| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2012, 13:29
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2012, 14:54
| #17 |
 | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Code:
ATTFilter 15:50:26.0281 0424 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:50:26.0593 0424 ============================================================
15:50:26.0593 0424 Current date / time: 2012/07/25 15:50:26.0593
15:50:26.0593 0424 SystemInfo:
15:50:26.0593 0424
15:50:26.0593 0424 OS Version: 5.1.2600 ServicePack: 3.0
15:50:26.0593 0424 Product type: Workstation
15:50:26.0593 0424 ComputerName: LABECKA
15:50:26.0593 0424 UserName: rebecca
15:50:26.0593 0424 Windows directory: C:\WINDOWS
15:50:26.0593 0424 System windows directory: C:\WINDOWS
15:50:26.0593 0424 Processor architecture: Intel x86
15:50:26.0593 0424 Number of processors: 2
15:50:26.0593 0424 Page size: 0x1000
15:50:26.0593 0424 Boot type: Normal boot
15:50:26.0593 0424 ============================================================
15:50:28.0031 0424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
15:50:28.0031 0424 ============================================================
15:50:28.0031 0424 \Device\Harddisk0\DR0:
15:50:28.0031 0424 MBR partitions:
15:50:28.0031 0424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC350151
15:50:28.0046 0424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC3501CF, BlocksNum 0x2E0346C1
15:50:28.0046 0424 ============================================================
15:50:28.0093 0424 D: <-> \Device\Harddisk0\DR0\Partition1
15:50:28.0140 0424 C: <-> \Device\Harddisk0\DR0\Partition0
15:50:28.0140 0424 ============================================================
15:50:28.0140 0424 Initialize success
15:50:28.0140 0424 ============================================================
15:51:20.0546 2520 ============================================================
15:51:20.0546 2520 Scan started
15:51:20.0546 2520 Mode: Manual; SigCheck; TDLFS;
15:51:20.0546 2520 ============================================================
15:51:20.0937 2520 Abiosdsk - ok
15:51:20.0937 2520 abp480n5 - ok
15:51:20.0984 2520 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:51:22.0156 2520 ACPI - ok
15:51:22.0187 2520 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:51:22.0328 2520 ACPIEC - ok
15:51:22.0359 2520 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:51:22.0406 2520 ADIHdAudAddService - ok
15:51:22.0484 2520 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:22.0500 2520 AdobeFlashPlayerUpdateSvc - ok
15:51:22.0515 2520 adpu160m - ok
15:51:22.0531 2520 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
15:51:22.0562 2520 AEAudioService - ok
15:51:22.0578 2520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:51:22.0703 2520 aec - ok
15:51:22.0750 2520 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:51:22.0796 2520 AFD - ok
15:51:22.0812 2520 Aha154x - ok
15:51:22.0812 2520 aic78u2 - ok
15:51:22.0812 2520 aic78xx - ok
15:51:22.0843 2520 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
15:51:22.0968 2520 Alerter - ok
15:51:22.0984 2520 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
15:51:23.0109 2520 ALG - ok
15:51:23.0109 2520 AliIde - ok
15:51:23.0125 2520 amsint - ok
15:51:23.0203 2520 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
15:51:23.0218 2520 AntiVirSchedulerService - ok
15:51:23.0234 2520 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
15:51:23.0250 2520 AntiVirService - ok
15:51:23.0296 2520 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:51:23.0312 2520 Apple Mobile Device - ok
15:51:23.0343 2520 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
15:51:23.0468 2520 AppMgmt - ok
15:51:23.0500 2520 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:51:23.0625 2520 Arp1394 - ok
15:51:23.0625 2520 asc - ok
15:51:23.0625 2520 asc3350p - ok
15:51:23.0640 2520 asc3550 - ok
15:51:23.0703 2520 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:51:23.0765 2520 aspnet_state - ok
15:51:23.0781 2520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:51:23.0906 2520 AsyncMac - ok
15:51:23.0953 2520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:51:24.0062 2520 atapi - ok
15:51:24.0078 2520 Atdisk - ok
15:51:24.0125 2520 Ati HotKey Poller (b921d1790a8ef84b2dbdeeef4909fba1) C:\WINDOWS\system32\Ati2evxx.exe
15:51:24.0218 2520 Ati HotKey Poller - ok
15:51:24.0421 2520 ati2mtag (5a13723fb8bfdd2090defb2d0cb98a27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:51:24.0546 2520 ati2mtag - ok
15:51:24.0656 2520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:51:24.0765 2520 Atmarpc - ok
15:51:24.0796 2520 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
15:51:24.0921 2520 AudioSrv - ok
15:51:24.0953 2520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:51:25.0046 2520 audstub - ok
15:51:25.0093 2520 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:51:25.0156 2520 avgntflt - ok
15:51:25.0171 2520 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:51:25.0187 2520 avipbb - ok
15:51:25.0203 2520 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:51:25.0218 2520 avkmgr - ok
15:51:25.0265 2520 b57w2k (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:51:25.0328 2520 b57w2k - ok
15:51:25.0375 2520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:51:25.0468 2520 Beep - ok
15:51:25.0531 2520 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
15:51:25.0671 2520 BITS - ok
15:51:25.0750 2520 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
15:51:25.0765 2520 Bonjour Service - ok
15:51:25.0828 2520 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
15:51:25.0953 2520 Browser - ok
15:51:25.0968 2520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:51:26.0093 2520 cbidf2k - ok
15:51:26.0109 2520 cd20xrnt - ok
15:51:26.0140 2520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:51:26.0265 2520 Cdaudio - ok
15:51:26.0296 2520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:51:26.0406 2520 Cdfs - ok
15:51:26.0406 2520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:51:26.0515 2520 Cdrom - ok
15:51:26.0562 2520 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
15:51:26.0562 2520 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
15:51:26.0562 2520 cercsr6 - detected UnsignedFile.Multi.Generic (1)
15:51:26.0578 2520 Changer - ok
15:51:26.0609 2520 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
15:51:26.0718 2520 CiSvc - ok
15:51:26.0718 2520 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
15:51:26.0828 2520 ClipSrv - ok
15:51:26.0906 2520 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:26.0968 2520 clr_optimization_v2.0.50727_32 - ok
15:51:27.0000 2520 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:51:27.0109 2520 CmBatt - ok
15:51:27.0109 2520 CmdIde - ok
15:51:27.0125 2520 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:51:27.0250 2520 Compbatt - ok
15:51:27.0250 2520 COMSysApp - ok
15:51:27.0250 2520 Cpqarray - ok
15:51:27.0296 2520 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
15:51:27.0406 2520 CryptSvc - ok
15:51:27.0406 2520 dac2w2k - ok
15:51:27.0421 2520 dac960nt - ok
15:51:27.0468 2520 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:51:27.0515 2520 DcomLaunch - ok
15:51:27.0562 2520 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
15:51:27.0671 2520 Dhcp - ok
15:51:27.0687 2520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:51:27.0812 2520 Disk - ok
15:51:27.0812 2520 dmadmin - ok
15:51:27.0875 2520 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
15:51:28.0015 2520 dmboot - ok
15:51:28.0046 2520 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
15:51:28.0156 2520 dmio - ok
15:51:28.0187 2520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:51:28.0312 2520 dmload - ok
15:51:28.0343 2520 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
15:51:28.0453 2520 dmserver - ok
15:51:28.0500 2520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:51:28.0609 2520 DMusic - ok
15:51:28.0640 2520 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
15:51:28.0734 2520 Dnscache - ok
15:51:28.0765 2520 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
15:51:28.0890 2520 Dot3svc - ok
15:51:28.0921 2520 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
15:51:28.0937 2520 DozeHDD - ok
15:51:29.0015 2520 DozeSvc (21b364856ddbc03d1afcf348528e5b49) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
15:51:29.0031 2520 DozeSvc - ok
15:51:29.0031 2520 dpti2o - ok
15:51:29.0062 2520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:51:29.0187 2520 drmkaud - ok
15:51:29.0218 2520 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
15:51:29.0328 2520 EapHost - ok
15:51:29.0359 2520 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
15:51:29.0468 2520 ERSvc - ok
15:51:29.0515 2520 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:51:29.0546 2520 Eventlog - ok
15:51:29.0562 2520 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
15:51:29.0609 2520 EventSystem - ok
15:51:29.0687 2520 EvtEng (9d6a019dea917f305af23209fedd5f16) C:\Programme\Intel\WiFi\bin\EvtEng.exe
15:51:29.0750 2520 EvtEng - ok
15:51:29.0796 2520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:51:29.0906 2520 Fastfat - ok
15:51:29.0953 2520 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:51:30.0015 2520 FastUserSwitchingCompatibility - ok
15:51:30.0031 2520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:51:30.0125 2520 Fdc - ok
15:51:30.0156 2520 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
15:51:30.0265 2520 Fips - ok
15:51:30.0265 2520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:51:30.0375 2520 Flpydisk - ok
15:51:30.0406 2520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:51:30.0500 2520 FltMgr - ok
15:51:30.0625 2520 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:51:30.0640 2520 FontCache3.0.0.0 - ok
15:51:30.0687 2520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:51:30.0796 2520 Fs_Rec - ok
15:51:30.0812 2520 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:51:30.0937 2520 Ftdisk - ok
15:51:30.0968 2520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:51:30.0984 2520 GEARAspiWDM - ok
15:51:31.0000 2520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:51:31.0125 2520 Gpc - ok
15:51:31.0265 2520 Guard.Mail.ru (e859ca020ed61899f3c74a8d0032d05c) C:\Programme\Guard-ICQ\GuardICQ.exe
15:51:31.0359 2520 Guard.Mail.ru - ok
15:51:31.0453 2520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:51:31.0562 2520 HDAudBus - ok
15:51:31.0609 2520 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:51:31.0718 2520 helpsvc - ok
15:51:31.0734 2520 HidServ - ok
15:51:31.0765 2520 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
15:51:31.0875 2520 hkmsvc - ok
15:51:31.0875 2520 hpn - ok
15:51:31.0921 2520 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:51:31.0953 2520 HSFHWAZL - ok
15:51:32.0078 2520 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:51:32.0171 2520 HSF_DPV - ok
15:51:32.0218 2520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:51:32.0250 2520 HTTP - ok
15:51:32.0281 2520 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
15:51:32.0406 2520 HTTPFilter - ok
15:51:32.0406 2520 i2omgmt - ok
15:51:32.0406 2520 i2omp - ok
15:51:32.0453 2520 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:51:32.0562 2520 i8042prt - ok
15:51:32.0593 2520 IBMPMDRV (293131c1da5f53cb05f75d637739d79c) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
15:51:32.0625 2520 IBMPMDRV - ok
15:51:32.0640 2520 IBMPMSVC (91fa023c5203503776bccc9cf96a0c59) C:\WINDOWS\system32\ibmpmsvc.exe
15:51:32.0671 2520 IBMPMSVC - ok
15:51:32.0703 2520 ICQ Service - ok
15:51:32.0890 2520 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:51:32.0953 2520 idsvc - ok
15:51:32.0984 2520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:51:33.0093 2520 Imapi - ok
15:51:33.0156 2520 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
15:51:33.0265 2520 ImapiService - ok
15:51:33.0265 2520 ini910u - ok
15:51:33.0281 2520 IntelIde - ok
15:51:33.0312 2520 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:51:33.0421 2520 intelppm - ok
15:51:33.0453 2520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:51:33.0578 2520 Ip6Fw - ok
15:51:33.0593 2520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:51:33.0718 2520 IpFilterDriver - ok
15:51:33.0734 2520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:51:33.0843 2520 IpInIp - ok
15:51:33.0875 2520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:51:33.0984 2520 IpNat - ok
15:51:34.0109 2520 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Programme\iPod\bin\iPodService.exe
15:51:34.0187 2520 iPod Service - ok
15:51:34.0218 2520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:51:34.0328 2520 IPSec - ok
15:51:34.0359 2520 IPSSVC (00d8e9daebe72a5df3986fd418a995eb) C:\WINDOWS\system32\IPSSVC.EXE
15:51:34.0375 2520 IPSSVC - ok
15:51:34.0406 2520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:51:34.0515 2520 IRENUM - ok
15:51:34.0546 2520 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:51:34.0656 2520 isapnp - ok
15:51:34.0734 2520 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
15:51:34.0750 2520 JavaQuickStarterService - ok
15:51:34.0765 2520 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:51:34.0890 2520 Kbdclass - ok
15:51:35.0062 2520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:51:35.0218 2520 kmixer - ok
15:51:35.0250 2520 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:51:35.0281 2520 KSecDD - ok
15:51:35.0328 2520 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
15:51:35.0390 2520 lanmanserver - ok
15:51:35.0437 2520 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
15:51:35.0468 2520 lanmanworkstation - ok
15:51:35.0468 2520 lbrtfdc - ok
15:51:35.0531 2520 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
15:51:35.0546 2520 LENOVO.MICMUTE - ok
15:51:35.0562 2520 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
15:51:35.0578 2520 lenovo.smi - ok
15:51:35.0609 2520 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
15:51:35.0734 2520 LmHosts - ok
15:51:35.0796 2520 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
15:51:35.0812 2520 McComponentHostService - ok
15:51:35.0843 2520 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:51:35.0875 2520 mdmxsdk - ok
15:51:35.0906 2520 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
15:51:36.0015 2520 Messenger - ok
15:51:36.0093 2520 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
15:51:36.0109 2520 Microsoft Office Groove Audit Service - ok
15:51:36.0140 2520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:51:36.0250 2520 mnmdd - ok
15:51:36.0281 2520 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
15:51:36.0390 2520 mnmsrvc - ok
15:51:36.0421 2520 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
15:51:36.0531 2520 Modem - ok
15:51:36.0546 2520 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:51:36.0656 2520 Mouclass - ok
15:51:36.0671 2520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:51:36.0781 2520 MountMgr - ok
15:51:36.0890 2520 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
15:51:36.0906 2520 MozillaMaintenance - ok
15:51:36.0906 2520 mraid35x - ok
15:51:36.0968 2520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:51:37.0078 2520 MRxDAV - ok
15:51:37.0140 2520 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:51:37.0218 2520 MRxSmb - ok
15:51:37.0234 2520 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
15:51:37.0343 2520 MSDTC - ok
15:51:37.0359 2520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:51:37.0468 2520 Msfs - ok
15:51:37.0468 2520 MSIServer - ok
15:51:37.0515 2520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:51:37.0625 2520 MSKSSRV - ok
15:51:37.0640 2520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:51:37.0750 2520 MSPCLOCK - ok
15:51:37.0765 2520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:51:37.0875 2520 MSPQM - ok
15:51:37.0921 2520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:51:38.0015 2520 mssmbios - ok
15:51:38.0062 2520 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:51:38.0093 2520 Mup - ok
15:51:38.0140 2520 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
15:51:38.0265 2520 napagent - ok
15:51:38.0312 2520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:51:38.0421 2520 NDIS - ok
15:51:38.0453 2520 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:51:38.0484 2520 NdisTapi - ok
15:51:38.0484 2520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:51:38.0609 2520 Ndisuio - ok
15:51:38.0640 2520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:51:38.0750 2520 NdisWan - ok
15:51:38.0781 2520 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:51:38.0812 2520 NDProxy - ok
15:51:38.0843 2520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:51:38.0953 2520 NetBIOS - ok
15:51:38.0968 2520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:51:39.0078 2520 NetBT - ok
15:51:39.0109 2520 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:51:39.0234 2520 NetDDE - ok
15:51:39.0234 2520 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
15:51:39.0343 2520 NetDDEdsdm - ok
15:51:39.0375 2520 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:51:39.0468 2520 Netlogon - ok
15:51:39.0515 2520 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
15:51:39.0625 2520 Netman - ok
15:51:39.0750 2520 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:39.0765 2520 NetTcpPortSharing - ok
15:51:40.0140 2520 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
15:51:40.0484 2520 NETwLx32 - ok
15:51:40.0593 2520 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:51:40.0703 2520 NIC1394 - ok
15:51:41.0156 2520 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
15:51:41.0218 2520 Nla - ok
15:51:41.0234 2520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:51:41.0328 2520 Npfs - ok
15:51:41.0906 2520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:51:42.0046 2520 Ntfs - ok
15:51:42.0093 2520 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:51:42.0187 2520 NtLmSsp - ok
15:51:42.0250 2520 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
15:51:42.0390 2520 NtmsSvc - ok
15:51:42.0421 2520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:51:42.0546 2520 Null - ok
15:51:42.0593 2520 NWCWorkstation (c34a6a72dec2c317d67355dc18f87090) C:\WINDOWS\System32\nwwks.dll
15:51:42.0703 2520 NWCWorkstation - ok
15:51:42.0765 2520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:51:42.0890 2520 NwlnkFlt - ok
15:51:42.0906 2520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:51:43.0031 2520 NwlnkFwd - ok
15:51:43.0062 2520 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
15:51:43.0187 2520 NwlnkIpx - ok
15:51:43.0203 2520 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
15:51:43.0312 2520 NwlnkNb - ok
15:51:43.0328 2520 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
15:51:43.0437 2520 NwlnkSpx - ok
15:51:43.0468 2520 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
15:51:43.0593 2520 NWRDR - ok
15:51:43.0703 2520 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
15:51:43.0750 2520 odserv - ok
15:51:43.0828 2520 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:51:43.0937 2520 ohci1394 - ok
15:51:43.0968 2520 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
15:51:44.0000 2520 ose - ok
15:51:44.0015 2520 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
15:51:44.0125 2520 Parport - ok
15:51:44.0171 2520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:51:44.0281 2520 PartMgr - ok
15:51:44.0312 2520 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
15:51:44.0421 2520 ParVdm - ok
15:51:44.0437 2520 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
15:51:44.0546 2520 PCI - ok
15:51:44.0562 2520 PCIDump - ok
15:51:44.0578 2520 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:51:44.0703 2520 PCIIde - ok
15:51:44.0718 2520 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:51:44.0828 2520 Pcmcia - ok
15:51:44.0828 2520 PDCOMP - ok
15:51:44.0828 2520 PDFRAME - ok
15:51:44.0843 2520 PDRELI - ok
15:51:44.0843 2520 PDRFRAME - ok
15:51:44.0843 2520 perc2 - ok
15:51:44.0843 2520 perc2hib - ok
15:51:44.0890 2520 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
15:51:44.0921 2520 PlugPlay - ok
15:51:44.0937 2520 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:51:45.0046 2520 PolicyAgent - ok
15:51:45.0109 2520 Power Manager DBC Service (dd1e98d635f5e12064f3b2792b53d4ab) C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
15:51:45.0109 2520 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
15:51:45.0109 2520 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
15:51:45.0140 2520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:51:45.0265 2520 PptpMiniport - ok
15:51:45.0296 2520 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
15:51:45.0312 2520 PROCDD - ok
15:51:45.0312 2520 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:51:45.0421 2520 ProtectedStorage - ok
15:51:45.0421 2520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:51:45.0531 2520 PSched - ok
15:51:45.0546 2520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:51:45.0671 2520 Ptilink - ok
15:51:45.0718 2520 PwmEWSvc (3409ce13565b76790cfe13f00ad8c67d) C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
15:51:45.0734 2520 PwmEWSvc - ok
15:51:45.0734 2520 ql1080 - ok
15:51:45.0734 2520 Ql10wnt - ok
15:51:45.0750 2520 ql12160 - ok
15:51:45.0750 2520 ql1240 - ok
15:51:45.0750 2520 ql1280 - ok
15:51:45.0765 2520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:51:45.0890 2520 RasAcd - ok
15:51:45.0921 2520 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
15:51:46.0031 2520 RasAuto - ok
15:51:46.0062 2520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:51:46.0187 2520 Rasl2tp - ok
15:51:46.0218 2520 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
15:51:46.0343 2520 RasMan - ok
15:51:46.0343 2520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:51:46.0468 2520 RasPppoe - ok
15:51:46.0500 2520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:51:46.0625 2520 Raspti - ok
15:51:46.0656 2520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:51:46.0765 2520 Rdbss - ok
15:51:46.0781 2520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:51:46.0890 2520 RDPCDD - ok
15:51:46.0921 2520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:51:47.0015 2520 rdpdr - ok
15:51:47.0062 2520 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:51:47.0125 2520 RDPWD - ok
15:51:47.0171 2520 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
15:51:47.0281 2520 RDSessMgr - ok
15:51:47.0312 2520 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:51:47.0421 2520 redbook - ok
15:51:47.0500 2520 RegSrvc (6987dc1dd7a7159752dfb1f6aabae062) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
15:51:47.0531 2520 RegSrvc - ok
15:51:47.0578 2520 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
15:51:47.0703 2520 RemoteAccess - ok
15:51:47.0718 2520 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
15:51:47.0843 2520 RemoteRegistry - ok
15:51:47.0875 2520 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
15:51:48.0000 2520 RpcLocator - ok
15:51:48.0062 2520 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
15:51:48.0109 2520 RpcSs - ok
15:51:48.0140 2520 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
15:51:48.0250 2520 RSVP - ok
15:51:48.0359 2520 S24EventMonitor (662973c942738d4b2fe8147e63de66b3) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
15:51:48.0453 2520 S24EventMonitor - ok
15:51:48.0531 2520 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:51:48.0578 2520 s24trans - ok
15:51:48.0609 2520 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
15:51:48.0718 2520 SamSs - ok
15:51:48.0781 2520 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
15:51:48.0890 2520 SCardSvr - ok
15:51:48.0921 2520 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
15:51:49.0046 2520 Schedule - ok
15:51:49.0062 2520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:51:49.0171 2520 Secdrv - ok
15:51:49.0203 2520 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
15:51:49.0312 2520 seclogon - ok
15:51:49.0343 2520 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
15:51:49.0453 2520 SENS - ok
15:51:49.0468 2520 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
15:51:49.0578 2520 Serial - ok
15:51:49.0609 2520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:51:49.0703 2520 Sfloppy - ok
15:51:49.0765 2520 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
15:51:49.0890 2520 SharedAccess - ok
15:51:49.0921 2520 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:51:49.0953 2520 ShellHWDetection - ok
15:51:50.0000 2520 Shockprf (df6a84dd19d3c0858d707b5e64938d60) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
15:51:50.0015 2520 Shockprf - ok
15:51:50.0015 2520 Simbad - ok
15:51:50.0109 2520 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe
15:51:50.0125 2520 Sony PC Companion - ok
15:51:50.0140 2520 Sparrow - ok
15:51:50.0171 2520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:51:50.0281 2520 splitter - ok
15:51:50.0328 2520 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:51:50.0359 2520 Spooler - ok
15:51:50.0390 2520 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
15:51:50.0500 2520 sr - ok
15:51:50.0515 2520 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
15:51:50.0625 2520 srservice - ok
15:51:50.0687 2520 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:51:50.0750 2520 Srv - ok
15:51:50.0781 2520 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
15:51:50.0890 2520 SSDPSRV - ok
15:51:50.0937 2520 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
15:51:50.0953 2520 ssmdrv - ok
15:51:51.0000 2520 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
15:51:51.0140 2520 stisvc - ok
15:51:51.0187 2520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:51:51.0296 2520 swenum - ok
15:51:51.0343 2520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:51:51.0437 2520 swmidi - ok
15:51:51.0437 2520 SwPrv - ok
15:51:51.0453 2520 symc810 - ok
15:51:51.0453 2520 symc8xx - ok
15:51:51.0453 2520 sym_hi - ok
15:51:51.0453 2520 sym_u3 - ok
15:51:51.0562 2520 SynTP (d73b0d08effcf0349680f32282b4d6f0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:51:51.0625 2520 SynTP - ok
15:51:51.0671 2520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:51:51.0781 2520 sysaudio - ok
15:51:51.0859 2520 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
15:51:51.0984 2520 SysmonLog - ok
15:51:52.0031 2520 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
15:51:52.0156 2520 TapiSrv - ok
15:51:52.0218 2520 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:51:52.0296 2520 Tcpip - ok
15:51:52.0328 2520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:51:52.0453 2520 TDPIPE - ok
15:51:52.0468 2520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:51:52.0593 2520 TDTCP - ok
15:51:52.0625 2520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:51:52.0734 2520 TermDD - ok
15:51:52.0796 2520 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
15:51:52.0906 2520 TermService - ok
15:51:52.0953 2520 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
15:51:52.0968 2520 Themes - ok
15:51:53.0000 2520 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
15:51:53.0125 2520 TlntSvr - ok
15:51:53.0125 2520 TosIde - ok
15:51:53.0156 2520 TPDIGIMN (50b570e4209f6d401893720fc8ddce46) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
15:51:53.0171 2520 TPDIGIMN - ok
15:51:53.0218 2520 TPHDEXLGSVC (1f98a2433555dd854cb4e2edc819deb4) C:\WINDOWS\system32\TPHDEXLG.exe
15:51:53.0234 2520 TPHDEXLGSVC - ok
15:51:53.0265 2520 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
15:51:53.0296 2520 TPHKDRV - ok
15:51:53.0375 2520 TPHKLOAD (88d609bfdeb7e013e9e491434190ba43) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
15:51:53.0390 2520 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
15:51:53.0390 2520 TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
15:51:53.0390 2520 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
15:51:53.0406 2520 TPHKSVC - ok
15:51:53.0437 2520 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
15:51:53.0453 2520 TPPWRIF - ok
15:51:53.0484 2520 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
15:51:53.0593 2520 TrkWks - ok
15:51:53.0625 2520 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
15:51:53.0640 2520 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
15:51:53.0640 2520 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
15:51:53.0687 2520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:51:53.0796 2520 Udfs - ok
15:51:53.0812 2520 ultra - ok
15:51:53.0859 2520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:51:54.0000 2520 Update - ok
15:51:54.0031 2520 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
15:51:54.0156 2520 upnphost - ok
15:51:54.0187 2520 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
15:51:54.0296 2520 UPS - ok
15:51:54.0328 2520 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:51:54.0375 2520 USBAAPL - ok
15:51:54.0406 2520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:51:54.0531 2520 usbehci - ok
15:51:54.0578 2520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:51:54.0687 2520 usbhub - ok
15:51:54.0718 2520 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:51:54.0828 2520 usbscan - ok
15:51:54.0859 2520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:51:54.0984 2520 USBSTOR - ok
15:51:55.0031 2520 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:51:55.0156 2520 usbuhci - ok
15:51:55.0187 2520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:51:55.0296 2520 VgaSave - ok
15:51:55.0296 2520 ViaIde - ok
15:51:55.0343 2520 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
15:51:55.0453 2520 VolSnap - ok
15:51:55.0500 2520 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
15:51:55.0640 2520 VSS - ok
15:51:55.0671 2520 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
15:51:55.0796 2520 W32Time - ok
15:51:55.0812 2520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:51:55.0921 2520 Wanarp - ok
15:51:55.0984 2520 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
15:51:56.0000 2520 Wdf01000 - ok
15:51:56.0015 2520 WDICA - ok
15:51:56.0062 2520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:51:56.0171 2520 wdmaud - ok
15:51:56.0218 2520 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
15:51:56.0328 2520 WebClient - ok
15:51:56.0406 2520 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:51:56.0515 2520 winachsf - ok
15:51:56.0593 2520 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:51:56.0703 2520 winmgmt - ok
15:51:56.0734 2520 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:51:56.0765 2520 WmdmPmSN - ok
15:51:56.0828 2520 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
15:51:56.0906 2520 Wmi - ok
15:51:56.0953 2520 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:51:57.0062 2520 WmiApSrv - ok
15:51:57.0093 2520 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
15:51:57.0234 2520 wuauserv - ok
15:51:57.0312 2520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:51:57.0343 2520 WudfPf - ok
15:51:57.0375 2520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:51:57.0390 2520 WudfRd - ok
15:51:57.0421 2520 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:51:57.0453 2520 WudfSvc - ok
15:51:57.0515 2520 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
15:51:57.0640 2520 WZCSVC - ok
15:51:57.0671 2520 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
15:51:57.0781 2520 xmlprov - ok
15:51:57.0812 2520 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
15:51:57.0859 2520 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
15:51:57.0859 2520 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
15:51:58.0031 2520 Boot (0x1200) (03fdd5cb582ecdc970256582356ab8cd) \Device\Harddisk0\DR0\Partition0
15:51:58.0031 2520 \Device\Harddisk0\DR0\Partition0 - ok
15:51:58.0046 2520 Boot (0x1200) (6269672d4205f1b533b1ba8c349bf5b2) \Device\Harddisk0\DR0\Partition1
15:51:58.0046 2520 \Device\Harddisk0\DR0\Partition1 - ok
15:51:58.0046 2520 ============================================================
15:51:58.0046 2520 Scan finished
15:51:58.0046 2520 ============================================================
15:51:58.0171 3180 Detected object count: 5
15:51:58.0171 3180 Actual detected object count: 5
15:52:21.0921 3180 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:21.0921 3180 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:21.0921 3180 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:21.0921 3180 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:21.0937 3180 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:21.0937 3180 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:21.0937 3180 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:21.0937 3180 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:21.0937 3180 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
15:52:21.0937 3180 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
|
|
26.07.2012, 09:18
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Code:
ATTFilter \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ |
|
29.07.2012, 09:08
| #19 |
| | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Code:
ATTFilter 10:07:22.0109 4420 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:07:22.0281 4420 ============================================================
10:07:22.0281 4420 Current date / time: 2012/07/29 10:07:22.0281
10:07:22.0281 4420 SystemInfo:
10:07:22.0281 4420
10:07:22.0281 4420 OS Version: 5.1.2600 ServicePack: 3.0
10:07:22.0281 4420 Product type: Workstation
10:07:22.0281 4420 ComputerName: LABECKA
10:07:22.0281 4420 UserName: rebecca
10:07:22.0281 4420 Windows directory: C:\WINDOWS
10:07:22.0281 4420 System windows directory: C:\WINDOWS
10:07:22.0281 4420 Processor architecture: Intel x86
10:07:22.0281 4420 Number of processors: 2
10:07:22.0281 4420 Page size: 0x1000
10:07:22.0281 4420 Boot type: Normal boot
10:07:22.0281 4420 ============================================================
10:07:23.0843 4420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
10:07:23.0843 4420 ============================================================
10:07:23.0843 4420 \Device\Harddisk0\DR0:
10:07:23.0843 4420 MBR partitions:
10:07:23.0843 4420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC350151
10:07:23.0859 4420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC3501CF, BlocksNum 0x2E0346C1
10:07:23.0859 4420 ============================================================
10:07:23.0937 4420 D: <-> \Device\Harddisk0\DR0\Partition1
10:07:23.0953 4420 C: <-> \Device\Harddisk0\DR0\Partition0
10:07:23.0953 4420 ============================================================
10:07:23.0953 4420 Initialize success
10:07:23.0953 4420 ============================================================
10:07:25.0531 4532 ============================================================
10:07:25.0531 4532 Scan started
10:07:25.0531 4532 Mode: Manual;
10:07:25.0531 4532 ============================================================
10:07:26.0734 4532 Abiosdsk - ok
10:07:26.0734 4532 abp480n5 - ok
10:07:26.0781 4532 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:07:26.0796 4532 ACPI - ok
10:07:26.0828 4532 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:07:26.0828 4532 ACPIEC - ok
10:07:26.0859 4532 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:07:26.0859 4532 ADIHdAudAddService - ok
10:07:26.0984 4532 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:07:27.0015 4532 AdobeFlashPlayerUpdateSvc - ok
10:07:27.0015 4532 adpu160m - ok
10:07:27.0062 4532 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
10:07:27.0062 4532 AEAudioService - ok
10:07:27.0093 4532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:07:27.0125 4532 aec - ok
10:07:27.0250 4532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:07:27.0312 4532 AFD - ok
10:07:27.0312 4532 Aha154x - ok
10:07:27.0328 4532 aic78u2 - ok
10:07:27.0328 4532 aic78xx - ok
10:07:27.0375 4532 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
10:07:27.0375 4532 Alerter - ok
10:07:27.0437 4532 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
10:07:27.0437 4532 ALG - ok
10:07:27.0453 4532 AliIde - ok
10:07:27.0453 4532 amsint - ok
10:07:27.0750 4532 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
10:07:27.0765 4532 AntiVirSchedulerService - ok
10:07:27.0937 4532 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
10:07:27.0937 4532 AntiVirService - ok
10:07:28.0171 4532 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:07:28.0171 4532 Apple Mobile Device - ok
10:07:28.0718 4532 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
10:07:28.0750 4532 AppMgmt - ok
10:07:28.0796 4532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:07:28.0796 4532 Arp1394 - ok
10:07:28.0796 4532 asc - ok
10:07:28.0812 4532 asc3350p - ok
10:07:28.0812 4532 asc3550 - ok
10:07:28.0890 4532 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:07:28.0953 4532 aspnet_state - ok
10:07:28.0968 4532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:07:28.0984 4532 AsyncMac - ok
10:07:29.0000 4532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:07:29.0000 4532 atapi - ok
10:07:29.0015 4532 Atdisk - ok
10:07:29.0078 4532 Ati HotKey Poller (b921d1790a8ef84b2dbdeeef4909fba1) C:\WINDOWS\system32\Ati2evxx.exe
10:07:29.0093 4532 Ati HotKey Poller - ok
10:07:29.0296 4532 ati2mtag (5a13723fb8bfdd2090defb2d0cb98a27) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:07:29.0328 4532 ati2mtag - ok
10:07:29.0437 4532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:07:29.0437 4532 Atmarpc - ok
10:07:29.0468 4532 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
10:07:29.0484 4532 AudioSrv - ok
10:07:29.0515 4532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:07:29.0515 4532 audstub - ok
10:07:29.0562 4532 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:07:29.0562 4532 avgntflt - ok
10:07:29.0578 4532 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:07:29.0593 4532 avipbb - ok
10:07:29.0609 4532 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:07:29.0609 4532 avkmgr - ok
10:07:29.0656 4532 b57w2k (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:07:29.0656 4532 b57w2k - ok
10:07:29.0703 4532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:07:29.0703 4532 Beep - ok
10:07:29.0750 4532 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
10:07:29.0796 4532 BITS - ok
10:07:29.0875 4532 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
10:07:29.0890 4532 Bonjour Service - ok
10:07:29.0921 4532 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
10:07:29.0937 4532 Browser - ok
10:07:29.0968 4532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:07:29.0984 4532 cbidf2k - ok
10:07:29.0984 4532 cd20xrnt - ok
10:07:30.0000 4532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:07:30.0015 4532 Cdaudio - ok
10:07:30.0046 4532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:07:30.0062 4532 Cdfs - ok
10:07:30.0078 4532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:07:30.0093 4532 Cdrom - ok
10:07:30.0125 4532 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
10:07:30.0125 4532 cercsr6 - ok
10:07:30.0125 4532 Changer - ok
10:07:30.0156 4532 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
10:07:30.0171 4532 CiSvc - ok
10:07:30.0171 4532 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
10:07:30.0187 4532 ClipSrv - ok
10:07:30.0250 4532 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:07:30.0312 4532 clr_optimization_v2.0.50727_32 - ok
10:07:30.0359 4532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:07:30.0359 4532 CmBatt - ok
10:07:30.0359 4532 CmdIde - ok
10:07:30.0375 4532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:07:30.0375 4532 Compbatt - ok
10:07:30.0375 4532 COMSysApp - ok
10:07:30.0390 4532 Cpqarray - ok
10:07:30.0421 4532 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
10:07:30.0437 4532 CryptSvc - ok
10:07:30.0437 4532 dac2w2k - ok
10:07:30.0453 4532 dac960nt - ok
10:07:30.0500 4532 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:07:30.0500 4532 DcomLaunch - ok
10:07:30.0515 4532 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
10:07:30.0531 4532 Dhcp - ok
10:07:30.0546 4532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:07:30.0546 4532 Disk - ok
10:07:30.0546 4532 dmadmin - ok
10:07:30.0609 4532 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:07:30.0656 4532 dmboot - ok
10:07:30.0671 4532 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:07:30.0687 4532 dmio - ok
10:07:30.0718 4532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:07:30.0718 4532 dmload - ok
10:07:30.0750 4532 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
10:07:30.0750 4532 dmserver - ok
10:07:30.0796 4532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:07:30.0796 4532 DMusic - ok
10:07:30.0828 4532 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
10:07:30.0843 4532 Dnscache - ok
10:07:30.0875 4532 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
10:07:30.0890 4532 Dot3svc - ok
10:07:30.0906 4532 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
10:07:30.0921 4532 DozeHDD - ok
10:07:31.0000 4532 DozeSvc (21b364856ddbc03d1afcf348528e5b49) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
10:07:31.0015 4532 DozeSvc - ok
10:07:31.0015 4532 dpti2o - ok
10:07:31.0046 4532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:07:31.0062 4532 drmkaud - ok
10:07:31.0093 4532 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
10:07:31.0093 4532 EapHost - ok
10:07:31.0125 4532 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
10:07:31.0125 4532 ERSvc - ok
10:07:31.0171 4532 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:07:31.0187 4532 Eventlog - ok
10:07:31.0203 4532 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
10:07:31.0234 4532 EventSystem - ok
10:07:31.0328 4532 EvtEng (9d6a019dea917f305af23209fedd5f16) C:\Programme\Intel\WiFi\bin\EvtEng.exe
10:07:31.0390 4532 EvtEng - ok
10:07:31.0437 4532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:07:31.0437 4532 Fastfat - ok
10:07:31.0484 4532 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:07:31.0500 4532 FastUserSwitchingCompatibility - ok
10:07:31.0515 4532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:07:31.0515 4532 Fdc - ok
10:07:31.0531 4532 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:07:31.0531 4532 Fips - ok
10:07:31.0546 4532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:07:31.0546 4532 Flpydisk - ok
10:07:31.0562 4532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:07:31.0578 4532 FltMgr - ok
10:07:31.0687 4532 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:07:31.0703 4532 FontCache3.0.0.0 - ok
10:07:31.0734 4532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:07:31.0734 4532 Fs_Rec - ok
10:07:31.0750 4532 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:07:31.0765 4532 Ftdisk - ok
10:07:31.0796 4532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:07:31.0796 4532 GEARAspiWDM - ok
10:07:31.0828 4532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:07:31.0828 4532 Gpc - ok
10:07:31.0968 4532 Guard.Mail.ru (e859ca020ed61899f3c74a8d0032d05c) C:\Programme\Guard-ICQ\GuardICQ.exe
10:07:32.0031 4532 Guard.Mail.ru - ok
10:07:32.0125 4532 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:07:32.0125 4532 HDAudBus - ok
10:07:32.0171 4532 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:07:32.0171 4532 helpsvc - ok
10:07:32.0187 4532 HidServ - ok
10:07:32.0218 4532 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
10:07:32.0218 4532 hkmsvc - ok
10:07:32.0234 4532 hpn - ok
10:07:32.0265 4532 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
10:07:32.0281 4532 HSFHWAZL - ok
10:07:32.0406 4532 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
10:07:32.0468 4532 HSF_DPV - ok
10:07:32.0531 4532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:07:32.0531 4532 HTTP - ok
10:07:32.0578 4532 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
10:07:32.0578 4532 HTTPFilter - ok
10:07:32.0593 4532 i2omgmt - ok
10:07:32.0593 4532 i2omp - ok
10:07:32.0640 4532 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:07:32.0640 4532 i8042prt - ok
10:07:32.0671 4532 IBMPMDRV (293131c1da5f53cb05f75d637739d79c) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
10:07:32.0671 4532 IBMPMDRV - ok
10:07:32.0703 4532 IBMPMSVC (91fa023c5203503776bccc9cf96a0c59) C:\WINDOWS\system32\ibmpmsvc.exe
10:07:32.0703 4532 IBMPMSVC - ok
10:07:32.0734 4532 ICQ Service - ok
10:07:32.0921 4532 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:07:33.0140 4532 idsvc - ok
10:07:33.0171 4532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:07:33.0171 4532 Imapi - ok
10:07:33.0218 4532 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
10:07:33.0218 4532 ImapiService - ok
10:07:33.0234 4532 ini910u - ok
10:07:33.0234 4532 IntelIde - ok
10:07:33.0281 4532 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:07:33.0296 4532 intelppm - ok
10:07:33.0312 4532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:07:33.0312 4532 Ip6Fw - ok
10:07:33.0343 4532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:07:33.0343 4532 IpFilterDriver - ok
10:07:33.0359 4532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:07:33.0359 4532 IpInIp - ok
10:07:33.0390 4532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:07:33.0406 4532 IpNat - ok
10:07:33.0500 4532 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Programme\iPod\bin\iPodService.exe
10:07:33.0546 4532 iPod Service - ok
10:07:33.0562 4532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:07:33.0562 4532 IPSec - ok
10:07:33.0593 4532 IPSSVC (00d8e9daebe72a5df3986fd418a995eb) C:\WINDOWS\system32\IPSSVC.EXE
10:07:33.0609 4532 IPSSVC - ok
10:07:33.0640 4532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:07:33.0640 4532 IRENUM - ok
10:07:33.0671 4532 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:07:33.0687 4532 isapnp - ok
10:07:33.0765 4532 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
10:07:33.0765 4532 JavaQuickStarterService - ok
10:07:33.0781 4532 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:07:33.0796 4532 Kbdclass - ok
10:07:33.0828 4532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:07:33.0843 4532 kmixer - ok
10:07:33.0890 4532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:07:33.0906 4532 KSecDD - ok
10:07:33.0937 4532 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
10:07:33.0953 4532 lanmanserver - ok
10:07:33.0968 4532 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
10:07:33.0984 4532 lanmanworkstation - ok
10:07:34.0000 4532 lbrtfdc - ok
10:07:34.0062 4532 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
10:07:34.0078 4532 LENOVO.MICMUTE - ok
10:07:34.0078 4532 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
10:07:34.0093 4532 lenovo.smi - ok
10:07:34.0125 4532 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
10:07:34.0125 4532 LmHosts - ok
10:07:34.0187 4532 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
10:07:34.0218 4532 McComponentHostService - ok
10:07:34.0250 4532 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
10:07:34.0265 4532 mdmxsdk - ok
10:07:34.0281 4532 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
10:07:34.0281 4532 Messenger - ok
10:07:34.0343 4532 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
10:07:34.0359 4532 Microsoft Office Groove Audit Service - ok
10:07:34.0375 4532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:07:34.0375 4532 mnmdd - ok
10:07:34.0406 4532 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
10:07:34.0406 4532 mnmsrvc - ok
10:07:34.0437 4532 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:07:34.0437 4532 Modem - ok
10:07:34.0453 4532 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:07:34.0453 4532 Mouclass - ok
10:07:34.0468 4532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:07:34.0484 4532 MountMgr - ok
10:07:34.0531 4532 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
10:07:34.0531 4532 MozillaMaintenance - ok
10:07:34.0546 4532 mraid35x - ok
10:07:34.0562 4532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:07:34.0578 4532 MRxDAV - ok
10:07:34.0640 4532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:07:34.0703 4532 MRxSmb - ok
10:07:34.0734 4532 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
10:07:34.0734 4532 MSDTC - ok
10:07:34.0750 4532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:07:34.0750 4532 Msfs - ok
10:07:34.0750 4532 MSIServer - ok
10:07:34.0796 4532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:07:34.0796 4532 MSKSSRV - ok
10:07:34.0812 4532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:07:34.0812 4532 MSPCLOCK - ok
10:07:34.0828 4532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:07:34.0828 4532 MSPQM - ok
10:07:34.0859 4532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:07:34.0859 4532 mssmbios - ok
10:07:34.0890 4532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:07:34.0921 4532 Mup - ok
10:07:34.0953 4532 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
10:07:34.0984 4532 napagent - ok
10:07:35.0015 4532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:07:35.0031 4532 NDIS - ok
10:07:35.0062 4532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:07:35.0078 4532 NdisTapi - ok
10:07:35.0078 4532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:07:35.0093 4532 Ndisuio - ok
10:07:35.0093 4532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:07:35.0109 4532 NdisWan - ok
10:07:35.0140 4532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:07:35.0156 4532 NDProxy - ok
10:07:35.0171 4532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:07:35.0171 4532 NetBIOS - ok
10:07:35.0187 4532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:07:35.0203 4532 NetBT - ok
10:07:35.0250 4532 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:07:35.0265 4532 NetDDE - ok
10:07:35.0265 4532 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
10:07:35.0265 4532 NetDDEdsdm - ok
10:07:35.0281 4532 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:07:35.0281 4532 Netlogon - ok
10:07:35.0312 4532 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
10:07:35.0328 4532 Netman - ok
10:07:35.0453 4532 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:07:35.0468 4532 NetTcpPortSharing - ok
10:07:35.0906 4532 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
10:07:36.0078 4532 NETwLx32 - ok
10:07:36.0187 4532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:07:36.0187 4532 NIC1394 - ok
10:07:36.0234 4532 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
10:07:36.0234 4532 Nla - ok
10:07:36.0250 4532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:07:36.0250 4532 Npfs - ok
10:07:36.0296 4532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:07:36.0359 4532 Ntfs - ok
10:07:36.0375 4532 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:07:36.0375 4532 NtLmSsp - ok
10:07:36.0406 4532 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
10:07:36.0437 4532 NtmsSvc - ok
10:07:36.0484 4532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:07:36.0484 4532 Null - ok
10:07:36.0515 4532 NWCWorkstation (c34a6a72dec2c317d67355dc18f87090) C:\WINDOWS\System32\nwwks.dll
10:07:36.0531 4532 NWCWorkstation - ok
10:07:36.0562 4532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:07:36.0578 4532 NwlnkFlt - ok
10:07:36.0578 4532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:07:36.0593 4532 NwlnkFwd - ok
10:07:36.0640 4532 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
10:07:36.0656 4532 NwlnkIpx - ok
10:07:36.0656 4532 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
10:07:36.0671 4532 NwlnkNb - ok
10:07:36.0687 4532 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
10:07:36.0687 4532 NwlnkSpx - ok
10:07:36.0718 4532 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
10:07:36.0718 4532 NWRDR - ok
10:07:36.0890 4532 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
10:07:36.0921 4532 odserv - ok
10:07:36.0937 4532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:07:36.0937 4532 ohci1394 - ok
10:07:36.0984 4532 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
10:07:37.0000 4532 ose - ok
10:07:37.0015 4532 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
10:07:37.0031 4532 Parport - ok
10:07:37.0046 4532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:07:37.0046 4532 PartMgr - ok
10:07:37.0078 4532 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:07:37.0078 4532 ParVdm - ok
10:07:37.0093 4532 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:07:37.0109 4532 PCI - ok
10:07:37.0109 4532 PCIDump - ok
10:07:37.0140 4532 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:07:37.0156 4532 PCIIde - ok
10:07:37.0171 4532 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:07:37.0171 4532 Pcmcia - ok
10:07:37.0187 4532 PDCOMP - ok
10:07:37.0187 4532 PDFRAME - ok
10:07:37.0187 4532 PDRELI - ok
10:07:37.0187 4532 PDRFRAME - ok
10:07:37.0203 4532 perc2 - ok
10:07:37.0203 4532 perc2hib - ok
10:07:37.0250 4532 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
10:07:37.0250 4532 PlugPlay - ok
10:07:37.0281 4532 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:07:37.0281 4532 PolicyAgent - ok
10:07:37.0328 4532 Power Manager DBC Service (dd1e98d635f5e12064f3b2792b53d4ab) C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
10:07:37.0328 4532 Power Manager DBC Service - ok
10:07:37.0359 4532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:07:37.0359 4532 PptpMiniport - ok
10:07:37.0406 4532 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
10:07:37.0406 4532 PROCDD - ok
10:07:37.0406 4532 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:07:37.0406 4532 ProtectedStorage - ok
10:07:37.0421 4532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:07:37.0421 4532 PSched - ok
10:07:37.0453 4532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:07:37.0453 4532 Ptilink - ok
10:07:37.0484 4532 PwmEWSvc (3409ce13565b76790cfe13f00ad8c67d) C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
10:07:37.0500 4532 PwmEWSvc - ok
10:07:37.0500 4532 ql1080 - ok
10:07:37.0500 4532 Ql10wnt - ok
10:07:37.0515 4532 ql12160 - ok
10:07:37.0515 4532 ql1240 - ok
10:07:37.0515 4532 ql1280 - ok
10:07:37.0531 4532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:07:37.0546 4532 RasAcd - ok
10:07:37.0562 4532 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
10:07:37.0578 4532 RasAuto - ok
10:07:37.0593 4532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:07:37.0593 4532 Rasl2tp - ok
10:07:37.0625 4532 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
10:07:37.0656 4532 RasMan - ok
10:07:37.0656 4532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:07:37.0671 4532 RasPppoe - ok
10:07:37.0687 4532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:07:37.0687 4532 Raspti - ok
10:07:37.0734 4532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:07:37.0750 4532 Rdbss - ok
10:07:37.0765 4532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:07:37.0765 4532 RDPCDD - ok
10:07:37.0812 4532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:07:37.0843 4532 rdpdr - ok
10:07:37.0890 4532 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:07:37.0890 4532 RDPWD - ok
10:07:37.0937 4532 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
10:07:37.0953 4532 RDSessMgr - ok
10:07:37.0968 4532 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:07:37.0984 4532 redbook - ok
10:07:38.0062 4532 RegSrvc (6987dc1dd7a7159752dfb1f6aabae062) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
10:07:38.0078 4532 RegSrvc - ok
10:07:38.0093 4532 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
10:07:38.0109 4532 RemoteAccess - ok
10:07:38.0125 4532 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
10:07:38.0125 4532 RemoteRegistry - ok
10:07:38.0171 4532 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
10:07:38.0171 4532 RpcLocator - ok
10:07:38.0218 4532 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
10:07:38.0234 4532 RpcSs - ok
10:07:38.0265 4532 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
10:07:38.0281 4532 RSVP - ok
10:07:38.0359 4532 S24EventMonitor (662973c942738d4b2fe8147e63de66b3) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
10:07:38.0421 4532 S24EventMonitor - ok
10:07:38.0500 4532 s24trans (27fc71da659305e260acbda15a318399) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:07:38.0500 4532 s24trans - ok
10:07:38.0531 4532 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
10:07:38.0531 4532 SamSs - ok
10:07:38.0578 4532 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
10:07:38.0593 4532 SCardSvr - ok
10:07:38.0656 4532 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
10:07:38.0671 4532 Schedule - ok
10:07:38.0703 4532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:07:38.0703 4532 Secdrv - ok
10:07:38.0718 4532 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
10:07:38.0718 4532 seclogon - ok
10:07:38.0734 4532 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
10:07:38.0734 4532 SENS - ok
10:07:38.0765 4532 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
10:07:38.0765 4532 Serial - ok
10:07:38.0781 4532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:07:38.0796 4532 Sfloppy - ok
10:07:38.0828 4532 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
10:07:38.0828 4532 SharedAccess - ok
10:07:38.0875 4532 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:07:38.0875 4532 ShellHWDetection - ok
10:07:38.0906 4532 Shockprf (df6a84dd19d3c0858d707b5e64938d60) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
10:07:38.0921 4532 Shockprf - ok
10:07:38.0921 4532 Simbad - ok
10:07:39.0000 4532 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Programme\Sony\Sony PC Companion\PCCService.exe
10:07:39.0015 4532 Sony PC Companion - ok
10:07:39.0031 4532 Sparrow - ok
10:07:39.0062 4532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:07:39.0062 4532 splitter - ok
10:07:39.0109 4532 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:07:39.0109 4532 Spooler - ok
10:07:39.0156 4532 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:07:39.0156 4532 sr - ok
10:07:39.0203 4532 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
10:07:39.0218 4532 srservice - ok
10:07:39.0265 4532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:07:39.0281 4532 Srv - ok
10:07:39.0312 4532 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
10:07:39.0312 4532 SSDPSRV - ok
10:07:39.0359 4532 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:07:39.0359 4532 ssmdrv - ok
10:07:39.0390 4532 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
10:07:39.0437 4532 stisvc - ok
10:07:39.0468 4532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:07:39.0468 4532 swenum - ok
10:07:39.0515 4532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:07:39.0515 4532 swmidi - ok
10:07:39.0515 4532 SwPrv - ok
10:07:39.0531 4532 symc810 - ok
10:07:39.0531 4532 symc8xx - ok
10:07:39.0531 4532 sym_hi - ok
10:07:39.0546 4532 sym_u3 - ok
10:07:39.0656 4532 SynTP (d73b0d08effcf0349680f32282b4d6f0) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:07:39.0687 4532 SynTP - ok
10:07:39.0687 4532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:07:39.0703 4532 sysaudio - ok
10:07:39.0750 4532 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
10:07:39.0765 4532 SysmonLog - ok
10:07:39.0796 4532 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
10:07:39.0828 4532 TapiSrv - ok
10:07:39.0875 4532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:07:39.0921 4532 Tcpip - ok
10:07:39.0968 4532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:07:39.0968 4532 TDPIPE - ok
10:07:39.0984 4532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:07:40.0000 4532 TDTCP - ok
10:07:40.0000 4532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:07:40.0015 4532 TermDD - ok
10:07:40.0062 4532 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
10:07:40.0078 4532 TermService - ok
10:07:40.0109 4532 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
10:07:40.0125 4532 Themes - ok
10:07:40.0156 4532 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
10:07:40.0156 4532 TlntSvr - ok
10:07:40.0171 4532 TosIde - ok
10:07:40.0203 4532 TPDIGIMN (50b570e4209f6d401893720fc8ddce46) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
10:07:40.0218 4532 TPDIGIMN - ok
10:07:40.0250 4532 TPHDEXLGSVC (1f98a2433555dd854cb4e2edc819deb4) C:\WINDOWS\system32\TPHDEXLG.exe
10:07:40.0250 4532 TPHDEXLGSVC - ok
10:07:40.0281 4532 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
10:07:40.0296 4532 TPHKDRV - ok
10:07:40.0343 4532 TPHKLOAD (88d609bfdeb7e013e9e491434190ba43) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
10:07:40.0343 4532 TPHKLOAD - ok
10:07:40.0359 4532 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
10:07:40.0359 4532 TPHKSVC - ok
10:07:40.0375 4532 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
10:07:40.0390 4532 TPPWRIF - ok
10:07:40.0406 4532 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
10:07:40.0421 4532 TrkWks - ok
10:07:40.0437 4532 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
10:07:40.0437 4532 TSMAPIP - ok
10:07:40.0468 4532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:07:40.0484 4532 Udfs - ok
10:07:40.0484 4532 ultra - ok
10:07:40.0546 4532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:07:40.0593 4532 Update - ok
10:07:40.0609 4532 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
10:07:40.0656 4532 upnphost - ok
10:07:40.0671 4532 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
10:07:40.0671 4532 UPS - ok
10:07:40.0718 4532 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:07:40.0718 4532 USBAAPL - ok
10:07:40.0734 4532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:07:40.0750 4532 usbehci - ok
10:07:40.0781 4532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:07:40.0796 4532 usbhub - ok
10:07:40.0812 4532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:07:40.0828 4532 usbscan - ok
10:07:40.0843 4532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:07:40.0859 4532 USBSTOR - ok
10:07:40.0859 4532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:07:40.0875 4532 usbuhci - ok
10:07:40.0875 4532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:07:40.0875 4532 VgaSave - ok
10:07:40.0875 4532 ViaIde - ok
10:07:40.0906 4532 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:07:40.0921 4532 VolSnap - ok
10:07:40.0968 4532 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
10:07:41.0000 4532 VSS - ok
10:07:41.0015 4532 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
10:07:41.0031 4532 W32Time - ok
10:07:41.0046 4532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:07:41.0062 4532 Wanarp - ok
10:07:41.0109 4532 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:07:41.0125 4532 Wdf01000 - ok
10:07:41.0125 4532 WDICA - ok
10:07:41.0156 4532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:07:41.0171 4532 wdmaud - ok
10:07:41.0203 4532 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
10:07:41.0218 4532 WebClient - ok
10:07:41.0296 4532 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
10:07:41.0359 4532 winachsf - ok
10:07:41.0437 4532 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:07:41.0453 4532 winmgmt - ok
10:07:41.0500 4532 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:07:41.0515 4532 WmdmPmSN - ok
10:07:41.0578 4532 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
10:07:41.0609 4532 Wmi - ok
10:07:41.0640 4532 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:07:41.0640 4532 WmiApSrv - ok
10:07:41.0687 4532 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
10:07:41.0703 4532 wuauserv - ok
10:07:41.0781 4532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:07:41.0781 4532 WudfPf - ok
10:07:41.0796 4532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:07:41.0812 4532 WudfRd - ok
10:07:41.0828 4532 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:07:41.0843 4532 WudfSvc - ok
10:07:41.0875 4532 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
10:07:41.0921 4532 WZCSVC - ok
10:07:41.0937 4532 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
10:07:41.0953 4532 xmlprov - ok
10:07:41.0968 4532 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
10:07:42.0437 4532 \Device\Harddisk0\DR0 - ok
10:07:42.0437 4532 Boot (0x1200) (03fdd5cb582ecdc970256582356ab8cd) \Device\Harddisk0\DR0\Partition0
10:07:42.0437 4532 \Device\Harddisk0\DR0\Partition0 - ok
10:07:42.0453 4532 Boot (0x1200) (6269672d4205f1b533b1ba8c349bf5b2) \Device\Harddisk0\DR0\Partition1
10:07:42.0453 4532 \Device\Harddisk0\DR0\Partition1 - ok
10:07:42.0453 4532 ============================================================
10:07:42.0453 4532 Scan finished
10:07:42.0453 4532 ============================================================
10:07:42.0468 4524 Detected object count: 0
10:07:42.0468 4524 Actual detected object count: 0
|
|
29.07.2012, 16:58
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 11:58
| #21 |
| | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Ich hab das Gefühl, dass der Autoscan sich andauernd aufhängt. Was kann ich tun? |
|
03.08.2012, 12:02
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2012, 21:28
| #23 |
| | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Code:
ATTFilter ComboFix 12-07-31.06 - rebecca 03.08.2012 22:15:19.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1272 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\rebecca\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\kock
c:\windows\system32\xmldm
d:\dokumente und einstellungen\rebecca\WINDOWS
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-03 bis 2012-08-03 ))))))))))))))))))))))))))))))
.
.
2012-07-31 17:53 . 2012-07-31 17:53 -------- d-----w- c:\windows\system32\13001.033
2012-07-30 18:17 . 2012-07-30 18:17 -------- d-----w- c:\windows\system32\13001.032
2012-07-29 17:45 . 2012-07-29 17:45 -------- d-----w- d:\dokumente und einstellungen\All Users\Favoriten
2012-07-29 08:03 . 2012-07-29 08:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 19:01 . 2012-07-28 19:01 -------- d-----w- c:\windows\system32\13001.031
2012-07-28 19:01 . 2012-07-28 19:01 264 ----a-w- c:\windows\system32\srvblck5.tmp
2012-07-24 17:36 . 2012-07-24 17:36 -------- d-----w- c:\programme\Sony
2012-07-24 17:25 . 2012-07-24 17:25 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-07-15 11:17 . 2012-07-15 11:17 -------- d-----r- d:\dokumente und einstellungen\NetworkService.NT-AUTORITÄT\Favoriten
2012-07-14 08:35 . 2012-07-14 08:35 -------- d-----w- c:\programme\ESET
2012-07-12 18:59 . 2012-07-12 18:59 -------- d-----w- d:\dokumente und einstellungen\rebecca\Anwendungsdaten\Malwarebytes
2012-07-11 05:14 . 2012-07-24 17:25 -------- d-----w- c:\windows\system32\LogFiles
2012-07-07 12:58 . 2012-07-07 12:58 -------- d-----w- d:\dokumente und einstellungen\Toni\Anwendungsdaten\Malwarebytes
2012-07-07 12:57 . 2012-07-07 12:57 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-07-07 12:57 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-07 12:57 . 2012-07-12 19:18 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-07-07 11:41 . 2012-07-07 11:41 -------- d-----r- d:\dokumente und einstellungen\LocalService\Favoriten
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-03-15 21:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-03-15 21:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-03-15 21:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2012-03-15 21:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-03-15 21:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-03-15 21:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-03-15 21:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-10 05:39 . 2012-03-18 16:42 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 05:39 . 2012-03-18 16:42 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-14 22:19 . 2012-06-21 07:18 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\programme\ICQ7.7\ICQ.exe" [2012-03-18 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-03-24 2221352]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-01-23 818240]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-10 348624]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Guard.Mail.ru.gui"="c:\programme\Guard-ICQ\GuardICQ.exe" [2012-03-18 1564368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\dokumente und einstellungen\Toni\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
d:\dokumente und einstellungen\rebecca\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [N/A]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [N/A]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ7.7\\ICQ.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [16.03.2012 12:52 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.01.2011 15:02 20592]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18.03.2012 18:42 36000]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [15.03.2012 20:29 13680]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2012 18:42 86224]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [16.03.2012 12:52 292200]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [16.03.2012 12:52 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [16.03.2012 12:52 175168]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [15.03.2012 20:29 99328]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [15.03.2012 20:29 64440]
R3 NETwLx32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwLx32.sys [16.03.2012 13:14 6609920]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\programme\Guard-ICQ\GuardICQ.exe [18.03.2012 20:42 1564368]
S2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [15.03.2012 20:29 45496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04.04.2012 08:33 253600]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 20:51 113120]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [21.07.2012 10:33 155320]
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:33]
.
2012-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\programme\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - d:\dokumente und einstellungen\rebecca\Anwendungsdaten\Mozilla\Firefox\Profiles\f1k8et14.default\
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
------- Dateityp-Verknüpfung -------
.
.txt=REG_SZ
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Sony PC Companion - c:\programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
AddRemove-ICQToolbar - c:\programme\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-03 22:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-08-03 22:26:01
ComboFix-quarantined-files.txt 2012-08-03 20:25
.
Vor Suchlauf: 8 Verzeichnis(se), 90.512.613.376 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 90.457.378.816 Bytes frei
.
- - End Of File - - B20F0ACE499B7DDA1873A1523E8764CD
|
|
03.08.2012, 23:32
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\windows\system32\13001.031
File::
c:\windows\system32\srvblck5.tmp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2012, 10:39
| #25 |
| | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Code:
ATTFilter ComboFix 12-08-07.01 - rebecca 07.08.2012 11:21:08.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1362 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\rebecca\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: d:\dokumente und einstellungen\rebecca\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\srvblck5.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\13001.031
c:\windows\system32\13001.031\chrome.manifest
c:\windows\system32\13001.031\components\AcroFF.txt
c:\windows\system32\13001.031\install.rdf
c:\windows\system32\srvblck5.tmp
c:\windows\system32\xmldm
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-07 bis 2012-08-07 ))))))))))))))))))))))))))))))
.
.
2012-07-31 17:53 . 2012-07-31 17:53 -------- d-----w- c:\windows\system32\13001.033
2012-07-30 18:17 . 2012-07-30 18:17 -------- d-----w- c:\windows\system32\13001.032
2012-07-29 17:45 . 2012-07-29 17:45 -------- d-----w- d:\dokumente und einstellungen\All Users\Favoriten
2012-07-29 08:03 . 2012-07-29 08:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 17:36 . 2012-07-24 17:36 -------- d-----w- c:\programme\Sony
2012-07-24 17:25 . 2012-07-24 17:25 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-07-15 11:17 . 2012-07-15 11:17 -------- d-----r- d:\dokumente und einstellungen\NetworkService.NT-AUTORITÄT\Favoriten
2012-07-14 08:35 . 2012-07-14 08:35 -------- d-----w- c:\programme\ESET
2012-07-12 18:59 . 2012-07-12 18:59 -------- d-----w- d:\dokumente und einstellungen\rebecca\Anwendungsdaten\Malwarebytes
2012-07-11 05:14 . 2012-07-24 17:25 -------- d-----w- c:\windows\system32\LogFiles
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2012-07-07 12:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:55 . 2004-08-04 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2012-03-15 21:50 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2012-03-15 21:50 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2012-03-15 21:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2012-03-15 21:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2012-03-15 21:50 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:24 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2012-03-15 21:50 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2012-03-15 21:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 12:00 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-10 05:39 . 2012-03-18 16:42 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-10 05:39 . 2012-03-18 16:42 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-14 22:19 . 2012-06-21 07:18 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-03_20.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-07 07:11 . 2012-08-07 07:11 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\programme\ICQ7.7\ICQ.exe" [2012-03-18 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2011-03-24 2221352]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-01-23 818240]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-10 348624]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Guard.Mail.ru.gui"="c:\programme\Guard-ICQ\GuardICQ.exe" [2012-03-18 1564368]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
d:\dokumente und einstellungen\Toni\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
d:\dokumente und einstellungen\rebecca\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [N/A]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [N/A]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\ICQ7.7\\ICQ.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [16.03.2012 12:52 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [13.01.2011 15:02 20592]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18.03.2012 18:42 36000]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [15.03.2012 20:29 13680]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2012 18:42 86224]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [16.03.2012 12:52 292200]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\programme\Guard-ICQ\GuardICQ.exe [18.03.2012 20:42 1564368]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [16.03.2012 12:52 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [16.03.2012 12:52 175168]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [15.03.2012 20:29 99328]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [15.03.2012 20:29 64440]
R3 NETwLx32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwLx32.sys [16.03.2012 13:14 6609920]
S2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [15.03.2012 20:29 45496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04.04.2012 08:33 253600]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [07.05.2012 20:51 113120]
S3 Sony PC Companion;Sony PC Companion;c:\programme\Sony\Sony PC Companion\PCCService.exe [21.07.2012 10:33 155320]
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:33]
.
2012-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\programme\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - d:\dokumente und einstellungen\rebecca\Anwendungsdaten\Mozilla\Firefox\Profiles\f1k8et14.default\
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-07 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-08-07 11:32:30
ComboFix-quarantined-files.txt 2012-08-07 09:32
ComboFix2.txt 2012-08-03 20:26
.
Vor Suchlauf: 9 Verzeichnis(se), 90.407.067.648 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 90.385.412.096 Bytes frei
.
- - End Of File - - 0029FFACDF4E99EBC4F54641929FBDEB
|
|
08.08.2012, 13:29
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen.Code:
ATTFilter 2012-07-31 17:53 . 2012-07-31 17:53 -------- d-----w- c:\windows\system32\13001.033
2012-07-30 18:17 . 2012-07-30 18:17 -------- d-----w- c:\windows\system32\13001.032
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.08.2012, 20:19
| #27 |
| | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Ja, ließen sich manuell löschen. |
|
10.08.2012, 21:45
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Ok gut  Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.08.2012, 11:22
| #29 |
| | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. GMER Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-23 11:26:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9500325AS rev.0002BSM1
Running: m6rnb410.exe; Driver: D:\DOKUME~1\rebecca\LOKALE~1\Temp\pfrdapow.sys
---- System - GMER 1.0.15 ----
SSDT BA6E218C ZwClose
SSDT BA6E2146 ZwCreateKey
SSDT BA6E2196 ZwCreateSection
SSDT BA6E213C ZwCreateThread
SSDT BA6E214B ZwDeleteKey
SSDT BA6E2155 ZwDeleteValueKey
SSDT BA6E2187 ZwDuplicateObject
SSDT BA6E215A ZwLoadKey
SSDT BA6E2128 ZwOpenProcess
SSDT BA6E212D ZwOpenThread
SSDT BA6E21AF ZwQueryValueKey
SSDT BA6E2164 ZwReplaceKey
SSDT BA6E21A0 ZwRequestWaitReplyPort
SSDT BA6E215F ZwRestoreKey
SSDT BA6E219B ZwSetContextThread
SSDT BA6E21A5 ZwSetSecurityObject
SSDT BA6E2150 ZwSetValueKey
SSDT BA6E21AA ZwSystemDebugControl
SSDT BA6E2137 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93D4000, 0x1C5D38, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 976767123
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:45:13 on 23.08.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 13.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl "TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - D:\DOKUME~1\rebecca\LOKALE~1\Temp\catchme.sys (File not found) "cercsr6" (cercsr6) - "Adaptec, Inc." - C:\WINDOWS\system32\drivers\cercsr6.sys "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pfrdapow" (pfrdapow) - ? - D:\DOKUME~1\rebecca\LOKALE~1\Temp\pfrdapow.sys (Hidden registry entry, rootkit activity | File not found) "Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys "TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11g.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ7.7" - "ICQ, LLC." - C:\Programme\ICQ7.7\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "BTTray.lnk" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk (Shortcut exists | File not found) "Digital Line Detect.lnk" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk (Shortcut exists | File not found) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Programme\WinZip\WZQKPICK32.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - D:\Dokumente und Einstellungen\rebecca\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ICQ" - "ICQ, LLC." - "C:\Programme\ICQ7.7\ICQ.exe" silent loginmode=4 -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )----- "FlashPlayerUpdate" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe -update plugin -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "AwaySch" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwaySch.EXE "GrooveMonitor" - "Microsoft Corporation" - "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" "Guard.Mail.ru.gui" - ? - "C:\Programme\Guard-ICQ\GuardICQ.exe" /gui "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe "LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe "LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe "PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r "TpShocks" - "Lenovo." - TpShocks.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Guard.Mail.ru" (Guard.Mail.ru) - ? - C:\Programme\Guard-ICQ\GuardICQ.exe "IBM PM Service" (IBMPMSVC) - ? - C:\WINDOWS\system32\ibmpmsvc.exe (File signed by Microsoft | File found, but it contains no detailed information) "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe (File not found) "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe "Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "IPS-Basisservice" (IPSSVC) - "Lenovo Group Limited" - C:\WINDOWS\system32\IPSSVC.EXE "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE "Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe "Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Programme\Sony\Sony PC Companion\PCCService.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-23 11:47:06
-----------------------------
11:47:06.967 OS Version: Windows 5.1.2600 Service Pack 3
11:47:06.967 Number of processors: 2 586 0xF06
11:47:06.967 ComputerName: LABECKA UserName: rebecca
11:47:07.498 Initialize success
11:52:10.858 AVAST engine defs: 12082201
11:52:25.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:52:25.670 Disk 0 Vendor: ST9500325AS 0002BSM1 Size: 476940MB BusType: 3
11:52:25.717 Disk 0 MBR read successfully
11:52:25.717 Disk 0 MBR scan
11:52:25.780 Disk 0 Windows XP default MBR code
11:52:25.780 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 63
11:52:25.780 Disk 0 Partition - 00 0F Extended LBA 376936 MB offset 204800400
11:52:25.842 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 376936 MB offset 204800463
11:52:25.858 Disk 0 scanning sectors +976767120
11:52:25.873 Disk 0 malicious Win32:MBRoot code @ sector 976767123 !
11:52:25.998 Disk 0 scanning C:\WINDOWS\system32\drivers
11:52:51.295 Service scanning
11:53:08.139 Modules scanning
11:53:37.077 Disk 0 trace - called modules:
11:53:37.108
11:53:37.467 AVAST engine scan C:\WINDOWS
11:54:21.983 AVAST engine scan C:\WINDOWS\system32
12:05:12.311 AVAST engine scan C:\WINDOWS\system32\drivers
12:07:45.811 AVAST engine scan D:\Dokumente und Einstellungen\rebecca
12:19:25.873 Disk 0 MBR has been saved successfully to "D:\Dokumente und Einstellungen\rebecca\Desktop\logs 23.08\MBR.dat"
12:19:25.873 The log file has been saved successfully to "D:\Dokumente und Einstellungen\rebecca\Desktop\logs 23.08\aswMBR.txt"
|
|
30.08.2012, 13:40
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. Live-System PartedMagic / GParted 1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein 2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows 3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist  4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken 5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.GEN - TR/ATRAPS.Gen2 lassen sich nicht entfernen. |
| 0xc0000001, 800000cb.@, avira, bho, bonjour, branding, ccc.exe, desktop, dllhost.exe, entfernen, error, excel, festplatte, flash player, fontcache, heuristiks/extra, heuristiks/shuriken, homepage, internet, internet explorer, juli 2012, langs, logfile, microsoft office word, mom.exe, nt.dll, object, plug-in, problem, prozesse, registry, rundll, searchscopes, security, software, svchost.exe, updates, verweise, warnung, wbemess.dll, windows, windows internet |
Linear-Darstellung
