3040 AsyncMac - ok
11:21:34.0656 3040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:21:34.0765 3040 atapi - ok
11:21:34.0765 3040 Atdisk - ok
11:21:34.0796 3040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:21:34.0890 3040 Atmarpc - ok
11:21:34.0921 3040 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:21:35.0031 3040 AudioSrv - ok
11:21:35.0062 3040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:21:35.0187 3040 audstub - ok
11:21:35.0203 3040 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:21:35.0203 3040 avgntflt - ok
11:21:35.0218 3040 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:21:35.0234 3040 avipbb - ok
11:21:35.0234 3040 avkmgr - ok
11:21:35.0265 3040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:21:35.0421 3040 Beep - ok
11:21:35.0468 3040 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:21:35.0562 3040 BITS - ok
11:21:35.0593 3040 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:21:35.0703 3040 Browser - ok
11:21:35.0734 3040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:21:35.0875 3040 cbidf2k - ok
11:21:35.0906 3040 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:21:36.0000 3040 CCDECODE - ok
11:21:36.0000 3040 cd20xrnt - ok
11:21:36.0031 3040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:21:36.0156 3040 Cdaudio - ok
11:21:36.0156 3040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:21:36.0250 3040 Cdfs - ok
11:21:36.0296 3040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:21:36.0390 3040 Cdrom - ok
11:21:36.0406 3040 Changer - ok
11:21:36.0406 3040 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:21:36.0531 3040 CiSvc - ok
11:21:36.0546 3040 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:21:36.0671 3040 ClipSrv - ok
11:21:36.0703 3040 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:36.0703 3040 clr_optimization_v2.0.50727_32 - ok
11:21:36.0703 3040 CmdIde - ok
11:21:36.0718 3040 COMSysApp - ok
11:21:36.0718 3040 Cpqarray - ok
11:21:36.0750 3040 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:21:36.0859 3040 CryptSvc - ok
11:21:36.0859 3040 dac2w2k - ok
11:21:36.0859 3040 dac960nt - ok
11:21:36.0906 3040 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:21:36.0968 3040 DcomLaunch - ok
11:21:37.0000 3040 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:21:37.0125 3040 Dhcp - ok
11:21:37.0125 3040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:21:37.0250 3040 Disk - ok
11:21:37.0250 3040 dmadmin - ok
11:21:37.0312 3040 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:21:37.0421 3040 dmboot - ok
11:21:37.0421 3040 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:21:37.0546 3040 dmio - ok
11:21:37.0562 3040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:21:37.0703 3040 dmload - ok
11:21:37.0718 3040 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:21:37.0828 3040 dmserver - ok
11:21:37.0843 3040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:21:37.0953 3040 DMusic - ok
11:21:37.0953 3040 Dnscache (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
11:21:38.0062 3040 Dnscache - ok
11:21:38.0078 3040 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:21:38.0187 3040 Dot3svc - ok
11:21:38.0187 3040 dpti2o - ok
11:21:38.0203 3040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:21:38.0312 3040 drmkaud - ok
11:21:38.0328 3040 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:21:38.0421 3040 EapHost - ok
11:21:38.0453 3040 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:21:38.0562 3040 ERSvc - ok
11:21:38.0593 3040 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:21:38.0609 3040 Eventlog - ok
11:21:38.0656 3040 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:21:38.0687 3040 EventSystem - ok
11:21:38.0718 3040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:21:38.0828 3040 Fastfat - ok
11:21:38.0859 3040 FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
11:21:38.0968 3040 FastUserSwitchingCompatibility - ok
11:21:38.0968 3040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:21:39.0078 3040 Fdc - ok
11:21:39.0093 3040 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:21:39.0187 3040 Fips - ok
11:21:39.0187 3040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:21:39.0296 3040 Flpydisk - ok
11:21:39.0328 3040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:21:39.0421 3040 FltMgr - ok
11:21:39.0515 3040 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:39.0515 3040 FontCache3.0.0.0 - ok
11:21:39.0531 3040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:21:39.0671 3040 Fs_Rec - ok
11:21:39.0687 3040 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:21:39.0828 3040 Ftdisk - ok
11:21:39.0843 3040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:21:39.0921 3040 Gpc - ok
11:21:39.0937 3040 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:21:40.0046 3040 HDAudBus - ok
11:21:40.0078 3040 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:21:40.0171 3040 helpsvc - ok
11:21:40.0187 3040 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
11:21:40.0296 3040 HidServ - ok
11:21:40.0328 3040 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:21:40.0421 3040 hidusb - ok
11:21:40.0453 3040 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:21:40.0546 3040 hkmsvc - ok
11:21:40.0546 3040 hpn - ok
11:21:40.0578 3040 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:21:40.0687 3040 HTTP - ok
11:21:40.0703 3040 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:21:40.0812 3040 HTTPFilter - ok
11:21:40.0812 3040 i2omgmt - ok
11:21:40.0812 3040 i2omp - ok
11:21:40.0843 3040 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys
11:21:40.0937 3040 i8042prt - ok
11:21:41.0000 3040 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:41.0046 3040 idsvc - ok
11:21:41.0062 3040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:21:41.0171 3040 Imapi - ok
11:21:41.0203 3040 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:21:41.0296 3040 ImapiService - ok
11:21:41.0312 3040 ini910u - ok
11:21:41.0562 3040 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:21:41.0765 3040 IntcAzAudAddService - ok
11:21:41.0812 3040 IntelIde - ok
11:21:41.0843 3040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:21:41.0953 3040 Ip6Fw - ok
11:21:41.0984 3040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:21:42.0109 3040 IpFilterDriver - ok
11:21:42.0140 3040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:21:42.0250 3040 IpInIp - ok
11:21:42.0265 3040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:21:42.0375 3040 IpNat - ok
11:21:42.0375 3040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:21:42.0484 3040 IPSec - ok
11:21:42.0515 3040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:21:42.0609 3040 IRENUM - ok
11:21:42.0640 3040 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:21:42.0734 3040 isapnp - ok
11:21:42.0734 3040 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:21:42.0828 3040 Kbdclass - ok
11:21:42.0843 3040 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:21:42.0937 3040 kbdhid - ok
11:21:42.0968 3040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:21:43.0062 3040 kmixer - ok
11:21:43.0078 3040 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:21:43.0171 3040 KSecDD - ok
11:21:43.0187 3040 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
11:21:43.0281 3040 lanmanserver - ok
11:21:43.0312 3040 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:21:43.0359 3040 lanmanworkstation - ok
11:21:43.0359 3040 lbrtfdc - ok
11:21:43.0390 3040 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:21:43.0484 3040 LmHosts - ok
11:21:43.0500 3040 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:21:43.0593 3040 Messenger - ok
11:21:43.0625 3040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:21:43.0750 3040 mnmdd - ok
11:21:43.0765 3040 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:21:43.0859 3040 mnmsrvc - ok
11:21:43.0875 3040 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:21:43.0968 3040 Modem - ok
11:21:44.0046 3040 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:21:44.0093 3040 Monfilt - ok
11:21:44.0109 3040 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:21:44.0203 3040 Mouclass - ok
11:21:44.0234 3040 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:21:44.0375 3040 mouhid - ok
11:21:44.0390 3040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:21:44.0484 3040 MountMgr - ok
11:21:44.0484 3040 mraid35x - ok
11:21:44.0500 3040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:21:44.0578 3040 MRxDAV - ok
11:21:44.0609 3040 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:21:44.0656 3040 MRxSmb - ok
11:21:44.0687 3040 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:21:44.0781 3040 MSDTC - ok
11:21:44.0796 3040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:21:44.0890 3040 Msfs - ok
11:21:44.0890 3040 MSIServer - ok
11:21:44.0906 3040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:21:45.0000 3040 MSKSSRV - ok
11:21:45.0015 3040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:21:45.0109 3040 MSPCLOCK - ok
11:21:45.0109 3040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:21:45.0203 3040 MSPQM - ok
11:21:45.0203 3040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:21:45.0296 3040 mssmbios - ok
11:21:45.0312 3040 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:21:45.0421 3040 MSTEE - ok
11:21:45.0468 3040 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:21:45.0562 3040 Mup - ok
11:21:45.0593 3040 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:21:45.0703 3040 NABTSFEC - ok
11:21:45.0750 3040 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:21:45.0859 3040 napagent - ok
11:21:45.0921 3040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:21:46.0015 3040 NDIS - ok
11:21:46.0031 3040 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:21:46.0140 3040 NdisIP - ok
11:21:46.0156 3040 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:21:46.0250 3040 NdisTapi - ok
11:21:46.0265 3040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:21:46.0375 3040 Ndisuio - ok
11:21:46.0703 3040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:21:46.0812 3040 NdisWan - ok
11:21:46.0921 3040 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:21:47.0031 3040 NDProxy - ok
11:21:47.0156 3040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:21:47.0296 3040 NetBIOS - ok
11:21:47.0406 3040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:21:47.0500 3040 NetBT - ok
11:21:47.0578 3040 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:21:47.0671 3040 NetDDE - ok
11:21:47.0671 3040 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:21:47.0765 3040 NetDDEdsdm - ok
11:21:47.0781 3040 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:21:47.0890 3040 Netlogon - ok
11:21:48.0125 3040 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:21:48.0250 3040 Netman - ok
11:21:48.0515 3040 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:48.0531 3040 NetTcpPortSharing - ok
11:21:48.0578 3040 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:21:48.0703 3040 NIC1394 - ok
11:21:49.0078 3040 Nla (acd8bd448a74f344d46fcaf21bab92af) C:\WINDOWS\System32\mswsock.dll
11:21:49.0156 3040 Nla - ok
11:21:49.0218 3040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:21:49.0328 3040 Npfs - ok
11:21:49.0734 3040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:21:49.0875 3040 Ntfs - ok
11:21:49.0875 3040 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:21:49.0968 3040 NtLmSsp - ok
11:21:50.0375 3040 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:21:50.0531 3040 NtmsSvc - ok
11:21:50.0593 3040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:21:50.0734 3040 Null - ok
11:21:51.0359 3040 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:21:52.0578 3040 nv - ok
11:21:53.0265 3040 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
11:21:53.0281 3040 NVHDA - ok
11:21:53.0312 3040 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
11:21:53.0328 3040 NVSvc - ok
11:21:53.0875 3040 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:21:53.0968 3040 nvUpdatusService - ok
11:21:54.0046 3040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:21:54.0187 3040 NwlnkFlt - ok
11:21:54.0187 3040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:21:54.0328 3040 NwlnkFwd - ok
11:21:54.0375 3040 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:21:54.0468 3040 ohci1394 - ok
11:21:54.0484 3040 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
11:21:54.0593 3040 Parport - ok
11:21:54.0593 3040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:21:54.0671 3040 PartMgr - ok
11:21:54.0703 3040 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:21:54.0843 3040 ParVdm - ok
11:21:54.0843 3040 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:21:54.0937 3040 PCI - ok
11:21:54.0937 3040 PCIDump - ok
11:21:54.0968 3040 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:21:55.0093 3040 PCIIde - ok
11:21:55.0125 3040 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:21:55.0234 3040 Pcmcia - ok
11:21:55.0234 3040 PDCOMP - ok
11:21:55.0234 3040 PDFRAME - ok
11:21:55.0234 3040 PDRELI - ok
11:21:55.0250 3040 PDRFRAME - ok
11:21:55.0250 3040 perc2 - ok
11:21:55.0250 3040 perc2hib - ok
11:21:55.0296 3040 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:21:55.0312 3040 PlugPlay - ok
11:21:55.0328 3040 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:21:55.0406 3040 PolicyAgent - ok
11:21:55.0421 3040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:21:55.0531 3040 PptpMiniport - ok
11:21:55.0546 3040 PQNTDrv (7e8be4d11f5ac1e5cae42719a7230508) C:\WINDOWS\system32\drivers\PQNTDrv.sys
11:21:55.0562 3040 PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
11:21:55.0562 3040 PQNTDrv - detected UnsignedFile.Multi.Generic (1)
11:21:55.0578 3040 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
11:21:55.0671 3040 Processor - ok
11:21:55.0671 3040 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:21:55.0750 3040 ProtectedStorage - ok
11:21:55.0765 3040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:21:55.0843 3040 PSched - ok
11:21:55.0859 3040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:21:56.0000 3040 Ptilink - ok
11:21:56.0000 3040 ql1080 - ok
11:21:56.0000 3040 Ql10wnt - ok
11:21:56.0015 3040 ql12160 - ok
11:21:56.0015 3040 ql1240 - ok
11:21:56.0015 3040 ql1280 - ok
11:21:56.0031 3040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:21:56.0156 3040 RasAcd - ok
11:21:56.0187 3040 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:21:56.0296 3040 RasAuto - ok
11:21:56.0312 3040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:21:56.0406 3040 Rasl2tp - ok
11:21:56.0437 3040 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:21:56.0531 3040 RasMan - ok
11:21:56.0546 3040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:21:56.0625 3040 RasPppoe - ok
11:21:56.0625 3040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:21:56.0765 3040 Raspti - ok
11:21:56.0781 3040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:21:56.0859 3040 Rdbss - ok
11:21:56.0875 3040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:21:56.0984 3040 RDPCDD - ok
11:21:57.0031 3040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:21:57.0109 3040 rdpdr - ok
11:21:57.0140 3040 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:21:57.0234 3040 RDPWD - ok
11:21:57.0265 3040 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:21:57.0375 3040 RDSessMgr - ok
11:21:57.0390 3040 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:21:57.0484 3040 redbook - ok
11:21:57.0500 3040 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:21:57.0593 3040 RemoteAccess - ok
11:21:57.0625 3040 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:21:57.0718 3040 RemoteRegistry - ok
11:21:57.0734 3040 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:21:57.0828 3040 RpcLocator - ok
11:21:57.0859 3040 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:21:57.0906 3040 RpcSs - ok
11:21:57.0953 3040 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:21:58.0078 3040 RSVP - ok
11:21:58.0109 3040 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
11:21:58.0171 3040 RTL8023xp - ok
11:21:58.0187 3040 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
11:21:58.0296 3040 rtl8139 - ok
11:21:58.0328 3040 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:21:58.0406 3040 SamSs - ok
11:21:58.0484 3040 SASDIFSV (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
11:21:58.0500 3040 SASDIFSV - ok
11:21:58.0515 3040 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
11:21:58.0515 3040 SASKUTIL - ok
11:21:58.0546 3040 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:21:58.0640 3040 SCardSvr - ok
11:21:58.0671 3040 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:21:58.0765 3040 Schedule - ok
11:21:58.0796 3040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:21:58.0875 3040 Secdrv - ok
11:21:58.0890 3040 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:21:58.0984 3040 seclogon - ok
11:21:58.0984 3040 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:21:59.0078 3040 SENS - ok
11:21:59.0093 3040 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:21:59.0171 3040 serenum - ok
11:21:59.0187 3040 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:21:59.0281 3040 Serial - ok
11:21:59.0296 3040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:21:59.0390 3040 Sfloppy - ok
11:21:59.0437 3040 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:21:59.0531 3040 SharedAccess - ok
11:21:59.0546 3040 ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
11:21:59.0640 3040 ShellHWDetection - ok
11:21:59.0640 3040 Simbad - ok
11:21:59.0671 3040 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:21:59.0765 3040 SLIP - ok
11:21:59.0890 3040 SmcService (f3cc67ebbd33ec8d87be51169b5add6d) C:\Programme\Sygate\SPF\smc.exe
11:21:59.0953 3040 SmcService - ok
11:22:00.0015 3040 Sparrow - ok
11:22:00.0062 3040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:22:00.0156 3040 splitter - ok
11:22:00.0171 3040 Spooler (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
11:22:00.0265 3040 Spooler - ok
11:22:00.0312 3040 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:22:00.0312 3040 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:22:00.0312 3040 sptd ( LockedFile.Multi.Generic ) - warning
11:22:00.0312 3040 sptd - detected LockedFile.Multi.Generic (1)
11:22:00.0328 3040 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:22:00.0406 3040 sr - ok
11:22:00.0437 3040 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:22:00.0531 3040 srservice - ok
11:22:00.0578 3040 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
11:22:00.0625 3040 Srv - ok
11:22:00.0640 3040 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:22:00.0734 3040 SSDPSRV - ok
11:22:00.0765 3040 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:22:00.0765 3040 ssmdrv - ok
11:22:00.0812 3040 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:22:00.0953 3040 stisvc - ok
11:22:00.0968 3040 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:22:01.0062 3040 streamip - ok
11:22:01.0078 3040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:22:01.0171 3040 swenum - ok
11:22:01.0187 3040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:22:01.0265 3040 swmidi - ok
11:22:01.0281 3040 SwPrv - ok
11:22:01.0281 3040 symc810 - ok
11:22:01.0281 3040 symc8xx - ok
11:22:01.0281 3040 sym_hi - ok
11:22:01.0296 3040 sym_u3 - ok
11:22:01.0312 3040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:22:01.0406 3040 sysaudio - ok
11:22:01.0421 3040 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:22:01.0531 3040 SysmonLog - ok
11:22:01.0546 3040 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:22:01.0640 3040 TapiSrv - ok
11:22:01.0687 3040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:22:01.0718 3040 Tcpip - ok
11:22:01.0734 3040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:22:01.0828 3040 TDPIPE - ok
11:22:01.0843 3040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:22:01.0937 3040 TDTCP - ok
11:22:01.0984 3040 Teefer (64e59fcf5f81f55442e8476ce8e54ca0) C:\WINDOWS\system32\Drivers\Teefer.sys
11:22:02.0000 3040 Teefer ( UnsignedFile.Multi.Generic ) - warning
11:22:02.0000 3040 Teefer - detected UnsignedFile.Multi.Generic (1)
11:22:02.0000 3040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:22:02.0093 3040 TermDD - ok
11:22:02.0125 3040 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:22:02.0218 3040 TermService - ok
11:22:02.0234 3040 Themes (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
11:22:02.0328 3040 Themes - ok
11:22:02.0343 3040 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:22:02.0453 3040 TlntSvr - ok
11:22:02.0453 3040 TosIde - ok
11:22:02.0500 3040 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:22:02.0578 3040 TrkWks - ok
11:22:02.0625 3040 TuneUp.Defrag (233fcd3443cfbbaa27e7e463dccbc528) C:\WINDOWS\System32\TuneUpDefragService.exe
11:22:02.0625 3040 TuneUp.Defrag - ok
11:22:02.0640 3040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:22:02.0734 3040 Udfs - ok
11:22:02.0750 3040 ultra - ok
11:22:02.0765 3040 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
11:22:02.0812 3040 UMWdf - ok
11:22:02.0843 3040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:22:02.0968 3040 Update - ok
11:22:03.0015 3040 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:22:03.0109 3040 upnphost - ok
11:22:03.0140 3040 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:22:03.0218 3040 UPS - ok
11:22:03.0250 3040 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:22:03.0343 3040 usbccgp - ok
11:22:03.0359 3040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:22:03.0453 3040 usbehci - ok
11:22:03.0468 3040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:22:03.0562 3040 usbhub - ok
11:22:03.0593 3040 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:22:03.0671 3040 usbohci - ok
11:22:03.0703 3040 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:22:03.0796 3040 usbscan - ok
11:22:03.0796 3040 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:22:03.0906 3040 USBSTOR - ok
11:22:03.0921 3040 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:22:04.0031 3040 usbvideo - ok
11:22:04.0031 3040 UxTuneUp (d81cd7e761c1a52dec20f0d4eaea3259) C:\WINDOWS\System32\uxtuneup.dll
11:22:04.0046 3040 UxTuneUp - ok
11:22:04.0046 3040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:22:04.0140 3040 VgaSave - ok
11:22:04.0140 3040 ViaIde - ok
11:22:04.0156 3040 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:22:04.0234 3040 VolSnap - ok
11:22:04.0281 3040 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:22:04.0375 3040 VSS - ok
11:22:04.0500 3040 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:22:04.0531 3040 vToolbarUpdater11.2.0 - ok
11:22:04.0578 3040 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:22:04.0671 3040 W32Time - ok
11:22:04.0687 3040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:22:04.0781 3040 Wanarp - ok
11:22:04.0781 3040 WDICA - ok
11:22:04.0796 3040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:22:04.0890 3040 wdmaud - ok
11:22:04.0906 3040 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:22:05.0000 3040 WebClient - ok
11:22:05.0031 3040 wg3n (8e95e30e9031c3ac25ec2455da19831f) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
11:22:05.0046 3040 wg3n ( UnsignedFile.Multi.Generic ) - warning
11:22:05.0046 3040 wg3n - detected UnsignedFile.Multi.Generic (1)
11:22:05.0109 3040 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:22:05.0203 3040 winmgmt - ok
11:22:05.0312 3040 WMConnectCDS (f2e9fcb970d02e1647e185da1d2e3ca9) C:\Programme\Windows Media Connect 2\wmccds.exe
11:22:05.0359 3040 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
11:22:05.0359 3040 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
11:22:05.0406 3040 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
11:22:05.0437 3040 WmdmPmSN - ok
11:22:05.0484 3040 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:22:05.0531 3040 Wmi - ok
11:22:05.0546 3040 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:22:05.0640 3040 WmiApSrv - ok
11:22:05.0703 3040 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
11:22:05.0718 3040 WpdUsb - ok
11:22:05.0750 3040 wpsdrvnt (f62a090f00c5b4e597e8aa4b1048ce05) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
11:22:05.0750 3040 wpsdrvnt ( UnsignedFile.Multi.Generic ) - warning
11:22:05.0750 3040 wpsdrvnt - detected UnsignedFile.Multi.Generic (1)
11:22:05.0781 3040 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
11:22:05.0875 3040 wscsvc - ok
11:22:05.0890 3040 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:22:06.0000 3040 WSTCODEC - ok
11:22:06.0000 3040 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:22:06.0093 3040 wuauserv - ok
11:22:06.0140 3040 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:22:06.0265 3040 WZCSVC - ok
11:22:06.0296 3040 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
11:22:06.0328 3040 X10Hid - ok
11:22:06.0406 3040 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
11:22:06.0437 3040 x10nets ( UnsignedFile.Multi.Generic ) - warning
11:22:06.0437 3040 x10nets - detected UnsignedFile.Multi.Generic (1)
11:22:06.0468 3040 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:22:06.0546 3040 xmlprov - ok
11:22:06.0593 3040 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
11:22:07.0078 3040 \Device\Harddisk0\DR0 - ok
11:22:07.0125 3040 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
11:22:07.0250 3040 \Device\Harddisk1\DR1 - ok
11:22:07.0250 3040 Boot (0x1200) (81ae3a177e9078b4e937be843c0eaba0) \Device\Harddisk0\DR0\Partition0
11:22:07.0250 3040 \Device\Harddisk0\DR0\Partition0 - ok
11:22:07.0265 3040 Boot (0x1200) (dbcc142e0e15f327a4c89d64eef5a225) \Device\Harddisk0\DR0\Partition1
11:22:07.0265 3040 \Device\Harddisk0\DR0\Partition1 - ok
11:22:07.0296 3040 Boot (0x1200) (b26c80c4c9b431da9b3707e60d01a93a) \Device\Harddisk1\DR1\Partition0
11:22:07.0296 3040 \Device\Harddisk1\DR1\Partition0 - ok
11:22:07.0312 3040 Boot (0x1200) (74a09427f7ea5b0e27997f46a9cf8de4) \Device\Harddisk1\DR1\Partition1
11:22:07.0328 3040 \Device\Harddisk1\DR1\Partition1 - ok
11:22:07.0328 3040 ============================================================
11:22:07.0328 3040 Scan finished
11:22:07.0328 3040 ============================================================
11:22:07.0437 2964 Detected object count: 7
11:22:07.0437 2964 Actual detected object count: 7
11:25:14.0921 2964 PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:14.0921 2964 PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:14.0921 2964 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:25:14.0921 2964 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:25:14.0921 2964 Teefer ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:14.0921 2964 Teefer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:14.0921 2964 wg3n ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:14.0921 2964 wg3n ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:14.0921 2964 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:14.0921 2964 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:14.0921 2964 wpsdrvnt ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:14.0921 2964 wpsdrvnt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:14.0937 2964 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:14.0937 2964 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
29.06.2012, 12:26
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs TrojanerCode:
ATTFilter DRV - [2004.02.02 11:53:28 | 000,018,518 | ---- | M] (Sygate Technologies, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys -- (wpsdrvnt)
DRV - [2004.02.02 11:51:04 | 000,055,891 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Teefer.sys -- (Teefer)
DRV - [2004.02.02 11:37:32 | 000,011,914 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
 Bitte umgehend deinstallieren und die Windows-Firewall aktivieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 14:06
| #21 |
| | Windows verschluesselungs Trojaner JA der Rechner ist alt und hab den so gelassen wie ich ihn bekommen hab ^^ Aber hab es nun Deinstalliert und die Windows Firewall aktiviert. |
|
29.06.2012, 14:38
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs Trojaner Nur weil die Hardware etwas älter ist, ist das kein Argument eine uralte kontraproduktive Software weiterzuverwenden.... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 15:06
| #23 |
| | Windows verschluesselungs Trojaner ComboFix Log: Code:
ATTFilter Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1376 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Eigene Dateien\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-29 ))))))))))))))))))))))))))))))
.
.
2012-06-28 10:32 . 2012-06-28 10:32 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2012-06-28 10:27 . 2012-06-28 10:32 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Temp
2012-06-28 10:27 . 2012-06-28 10:27 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2012-06-28 10:24 . 2012-06-28 10:24 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\SUPERAntiSpyware.com
2012-06-28 10:24 . 2012-06-28 12:43 -------- d-----w- c:\programme\Google
2012-06-28 10:22 . 2012-06-28 10:24 -------- d-----w- c:\programme\SUPERAntiSpyware
2012-06-28 10:22 . 2012-06-28 10:22 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2012-06-27 13:19 . 2012-06-27 13:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 13:19 . 2012-06-27 13:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-27 11:21 . 2012-06-27 11:21 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
2012-06-27 01:47 . 2012-06-27 01:47 -------- d-----w- c:\programme\ESET
2012-06-27 01:06 . 2012-06-27 01:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip
2012-06-27 01:06 . 2012-06-27 01:06 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AVG Secure Search
2012-06-27 01:06 . 2012-06-27 01:06 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\AVG Secure Search
2012-06-27 01:06 . 2012-06-27 01:06 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Secure Search
2012-06-27 01:06 . 2012-06-27 01:06 -------- d-----w- c:\programme\Gemeinsame Dateien\AVG Secure Search
2012-06-27 01:06 . 2012-06-27 01:06 -------- d-----w- c:\programme\AVG Secure Search
2012-06-27 01:01 . 2012-06-27 01:01 -------- d-----w- c:\programme\7-Zip
2012-06-27 00:29 . 2012-06-27 00:29 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2012-06-27 00:29 . 2012-06-27 00:29 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-06-27 00:29 . 2012-06-27 00:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-27 00:29 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 05:57 . 2012-06-27 01:09 -------- dc--a-w- C:\_OTL
2012-06-23 05:57 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2012-06-20 20:59 . 2012-06-20 20:59 -------- d--h--w- c:\windows\PIF
2012-06-13 10:34 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2012-06-13 10:34 . 2012-06-13 10:34 -------- d-----w- c:\programme\AMD
2012-06-13 06:17 . 2012-06-27 19:02 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Sony Online Entertainment
2012-06-13 06:17 . 2012-06-13 10:10 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SCE
2012-06-13 06:17 . 2012-06-13 06:17 -------- d-----w- C:\Crash
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 01:09 . 2012-06-27 01:09 148529 ----a-w- C:\_OTL.zip
2012-06-27 00:58 . 2012-06-26 23:02 78458 ----a-w- C:\Neu ZIP-komprimierter Ordner.zip
2012-02-18 13:09 . 2011-05-06 19:51 134104 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-27 01:06 2074208 ----a-w- c:\programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-27 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"amd_dc_opt"="c:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2012-06-27 1107552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
WinZip Quick Pick.lnk - c:\programme\WinZip\WZQKPICK32.EXE [2012-5-8 603536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.03.2011 16:56 691696]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 01:38 116608]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [16.01.2012 18:34 2253120]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [27.06.2012 03:06 935008]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [16.01.2012 18:32 119656]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [01.03.2011 22:53 7040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [03.03.2011 20:09 136360]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.06.2012 15:19 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.03.2011 21:41 1691480]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-15 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClick.exe [2007-12-14 12:17]
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 13:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={1333F293-D1E4-43DB-B144-97BC96C686FE}&mid=0fae7cf938f14f9695baa358852ab649-9cb98b6180e3c1e8b4293ba0f26efc64a66ca036&lang=de&ds=hk011&pr=sa&d=2012-06-27 03:06&v=11.1.0.12&sap=hp
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\m5lm4pdc.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B9323ace6-796d-416e-9b2c-3ff63ff69a64%7D&mid=0fae7cf938f14f9695baa358852ab649-9cb98b6180e3c1e8b4293ba0f26efc64a66ca036&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-06-27%2003%3A06%3A35&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9323ace6-796d-416e-9b2c-3ff63ff69a64%7D&mid=0fae7cf938f14f9695baa358852ab649-9cb98b6180e3c1e8b4293ba0f26efc64a66ca036&ds=hk011&v=11.1.0.12&lang=de&pr=sa&d=2012-06-27%2003%3A06%3A35&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-AtiExtEvent - (no file)
AddRemove-Origin - d:\origin\OriginUninstall.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-29 16:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2012-06-29 16:05:16
ComboFix-quarantined-files.txt 2012-06-29 14:05
.
Vor Suchlauf: 10 Verzeichnis(se), 20.158.140.416 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 20.106.006.528 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - BA2389254EA55B9AB597A4129D2D2D15
|
|
29.06.2012, 22:50
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 21:05
| #25 |
| | Windows verschluesselungs Trojaner GMER Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-01 21:24:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1600JD-55HBB0 rev.08.02D08
Running: zye5pwl4.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fwadraob.sys
---- System - GMER 1.0.15 ----
SSDT B879661C ZwClose
SSDT B87965D6 ZwCreateKey
SSDT B8796626 ZwCreateSection
SSDT B87965CC ZwCreateThread
SSDT B87965DB ZwDeleteKey
SSDT B87965E5 ZwDeleteValueKey
SSDT B8796617 ZwDuplicateObject
SSDT spvt.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spvt.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT B87965EA ZwLoadKey
SSDT spvt.sys ZwOpenKey [0xB7EB50C0]
SSDT B87965B8 ZwOpenProcess
SSDT B87965BD ZwOpenThread
SSDT spvt.sys ZwQueryKey [0xB7ECE20A]
SSDT spvt.sys ZwQueryValueKey [0xB7ECE08A]
SSDT B87965F4 ZwReplaceKey
SSDT B87965EF ZwRestoreKey
SSDT B879662B ZwSetContextThread
SSDT B87965E0 ZwSetValueKey
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB43A0640]
INT 0x62 ? 89E52BF8
INT 0x63 ? 89BDABF8
INT 0x63 ? 89BDABF8
INT 0x73 ? 89E52BF8
INT 0x94 ? 89BDABF8
INT 0xA4 ? 89BDABF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D58 805045F4 4 Bytes JMP F8B87965
? spvt.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F53380, 0x8D6CD5, 0xE8000020]
.text USBPORT.SYS!DllUnload B6F0B8AC 5 Bytes JMP 89BDA1D8
.text awetq1vo.SYS B6E77386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awetq1vo.SYS B6E773AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awetq1vo.SYS B6E773C4 3 Bytes [00, 80, 02]
.text awetq1vo.SYS B6E773C9 1 Byte [30]
.text awetq1vo.SYS B6E773C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spvt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spvt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spvt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spvt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spvt.sys
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\awetq1vo.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89E511F8
Device \FileSystem\Fastfat \FatCdrom 895A61F8
Device \Driver\usbohci \Device\USBPDO-0 89B061F8
Device \Driver\usbohci \Device\USBPDO-1 89B061F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE41F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DE41F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DE41F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DE41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B18B733E-2042-4CE9-ABD5-4FC757C55011} 898091F8
Device \Driver\usbohci \Device\USBPDO-2 89B061F8
Device \Driver\usbohci \Device\USBPDO-3 89B061F8
Device \Driver\usbohci \Device\USBPDO-4 89B061F8
Device \Driver\PCI_PNP5088 \Device\00000049 spvt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E531F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E531F8
Device \Driver\Cdrom \Device\CdRom0 89BEA3B0
Device \Driver\atapi \Device\Ide\IdePort0 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1b [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E08B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E531F8
Device \Driver\Cdrom \Device\CdRom1 89BEA3B0
Device \Driver\Ftdisk \Device\HarddiskVolume4 89E531F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 898091F8
Device \Driver\NetBT \Device\NetbiosSmb 898091F8
Device \Driver\usbohci \Device\USBFDO-0 89B061F8
Device \Driver\usbohci \Device\USBFDO-1 89B061F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 895A71F8
Device \Driver\usbohci \Device\USBFDO-2 89B061F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 895A71F8
Device \Driver\usbohci \Device\USBFDO-3 89B061F8
Device \Driver\Ftdisk \Device\FtControl 89E531F8
Device \Driver\sptd \Device\2130625088 spvt.sys
Device \Driver\usbohci \Device\USBFDO-4 89B061F8
Device \Driver\awetq1vo \Device\Scsi\awetq1vo1 89B1D500
Device \Driver\awetq1vo \Device\Scsi\awetq1vo1Port4Path0Target0Lun0 89B1D500
Device \FileSystem\Fastfat \Fat 895A61F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 89B9A500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xC4 0xF2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0xFC 0x46 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0xDD 0xF8 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xC4 0xF2 0x6A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB9 0xFC 0x46 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0xDD 0xF8 0x75 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:40:10 on 01.07.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\OneClick.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - ? - C:\WINDOWS\System32\DRIVERS\avkmgr.sys (File not found) "awetq1vo" (awetq1vo) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\awetq1vo.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "fwadraob" (fwadraob) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fwadraob.sys (Hidden registry entry, rootkit activity | File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Programme\WinZip\WZQKPICK32.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "amd_dc_opt" - "AMD" - C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login "nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet "vProt" - ? - "C:\Programme\AVG Secure Search\vprot.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "vToolbarUpdater11.2.0" (vToolbarUpdater11.2.0) - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\WINDOWS\system32\Aquarium.scr (File found, but it contains no detailed information) -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-01 21:48:28
-----------------------------
21:48:28.468 OS Version: Windows 5.1.2600 Service Pack 3
21:48:28.468 Number of processors: 2 586 0x4B02
21:48:28.468 ComputerName: JOHNDOO-7214670 UserName: Administrator
21:48:28.859 Initialize success
21:50:47.250 AVAST engine defs: 12070101
21:53:29.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:53:29.000 Disk 0 Vendor: WDC_WD1600JD-55HBB0 08.02D08 Size: 152627MB BusType: 3
21:53:29.000 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
21:53:29.000 Disk 1 Vendor: WDC_WD1600JD-55HBB0 08.02D08 Size: 152627MB BusType: 3
21:53:29.015 Disk 0 MBR read successfully
21:53:29.015 Disk 0 MBR scan
21:53:29.062 Disk 0 Windows XP default MBR code
21:53:29.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 32733 MB offset 63
21:53:29.078 Disk 0 Partition - 00 0F Extended LBA 119891 MB offset 67039245
21:53:29.109 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 119891 MB offset 67039308
21:53:29.125 Disk 0 scanning sectors +312576705
21:53:29.343 Disk 0 scanning C:\WINDOWS\system32\drivers
21:53:55.468 Service scanning
21:54:03.812 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:54:06.562 Modules scanning
21:54:31.171 Disk 0 trace - called modules:
21:54:31.203 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvt.sys >>UNKNOWN [0x89e04938]<<
21:54:31.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89dacab8]
21:54:31.203 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000068[0x89db4e98]
21:54:31.203 5 ACPI.sys[b7e73620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89d2c940]
21:54:31.343 AVAST engine scan C:\WINDOWS
21:54:55.390 AVAST engine scan C:\WINDOWS\system32
22:00:17.750 AVAST engine scan C:\WINDOWS\system32\drivers
22:00:52.312 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
22:02:48.343 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
22:02:48.343 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
Geändert von Can1993 (01.07.2012 um 21:25 Uhr) |
|
02.07.2012, 11:11
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 12:10
| #27 |
| | Windows verschluesselungs Trojaner Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: JOHNDOO-7214670 [Administrator] 02.07.2012 12:48:53 mbam-log-2012-07-02 (12-48-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 295076 Laufzeit: 19 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/02/2012 at 01:35 PM
Application Version : 5.1.1002
Core Rules Database Version : 8812
Trace Rules Database Version: 6624
Scan type : Complete Scan
Total Scan Time : 00:17:12
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 351
Memory threats detected : 0
Registry items scanned : 33906
Registry threats detected : 0
File items scanned : 30343
File threats detected : 5
Trojan.VXGame-Variant/D
D:\UNREALTOURNAMENT.GAMES\NETGAMESUSA.COM\NGSTATS\SPAWNBROWSER.EXE
D:\UNREALTOURNAMENT.GAMES\NETGAMESUSA.COM\NGWORLDSTATS\BIN\NGWORLDSTATS.EXE
Adware.Tracking Cookie
media.trafficfactory.biz [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7QSE6WT ]
vht.tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Z7QSE6WT ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\M5LM4PDC.DEFAULT\COOKIES.SQLITE ]
Geändert von Can1993 (02.07.2012 um 12:22 Uhr) |
|
02.07.2012, 14:15
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs TrojanerCode:
ATTFilter Trojan.VXGame-Variant/D
D:\UNREALTOURNAMENT.GAMES\NETGAMESUSA.COM\NGSTATS\SPAWNBROWSER.EXE
D:\UNREALTOURNAMENT.GAMES\NETGAMESUSA.COM\NGWORLDSTATS\BIN\NGWORLDSTATS.EXE
Code:
ATTFilter Datenbank Version: v2012.06.26.07
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 18:34
| #29 |
| | Windows verschluesselungs Trojaner Sorry ganz vergessen hier das neue Malware Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.02.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: JOHNDOO-7214670 [Administrator] 02.07.2012 19:13:12 mbam-log-2012-07-02 (19-13-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 294201 Laufzeit: 18 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
03.07.2012, 11:41
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows verschluesselungs Trojaner Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows verschluesselungs Trojaner |
| adobe, antivir, avira, bildschirm, booten, desktop, disabletaskmgr, einstellungen, error, euro, explorer, firefox, flash player, fontcache, homepage, infizierte, logfile, netzwerk, problem, realtek, registry, scan, software, trojane, trojaner, windows, windows xp |
Linear-Darstellung
