| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Trash.Gen Trojan erneut von Avira gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.07.2012, 20:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/Trash.Gen Trojan erneut von Avira gefunden Ach sry, das hatte ich übersehen. Dann ist das ok Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1757981266-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-436374069-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-436374069-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-436374069-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.14 01:34:39 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.08.15 09:49:16 | 000,398,600 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.08.16 09:48:10 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.08.16 09:48:10 | 002,162,688 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2007.08.16 09:48:10 | 000,000,150 | R--- | M] () - D:\autorun.inf -- [ UDF ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.07.2012, 17:30
| #17 |
 | TR/Trash.Gen Trojan erneut von Avira gefunden Hallo Arne!
__________________Beim ausführen ist Folgendes passiert: Nach 2 Sekunden ist der Rechner neu gestartet mit kurzem BlueScreen vorweg und hat mir irgendein Speicherfehler angezeigt(ging zu schnell um es richtig lesen zu können). wieder hochgefahren gibt es tatsächlich den OTL Ordner aber ich kann kein LOG finden und bin mir nicht sicher ob der PC tatsächlich deinem Script gefolgt ist. Lg und danke für deine Mühe |
|
26.07.2012, 11:04
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________
__________________ |
|
26.07.2012, 17:28
| #19 |
| | TR/Trash.Gen Trojan erneut von Avira gefunden Hallo im abgesicherten Modus hat es funktioniert: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-436374069-1757981266-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-436374069-1757981266-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File not found.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5882230 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: ZahalFighter
->Temp folder emptied: 405772570 bytes
->Temporary Internet Files folder emptied: 282821 bytes
->Java cache emptied: 1696885 bytes
->FireFox cache emptied: 55492517 bytes
->Flash cache emptied: 3091406 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2337597 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 453,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: ZahalFighter
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07262012_182239
Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2007.08.15 09:49:16 | 000,398,600 | R--- | M] (Electronic Arts) D:\AutoRun.exe : MD5=0172E5AC5D3F906B993AC610128CBB58
[2007.08.16 09:48:10 | 002,162,688 | R--- | M] () D:\autorun.dat : MD5=8EE3E87895F1EB0DB28059952F825DCC
[2007.08.16 09:48:10 | 000,000,150 | R--- | M] () D:\autorun.inf : MD5=B63E590342F60952E03FFB77A36EB362
Registry entries deleted on Reboot...
LG |
|
26.07.2012, 22:26
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 17:09
| #21 |
| | TR/Trash.Gen Trojan erneut von Avira gefundenCode:
ATTFilter 18:06:34.0078 2300 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:06:36.0078 2300 ============================================================
18:06:36.0078 2300 Current date / time: 2012/07/30 18:06:36.0078
18:06:36.0078 2300 SystemInfo:
18:06:36.0078 2300
18:06:36.0078 2300 OS Version: 5.1.2600 ServicePack: 3.0
18:06:36.0078 2300 Product type: Workstation
18:06:36.0078 2300 ComputerName: KNUSPERKNUT
18:06:36.0078 2300 UserName: ZahalFighter
18:06:36.0078 2300 Windows directory: C:\WINDOWS
18:06:36.0078 2300 System windows directory: C:\WINDOWS
18:06:36.0078 2300 Processor architecture: Intel x86
18:06:36.0078 2300 Number of processors: 2
18:06:36.0078 2300 Page size: 0x1000
18:06:36.0078 2300 Boot type: Normal boot
18:06:36.0078 2300 ============================================================
18:06:36.0453 2300 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:06:36.0453 2300 ============================================================
18:06:36.0453 2300 \Device\Harddisk0\DR0:
18:06:36.0453 2300 MBR partitions:
18:06:36.0453 2300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
18:06:36.0468 2300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0xCD8F0EA
18:06:36.0468 2300 ============================================================
18:06:36.0500 2300 C: <-> \Device\Harddisk0\DR0\Partition0
18:06:36.0546 2300 E: <-> \Device\Harddisk0\DR0\Partition1
18:06:36.0546 2300 ============================================================
18:06:36.0546 2300 Initialize success
18:06:36.0546 2300 ============================================================
18:07:26.0531 3356 ============================================================
18:07:26.0531 3356 Scan started
18:07:26.0531 3356 Mode: Manual; SigCheck; TDLFS;
18:07:26.0531 3356 ============================================================
18:07:26.0609 3356 Abiosdsk - ok
18:07:26.0609 3356 abp480n5 - ok
18:07:26.0625 3356 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:07:27.0421 3356 ACPI - ok
18:07:27.0453 3356 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:07:27.0546 3356 ACPIEC - ok
18:07:27.0546 3356 adpu160m - ok
18:07:27.0562 3356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:07:27.0640 3356 aec - ok
18:07:27.0671 3356 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
18:07:27.0718 3356 AFD - ok
18:07:27.0718 3356 Aha154x - ok
18:07:27.0718 3356 aic78u2 - ok
18:07:27.0718 3356 aic78xx - ok
18:07:27.0750 3356 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
18:07:27.0812 3356 Alerter - ok
18:07:27.0828 3356 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
18:07:27.0890 3356 ALG - ok
18:07:27.0890 3356 AliIde - ok
18:07:27.0890 3356 amsint - ok
18:07:27.0953 3356 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Programme\Avira\AntiVir Desktop\sched.exe
18:07:27.0968 3356 AntiVirSchedulerService - ok
18:07:27.0984 3356 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Programme\Avira\AntiVir Desktop\avguard.exe
18:07:27.0984 3356 AntiVirService - ok
18:07:28.0015 3356 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
18:07:28.0078 3356 AppMgmt - ok
18:07:28.0093 3356 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:07:28.0156 3356 Arp1394 - ok
18:07:28.0156 3356 asc - ok
18:07:28.0156 3356 asc3350p - ok
18:07:28.0156 3356 asc3550 - ok
18:07:28.0218 3356 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:07:28.0218 3356 aspnet_state - ok
18:07:28.0250 3356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:07:28.0312 3356 AsyncMac - ok
18:07:28.0328 3356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:07:28.0390 3356 atapi - ok
18:07:28.0390 3356 Atdisk - ok
18:07:28.0421 3356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:07:28.0484 3356 Atmarpc - ok
18:07:28.0515 3356 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
18:07:28.0578 3356 AudioSrv - ok
18:07:28.0593 3356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:07:28.0656 3356 audstub - ok
18:07:28.0656 3356 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:07:28.0671 3356 avgntflt - ok
18:07:28.0687 3356 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:07:28.0687 3356 avipbb - ok
18:07:28.0687 3356 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:07:28.0687 3356 avkmgr - ok
18:07:28.0718 3356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:07:28.0765 3356 Beep - ok
18:07:28.0796 3356 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
18:07:28.0859 3356 BITS - ok
18:07:28.0875 3356 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
18:07:28.0937 3356 Browser - ok
18:07:28.0968 3356 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
18:07:28.0968 3356 Cardex - ok
18:07:29.0093 3356 catchme - ok
18:07:29.0109 3356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:07:29.0171 3356 cbidf2k - ok
18:07:29.0203 3356 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:07:29.0265 3356 CCDECODE - ok
18:07:29.0265 3356 cd20xrnt - ok
18:07:29.0281 3356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:07:29.0328 3356 Cdaudio - ok
18:07:29.0343 3356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:07:29.0390 3356 Cdfs - ok
18:07:29.0406 3356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:07:29.0468 3356 Cdrom - ok
18:07:29.0468 3356 Changer - ok
18:07:29.0484 3356 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
18:07:29.0546 3356 CiSvc - ok
18:07:29.0562 3356 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
18:07:29.0625 3356 ClipSrv - ok
18:07:29.0671 3356 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:29.0687 3356 clr_optimization_v2.0.50727_32 - ok
18:07:29.0687 3356 CmdIde - ok
18:07:29.0687 3356 COMSysApp - ok
18:07:29.0687 3356 Cpqarray - ok
18:07:29.0718 3356 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
18:07:29.0781 3356 CryptSvc - ok
18:07:29.0781 3356 dac2w2k - ok
18:07:29.0781 3356 dac960nt - ok
18:07:29.0812 3356 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
18:07:29.0875 3356 DcomLaunch - ok
18:07:29.0875 3356 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
18:07:29.0937 3356 Dhcp - ok
18:07:29.0937 3356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:07:30.0000 3356 Disk - ok
18:07:30.0015 3356 dmadmin - ok
18:07:30.0031 3356 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
18:07:30.0093 3356 dmboot - ok
18:07:30.0109 3356 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
18:07:30.0171 3356 dmio - ok
18:07:30.0187 3356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:07:30.0250 3356 dmload - ok
18:07:30.0250 3356 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
18:07:30.0328 3356 dmserver - ok
18:07:30.0343 3356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:07:30.0390 3356 DMusic - ok
18:07:30.0406 3356 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
18:07:30.0437 3356 Dnscache - ok
18:07:30.0453 3356 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
18:07:30.0500 3356 Dot3svc - ok
18:07:30.0500 3356 dpti2o - ok
18:07:30.0500 3356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:07:30.0562 3356 drmkaud - ok
18:07:30.0562 3356 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
18:07:30.0625 3356 EapHost - ok
18:07:30.0640 3356 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
18:07:30.0718 3356 ERSvc - ok
18:07:30.0734 3356 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:07:30.0750 3356 Eventlog - ok
18:07:30.0781 3356 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
18:07:30.0781 3356 EventSystem - ok
18:07:30.0812 3356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:07:30.0859 3356 Fastfat - ok
18:07:30.0890 3356 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:07:30.0906 3356 FastUserSwitchingCompatibility - ok
18:07:30.0906 3356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:07:30.0953 3356 Fdc - ok
18:07:30.0968 3356 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
18:07:31.0031 3356 Fips - ok
18:07:31.0062 3356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:07:31.0125 3356 Flpydisk - ok
18:07:31.0140 3356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:07:31.0187 3356 FltMgr - ok
18:07:31.0281 3356 ForceWare Intelligent Application Manager (IAM) (a6f98d7fb17477e6ec99538223b54daa) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
18:07:31.0296 3356 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - warning
18:07:31.0296 3356 ForceWare Intelligent Application Manager (IAM) - detected UnsignedFile.Multi.Generic (1)
18:07:31.0312 3356 ForcewareWebInterface (b81f8778f5bb485f3b75114f0c99a49f) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
18:07:31.0312 3356 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - warning
18:07:31.0312 3356 ForcewareWebInterface - detected UnsignedFile.Multi.Generic (1)
18:07:31.0343 3356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:07:31.0406 3356 Fs_Rec - ok
18:07:31.0406 3356 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:07:31.0468 3356 Ftdisk - ok
18:07:31.0468 3356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:07:31.0515 3356 Gpc - ok
18:07:31.0531 3356 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:07:31.0593 3356 HDAudBus - ok
18:07:31.0640 3356 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:07:31.0703 3356 helpsvc - ok
18:07:31.0718 3356 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
18:07:31.0796 3356 HidServ - ok
18:07:31.0812 3356 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:07:31.0859 3356 hidusb - ok
18:07:31.0890 3356 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Programme\HitmanPro\hmpsched.exe
18:07:31.0890 3356 HitmanProScheduler - ok
18:07:31.0906 3356 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
18:07:31.0968 3356 hkmsvc - ok
18:07:31.0968 3356 hpn - ok
18:07:32.0000 3356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:07:32.0000 3356 HTTP - ok
18:07:32.0015 3356 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
18:07:32.0078 3356 HTTPFilter - ok
18:07:32.0078 3356 i2omgmt - ok
18:07:32.0078 3356 i2omp - ok
18:07:32.0093 3356 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:07:32.0140 3356 i8042prt - ok
18:07:32.0187 3356 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:07:32.0203 3356 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:07:32.0203 3356 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:07:32.0218 3356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:07:32.0281 3356 Imapi - ok
18:07:32.0296 3356 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
18:07:32.0359 3356 ImapiService - ok
18:07:32.0359 3356 ini910u - ok
18:07:32.0437 3356 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:07:32.0578 3356 IntcAzAudAddService - ok
18:07:32.0625 3356 IntelIde - ok
18:07:32.0640 3356 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:07:32.0703 3356 intelppm - ok
18:07:32.0734 3356 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:07:32.0796 3356 Ip6Fw - ok
18:07:32.0828 3356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:07:32.0890 3356 IpFilterDriver - ok
18:07:32.0890 3356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:07:32.0953 3356 IpInIp - ok
18:07:32.0953 3356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:07:33.0015 3356 IpNat - ok
18:07:33.0015 3356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:07:33.0078 3356 IPSec - ok
18:07:33.0109 3356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:07:33.0171 3356 IRENUM - ok
18:07:33.0187 3356 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:07:33.0234 3356 isapnp - ok
18:07:33.0312 3356 JavaQuickStarterService (28e8a9984ba1297efe44b6138d2ca51e) C:\Programme\Java\jre6\bin\jqs.exe
18:07:33.0328 3356 JavaQuickStarterService - ok
18:07:33.0328 3356 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
18:07:33.0359 3356 JGOGO - ok
18:07:33.0359 3356 JRAID (f4a31e66a61c0783f51157519b03280b) C:\WINDOWS\system32\DRIVERS\jraid.sys
18:07:33.0390 3356 JRAID - ok
18:07:33.0406 3356 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:07:33.0453 3356 Kbdclass - ok
18:07:33.0468 3356 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:07:33.0531 3356 kbdhid - ok
18:07:33.0546 3356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:07:33.0609 3356 kmixer - ok
18:07:33.0625 3356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:07:33.0656 3356 KSecDD - ok
18:07:33.0671 3356 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
18:07:33.0687 3356 lanmanserver - ok
18:07:33.0718 3356 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
18:07:33.0718 3356 lanmanworkstation - ok
18:07:33.0718 3356 lbrtfdc - ok
18:07:33.0734 3356 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
18:07:33.0812 3356 LmHosts - ok
18:07:33.0812 3356 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
18:07:33.0812 3356 MBAMProtector - ok
18:07:33.0843 3356 MBAMService (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
18:07:33.0859 3356 MBAMService - ok
18:07:33.0875 3356 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
18:07:33.0937 3356 Messenger - ok
18:07:33.0953 3356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:07:34.0015 3356 mnmdd - ok
18:07:34.0046 3356 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
18:07:34.0093 3356 mnmsrvc - ok
18:07:34.0125 3356 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
18:07:34.0171 3356 Modem - ok
18:07:34.0187 3356 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:07:34.0250 3356 Mouclass - ok
18:07:34.0265 3356 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:07:34.0328 3356 mouhid - ok
18:07:34.0328 3356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:07:34.0406 3356 MountMgr - ok
18:07:34.0437 3356 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
18:07:34.0437 3356 MozillaMaintenance - ok
18:07:34.0437 3356 mraid35x - ok
18:07:34.0453 3356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:07:34.0500 3356 MRxDAV - ok
18:07:34.0515 3356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:34.0562 3356 MRxSmb - ok
18:07:34.0578 3356 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
18:07:34.0640 3356 MSDTC - ok
18:07:34.0656 3356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:07:34.0703 3356 Msfs - ok
18:07:34.0703 3356 MSIServer - ok
18:07:34.0718 3356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:34.0781 3356 MSKSSRV - ok
18:07:34.0781 3356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:34.0828 3356 MSPCLOCK - ok
18:07:34.0828 3356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:34.0890 3356 MSPQM - ok
18:07:34.0906 3356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:07:34.0968 3356 mssmbios - ok
18:07:34.0968 3356 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:07:35.0046 3356 MSTEE - ok
18:07:35.0062 3356 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:07:35.0078 3356 MTsensor - ok
18:07:35.0093 3356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:07:35.0125 3356 Mup - ok
18:07:35.0140 3356 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:07:35.0203 3356 NABTSFEC - ok
18:07:35.0234 3356 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
18:07:35.0296 3356 napagent - ok
18:07:35.0312 3356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:07:35.0375 3356 NDIS - ok
18:07:35.0375 3356 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:07:35.0421 3356 NdisIP - ok
18:07:35.0437 3356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:35.0453 3356 NdisTapi - ok
18:07:35.0484 3356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:35.0531 3356 Ndisuio - ok
18:07:35.0531 3356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:35.0578 3356 NdisWan - ok
18:07:35.0578 3356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:35.0593 3356 NDProxy - ok
18:07:35.0609 3356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:35.0671 3356 NetBIOS - ok
18:07:35.0687 3356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:07:35.0750 3356 NetBT - ok
18:07:35.0781 3356 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:07:35.0859 3356 NetDDE - ok
18:07:35.0859 3356 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
18:07:35.0906 3356 NetDDEdsdm - ok
18:07:35.0937 3356 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:35.0984 3356 Netlogon - ok
18:07:36.0015 3356 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
18:07:36.0078 3356 Netman - ok
18:07:36.0093 3356 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:07:36.0140 3356 NIC1394 - ok
18:07:36.0156 3356 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
18:07:36.0187 3356 Nla - ok
18:07:36.0187 3356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:07:36.0234 3356 Npfs - ok
18:07:36.0296 3356 nSvcIp (c98168642b15b5ec4af116e4c30c8baf) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
18:07:36.0296 3356 nSvcIp ( UnsignedFile.Multi.Generic ) - warning
18:07:36.0296 3356 nSvcIp - detected UnsignedFile.Multi.Generic (1)
18:07:36.0312 3356 nSvcLog (381a4edac8c5d4327e27387686087a99) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
18:07:36.0328 3356 nSvcLog ( UnsignedFile.Multi.Generic ) - warning
18:07:36.0328 3356 nSvcLog - detected UnsignedFile.Multi.Generic (1)
18:07:36.0343 3356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:36.0406 3356 Ntfs - ok
18:07:36.0406 3356 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:36.0468 3356 NtLmSsp - ok
18:07:36.0484 3356 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
18:07:36.0546 3356 NtmsSvc - ok
18:07:36.0562 3356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:07:36.0609 3356 Null - ok
18:07:36.0843 3356 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:07:37.0250 3356 nv - ok
18:07:37.0328 3356 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
18:07:37.0375 3356 nvata - ok
18:07:37.0390 3356 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:07:37.0406 3356 NVENETFD - ok
18:07:37.0406 3356 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:07:37.0421 3356 nvnetbus - ok
18:07:37.0437 3356 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe
18:07:37.0437 3356 NVSvc - ok
18:07:37.0453 3356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:07:37.0515 3356 NwlnkFlt - ok
18:07:37.0531 3356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:07:37.0578 3356 NwlnkFwd - ok
18:07:37.0593 3356 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:07:37.0656 3356 ohci1394 - ok
18:07:37.0750 3356 OMSI download service (da345de3b450e9e1691e7b9956d8ffc3) E:\Sony\SupServ.exe
18:07:37.0765 3356 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
18:07:37.0765 3356 OMSI download service - detected UnsignedFile.Multi.Generic (1)
18:07:37.0781 3356 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
18:07:37.0843 3356 Parport - ok
18:07:37.0843 3356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:07:37.0906 3356 PartMgr - ok
18:07:37.0937 3356 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
18:07:38.0000 3356 ParVdm - ok
18:07:38.0015 3356 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
18:07:38.0078 3356 PCI - ok
18:07:38.0078 3356 PCIDump - ok
18:07:38.0109 3356 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:07:38.0171 3356 PCIIde - ok
18:07:38.0187 3356 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:07:38.0234 3356 Pcmcia - ok
18:07:38.0234 3356 PDCOMP - ok
18:07:38.0234 3356 PDFRAME - ok
18:07:38.0234 3356 PDRELI - ok
18:07:38.0250 3356 PDRFRAME - ok
18:07:38.0250 3356 perc2 - ok
18:07:38.0250 3356 perc2hib - ok
18:07:38.0265 3356 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
18:07:38.0281 3356 PlugPlay - ok
18:07:38.0312 3356 PnkBstrA (c183b7e8c4dd96af66d7ace48d2d9b05) C:\WINDOWS\system32\PnkBstrA.exe
18:07:38.0312 3356 PnkBstrA - ok
18:07:38.0312 3356 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:38.0375 3356 PolicyAgent - ok
18:07:38.0375 3356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:07:38.0437 3356 PptpMiniport - ok
18:07:38.0453 3356 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:38.0500 3356 ProtectedStorage - ok
18:07:38.0500 3356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:07:38.0562 3356 PSched - ok
18:07:38.0578 3356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:07:38.0640 3356 Ptilink - ok
18:07:38.0656 3356 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:07:38.0656 3356 PxHelp20 - ok
18:07:38.0671 3356 ql1080 - ok
18:07:38.0671 3356 Ql10wnt - ok
18:07:38.0671 3356 ql12160 - ok
18:07:38.0671 3356 ql1240 - ok
18:07:38.0671 3356 ql1280 - ok
18:07:38.0703 3356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:38.0750 3356 RasAcd - ok
18:07:38.0765 3356 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
18:07:38.0812 3356 RasAuto - ok
18:07:38.0812 3356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:07:38.0859 3356 Rasl2tp - ok
18:07:38.0890 3356 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
18:07:38.0937 3356 RasMan - ok
18:07:38.0953 3356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:39.0000 3356 RasPppoe - ok
18:07:39.0000 3356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:07:39.0062 3356 Raspti - ok
18:07:39.0093 3356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:39.0156 3356 Rdbss - ok
18:07:39.0156 3356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:07:39.0203 3356 RDPCDD - ok
18:07:39.0218 3356 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:07:39.0281 3356 rdpdr - ok
18:07:39.0312 3356 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:07:39.0328 3356 RDPWD - ok
18:07:39.0343 3356 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
18:07:39.0390 3356 RDSessMgr - ok
18:07:39.0406 3356 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:07:39.0453 3356 redbook - ok
18:07:39.0468 3356 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
18:07:39.0531 3356 RemoteAccess - ok
18:07:39.0562 3356 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
18:07:39.0609 3356 RemoteRegistry - ok
18:07:39.0625 3356 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
18:07:39.0671 3356 RpcLocator - ok
18:07:39.0718 3356 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
18:07:39.0734 3356 RpcSs - ok
18:07:39.0781 3356 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
18:07:39.0828 3356 RSVP - ok
18:07:39.0859 3356 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
18:07:39.0875 3356 s0017bus - ok
18:07:39.0875 3356 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
18:07:39.0875 3356 s0017mdfl - ok
18:07:39.0890 3356 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
18:07:39.0890 3356 s0017mdm - ok
18:07:39.0906 3356 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
18:07:39.0906 3356 s0017mgmt - ok
18:07:39.0921 3356 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
18:07:39.0937 3356 s0017nd5 - ok
18:07:39.0953 3356 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
18:07:39.0953 3356 s0017obex - ok
18:07:39.0968 3356 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
18:07:39.0984 3356 s0017unic - ok
18:07:40.0015 3356 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
18:07:40.0015 3356 s1018bus - ok
18:07:40.0031 3356 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
18:07:40.0031 3356 s1018mdfl - ok
18:07:40.0046 3356 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
18:07:40.0062 3356 s1018mdm - ok
18:07:40.0078 3356 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
18:07:40.0125 3356 s1018mgmt - ok
18:07:40.0140 3356 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
18:07:40.0140 3356 s1018nd5 - ok
18:07:40.0171 3356 s1018obex (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
18:07:40.0171 3356 s1018obex - ok
18:07:40.0187 3356 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
18:07:40.0187 3356 s1018unic - ok
18:07:40.0218 3356 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
18:07:40.0265 3356 SamSs - ok
18:07:40.0281 3356 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
18:07:40.0343 3356 SCardSvr - ok
18:07:40.0375 3356 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
18:07:40.0437 3356 Schedule - ok
18:07:40.0453 3356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:07:40.0500 3356 Secdrv - ok
18:07:40.0515 3356 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
18:07:40.0578 3356 seclogon - ok
18:07:40.0578 3356 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
18:07:40.0656 3356 SENS - ok
18:07:40.0656 3356 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:07:40.0718 3356 serenum - ok
18:07:40.0734 3356 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
18:07:40.0796 3356 Serial - ok
18:07:40.0812 3356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:07:40.0859 3356 Sfloppy - ok
18:07:40.0890 3356 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
18:07:40.0937 3356 SharedAccess - ok
18:07:40.0968 3356 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:07:40.0968 3356 ShellHWDetection - ok
18:07:40.0968 3356 Simbad - ok
18:07:41.0000 3356 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:07:41.0046 3356 SLIP - ok
18:07:41.0203 3356 SNPSTD3 (6008db6459e53e5d734dc4236eda1bfe) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
18:07:41.0453 3356 SNPSTD3 - ok
18:07:41.0500 3356 Sparrow - ok
18:07:41.0531 3356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:07:41.0593 3356 splitter - ok
18:07:41.0609 3356 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:07:41.0640 3356 Spooler - ok
18:07:41.0671 3356 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys
18:07:41.0671 3356 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
18:07:41.0671 3356 sptd ( LockedFile.Multi.Generic ) - warning
18:07:41.0671 3356 sptd - detected LockedFile.Multi.Generic (1)
18:07:41.0671 3356 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
18:07:41.0718 3356 sr - ok
18:07:41.0750 3356 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
18:07:41.0812 3356 srservice - ok
18:07:41.0843 3356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:41.0875 3356 Srv - ok
18:07:41.0906 3356 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
18:07:41.0953 3356 SSDPSRV - ok
18:07:41.0968 3356 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:07:41.0968 3356 ssmdrv - ok
18:07:42.0062 3356 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) E:\Spiele\alc120%\Alcohol 120\StarWind\StarWindServiceAE.exe
18:07:42.0062 3356 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
18:07:42.0062 3356 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
18:07:42.0093 3356 Steam Client Service - ok
18:07:42.0109 3356 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
18:07:42.0203 3356 stisvc - ok
18:07:42.0218 3356 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:07:42.0281 3356 streamip - ok
18:07:42.0312 3356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:07:42.0375 3356 swenum - ok
18:07:42.0390 3356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:07:42.0437 3356 swmidi - ok
18:07:42.0453 3356 SwPrv - ok
18:07:42.0453 3356 symc810 - ok
18:07:42.0453 3356 symc8xx - ok
18:07:42.0453 3356 sym_hi - ok
18:07:42.0453 3356 sym_u3 - ok
18:07:42.0468 3356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:07:42.0531 3356 sysaudio - ok
18:07:42.0546 3356 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
18:07:42.0593 3356 SysmonLog - ok
18:07:42.0609 3356 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
18:07:42.0671 3356 TapiSrv - ok
18:07:42.0687 3356 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
18:07:42.0703 3356 TBPanel - ok
18:07:42.0718 3356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:42.0734 3356 Tcpip - ok
18:07:42.0765 3356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:07:42.0812 3356 TDPIPE - ok
18:07:42.0812 3356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:07:42.0875 3356 TDTCP - ok
18:07:42.0890 3356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:07:42.0953 3356 TermDD - ok
18:07:42.0968 3356 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
18:07:43.0031 3356 TermService - ok
18:07:43.0062 3356 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
18:07:43.0062 3356 Themes - ok
18:07:43.0093 3356 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
18:07:43.0140 3356 TlntSvr - ok
18:07:43.0140 3356 TosIde - ok
18:07:43.0156 3356 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
18:07:43.0203 3356 TrkWks - ok
18:07:43.0218 3356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:07:43.0265 3356 Udfs - ok
18:07:43.0265 3356 ultra - ok
18:07:43.0281 3356 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
18:07:43.0312 3356 UMWdf - ok
18:07:43.0328 3356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:07:43.0421 3356 Update - ok
18:07:43.0437 3356 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
18:07:43.0500 3356 upnphost - ok
18:07:43.0515 3356 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
18:07:43.0562 3356 UPS - ok
18:07:43.0593 3356 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:07:43.0656 3356 usbaudio - ok
18:07:43.0656 3356 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:07:43.0734 3356 usbccgp - ok
18:07:43.0734 3356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:07:43.0781 3356 usbehci - ok
18:07:43.0781 3356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:07:43.0843 3356 usbhub - ok
18:07:43.0859 3356 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:07:43.0921 3356 usbohci - ok
18:07:43.0953 3356 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:07:44.0000 3356 usbprint - ok
18:07:44.0015 3356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:07:44.0062 3356 USBSTOR - ok
18:07:44.0078 3356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:07:44.0125 3356 VgaSave - ok
18:07:44.0125 3356 ViaIde - ok
18:07:44.0140 3356 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
18:07:44.0187 3356 VolSnap - ok
18:07:44.0203 3356 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
18:07:44.0265 3356 VSS - ok
18:07:44.0296 3356 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
18:07:44.0343 3356 W32Time - ok
18:07:44.0359 3356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:07:44.0406 3356 Wanarp - ok
18:07:44.0406 3356 WDICA - ok
18:07:44.0406 3356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:07:44.0468 3356 wdmaud - ok
18:07:44.0468 3356 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
18:07:44.0531 3356 WebClient - ok
18:07:44.0578 3356 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:07:44.0640 3356 winmgmt - ok
18:07:44.0671 3356 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
18:07:44.0703 3356 WmdmPmSN - ok
18:07:44.0750 3356 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
18:07:44.0781 3356 Wmi - ok
18:07:44.0796 3356 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:07:44.0859 3356 WmiApSrv - ok
18:07:44.0890 3356 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:07:44.0906 3356 WpdUsb - ok
18:07:44.0921 3356 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:07:44.0984 3356 WS2IFSL - ok
18:07:45.0000 3356 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
18:07:45.0046 3356 wscsvc - ok
18:07:45.0078 3356 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:07:45.0140 3356 WSTCODEC - ok
18:07:45.0156 3356 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
18:07:45.0218 3356 wuauserv - ok
18:07:45.0250 3356 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
18:07:45.0312 3356 WZCSVC - ok
18:07:45.0328 3356 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
18:07:45.0375 3356 xmlprov - ok
18:07:45.0390 3356 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
18:07:45.0640 3356 \Device\Harddisk0\DR0 - ok
18:07:45.0640 3356 Boot (0x1200) (b9752de22e1d9d07881d4462226dde0f) \Device\Harddisk0\DR0\Partition0
18:07:45.0640 3356 \Device\Harddisk0\DR0\Partition0 - ok
18:07:45.0640 3356 Boot (0x1200) (9d5128446daca063f3d79966bccb640d) \Device\Harddisk0\DR0\Partition1
18:07:45.0656 3356 \Device\Harddisk0\DR0\Partition1 - ok
18:07:45.0656 3356 ============================================================
18:07:45.0656 3356 Scan finished
18:07:45.0656 3356 ============================================================
18:07:45.0781 0508 Detected object count: 8
18:07:45.0781 0508 Actual detected object count: 8
18:08:05.0640 0508 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 ForceWare Intelligent Application Manager (IAM) ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 ForcewareWebInterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 nSvcIp ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 nSvcIp ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 nSvcLog ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 nSvcLog ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:08:05.0640 0508 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:05.0640 0508 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
So ich habe hoffentlich alles richtig gemacht. Er hat leider einiges gefunden. LG |
|
30.07.2012, 20:16
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Dann bitte jetzt CF ausführen: (combofix.exe neu runterladen!!) ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2012, 19:39
| #23 |
| | TR/Trash.Gen Trojan erneut von Avira gefunden Hallo! hier der Log vom CF Code:
ATTFilter ComboFix 12-07-31.06 - ZahalFighter 03.08.2012 20:34:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2046.1615 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\ZahalFighter\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-03 bis 2012-08-03 ))))))))))))))))))))))))))))))
.
.
2012-07-25 16:32 . 2012-07-25 16:32 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-07-25 16:32 . 2012-07-25 16:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-25 16:32 . 2012-07-25 16:32 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-25 16:32 . 2012-07-25 16:32 -------- d-----w- c:\programme\Java
2012-07-15 19:26 . 2012-07-15 19:26 -------- d-----w- c:\programme\ESET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-25 16:32 . 2011-04-13 17:03 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 11:46 . 2012-06-28 18:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 23:28 . 2012-06-29 23:28 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-08 21:25 . 2012-04-17 21:34 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:25 . 2012-04-17 21:34 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2012-07-18 20:56 . 2012-01-30 19:42 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-28_20.36.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-03 18:24 . 2012-08-03 18:24 16384 c:\windows\temp\Perflib_Perfdata_1c4.dat
- 2004-08-04 12:00 . 2008-04-14 02:22 90112 c:\windows\system32\wshext.dll
+ 2004-08-04 12:00 . 2008-05-09 10:54 90112 c:\windows\system32\wshext.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 12:00 . 2010-08-27 05:57 99840 c:\windows\system32\srvsvc.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 79872 c:\windows\system32\raschap.dll
+ 2004-08-04 12:00 . 2012-07-26 16:25 58596 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2012-03-25 12:25 58596 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-07-26 16:25 70580 c:\windows\system32\perfc007.dat
- 2004-08-04 12:00 . 2012-03-25 12:25 70580 c:\windows\system32\perfc007.dat
+ 2004-08-04 00:57 . 2009-11-27 17:11 17920 c:\windows\system32\msyuv.dll
+ 2009-11-13 21:57 . 2010-11-18 18:12 86016 c:\windows\system32\isign32.dll
- 2009-11-13 21:57 . 2008-04-14 02:22 86016 c:\windows\system32\isign32.dll
+ 2004-08-04 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2008-05-09 10:54 . 2008-05-09 10:54 90112 c:\windows\system32\dllcache\wshext.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2010-08-27 05:57 . 2010-08-27 05:57 99840 c:\windows\system32\dllcache\srvsvc.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2010-11-18 18:12 . 2010-11-18 18:12 86016 c:\windows\system32\dllcache\isign32.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2011-04-26 11:07 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
+ 2012-07-18 21:31 . 2012-07-25 16:35 12410 c:\windows\SoftwareDistribution\EventCache\{AF7AADEC-E2ED-4AB2-879A-D2C28A94EF15}.bin
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2012-07-25 16:35 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981322\update\spcustom.dll
+ 2012-07-25 16:35 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB981322\spmsg.dll
+ 2012-07-26 16:18 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB979687\update\spcustom.dll
+ 2012-07-26 16:18 . 2009-05-26 09:01 18808 c:\windows\$hf_mig$\KB979687\spmsg.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978338\update\spcustom.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB978338\spmsg.dll
+ 2012-07-18 16:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977816\update\spcustom.dll
+ 2012-07-18 16:30 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB977816\spmsg.dll
+ 2012-07-25 16:35 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll
+ 2012-07-25 16:35 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB975560\spmsg.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll
+ 2012-07-06 08:22 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2012-07-06 08:22 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:29 . 2009-10-12 13:29 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 18808 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:41 . 2009-10-21 05:41 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:41 . 2009-10-21 05:41 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2012-07-26 16:18 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2012-07-26 16:18 . 2007-11-30 12:39 18808 c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2008-05-09 10:50 . 2008-05-09 10:50 90112 c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2012-07-16 22:34 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
+ 2012-07-16 22:34 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2567680\spmsg.dll
+ 2012-07-25 16:34 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2508429\update\spcustom.dll
+ 2012-07-25 16:34 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2508429\spmsg.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-04-26 11:02 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
+ 2012-07-06 08:03 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2506212\update\spcustom.dll
+ 2012-07-06 08:03 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2506212\spmsg.dll
+ 2012-07-10 22:29 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2012-07-10 22:29 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2012-07-16 22:35 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2012-07-16 22:35 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2012-07-09 22:48 . 2010-07-05 13:14 26488 c:\windows\$hf_mig$\KB2476490\update\spcustom.dll
+ 2012-07-09 22:48 . 2010-07-05 13:14 18808 c:\windows\$hf_mig$\KB2476490\spmsg.dll
+ 2012-07-10 22:30 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2443105\update\spcustom.dll
+ 2012-07-10 22:30 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2443105\spmsg.dll
+ 2010-11-18 18:11 . 2010-11-18 18:11 86016 c:\windows\$hf_mig$\KB2443105\SP3QFE\isign32.dll
+ 2012-07-26 16:18 . 2010-02-22 14:22 26488 c:\windows\$hf_mig$\KB2345886\update\spcustom.dll
+ 2012-07-26 16:18 . 2010-02-22 14:22 18808 c:\windows\$hf_mig$\KB2345886\spmsg.dll
+ 2010-08-27 06:04 . 2010-08-27 06:04 99840 c:\windows\$hf_mig$\KB2345886\SP3QFE\srvsvc.dll
- 2008-05-05 06:25 . 2010-08-13 17:44 5632 c:\windows\system32\xpsp4res.dll
+ 2008-05-05 06:25 . 2011-02-17 12:54 5632 c:\windows\system32\xpsp4res.dll
+ 2012-07-25 21:23 . 2012-07-26 16:20 5944 c:\windows\SoftwareDistribution\EventCache\{EF0A3433-6D5E-4D29-909A-6CF0530D65FD}.bin
+ 2010-07-12 13:19 . 2010-07-12 13:19 5632 c:\windows\$hf_mig$\KB979687\SP3QFE\sprv0407.dll
+ 2011-02-17 12:54 . 2011-02-17 12:54 5632 c:\windows\$hf_mig$\KB2508429\SP3QFE\sprv0407.dll
+ 2010-08-27 01:43 . 2010-08-27 01:43 5632 c:\windows\$hf_mig$\KB2345886\SP3QFE\sprv0407.dll
- 2004-08-04 12:00 . 2008-04-14 02:23 155648 c:\windows\system32\wscript.exe
+ 2004-08-04 12:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
+ 2004-08-04 12:00 . 2011-06-20 17:44 293888 c:\windows\system32\winsrv.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 293888 c:\windows\system32\winsrv.dll
+ 2004-08-04 12:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 406016 c:\windows\system32\usp10.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 172032 c:\windows\system32\scrrun.dll
+ 2004-08-04 12:00 . 2008-05-09 10:54 172032 c:\windows\system32\scrrun.dll
+ 2004-08-04 12:00 . 2008-05-09 10:54 180224 c:\windows\system32\scrobj.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 180224 c:\windows\system32\scrobj.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 270848 c:\windows\system32\sbe.dll
+ 2004-08-04 12:00 . 2011-02-09 13:53 270848 c:\windows\system32\sbe.dll
+ 2004-08-04 12:00 . 2009-10-12 13:38 150528 c:\windows\system32\rastls.dll
- 2004-08-04 12:00 . 2012-03-25 12:25 392296 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2012-07-26 16:25 392296 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2012-03-25 12:25 405118 c:\windows\system32\perfh007.dat
+ 2004-08-04 12:00 . 2012-07-26 16:25 405118 c:\windows\system32\perfh007.dat
+ 2004-08-04 12:00 . 2010-12-20 17:32 551936 c:\windows\system32\oleaut32.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 551936 c:\windows\system32\oleaut32.dll
- 2004-08-04 12:00 . 2008-04-14 02:22 271360 c:\windows\system32\oakley.dll
+ 2004-08-04 12:00 . 2009-10-13 10:32 271360 c:\windows\system32\oakley.dll
- 2009-11-13 21:55 . 2008-04-14 02:22 677888 c:\windows\system32\mstsc.exe
+ 2009-11-13 21:55 . 2011-01-27 11:57 677888 c:\windows\system32\mstsc.exe
- 2004-08-04 12:00 . 2010-09-18 11:22 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-04 12:00 . 2011-02-08 13:33 974848 c:\windows\system32\mfc42u.dll
+ 2004-08-04 12:00 . 2011-02-08 13:33 978944 c:\windows\system32\mfc42.dll
- 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-04 12:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2012-07-25 16:32 . 2012-07-25 16:32 157488 c:\windows\system32\javaws.exe
+ 2012-07-25 16:32 . 2012-07-25 16:32 149296 c:\windows\system32\javaw.exe
+ 2012-07-25 16:32 . 2012-07-25 16:32 149296 c:\windows\system32\java.exe
- 2004-08-04 12:00 . 2008-04-14 02:22 186880 c:\windows\system32\encdec.dll
+ 2004-08-04 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
+ 2004-08-04 12:00 . 2010-02-11 12:02 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2004-08-04 12:00 . 2011-02-17 13:18 357888 c:\windows\system32\drivers\srv.sys
+ 2004-08-04 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2009-11-14 00:10 . 2010-07-16 12:01 220160 c:\windows\system32\dllcache\wordpad.exe
+ 2011-06-20 17:44 . 2011-06-20 17:44 293888 c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2009-11-14 00:11 . 2011-02-17 13:18 357888 c:\windows\system32\dllcache\srv.sys
+ 2008-05-09 10:54 . 2008-05-09 10:54 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:54 . 2008-05-09 10:54 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 150528 c:\windows\system32\dllcache\rastls.dll
+ 2010-12-20 17:32 . 2010-12-20 17:32 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2009-10-13 10:32 . 2009-10-13 10:32 271360 c:\windows\system32\dllcache\oakley.dll
- 2010-09-18 11:22 . 2010-09-18 11:22 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2010-09-18 11:22 . 2011-02-08 13:33 974848 c:\windows\system32\dllcache\mfc42u.dll
+ 2012-03-04 14:40 . 2011-02-08 13:33 978944 c:\windows\system32\dllcache\mfc42.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2010-02-12 04:33 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2004-08-04 12:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
+ 2004-08-04 12:00 . 2010-02-12 04:33 100864 c:\windows\system32\6to4svc.dll
+ 2012-07-25 16:32 . 2012-07-25 16:32 203776 c:\windows\Installer\707ba.msi
+ 2012-07-25 16:32 . 2012-07-25 16:32 900096 c:\windows\Installer\707aa.msi
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2012-07-25 16:35 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB981322\update\updspapi.dll
+ 2012-07-25 16:35 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB981322\update\update.exe
+ 2012-07-25 16:35 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB981322\spuninst.exe
+ 2010-04-16 15:29 . 2010-04-16 15:29 406016 c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB979687\update\updspapi.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB979687\update\update.exe
+ 2012-07-26 16:18 . 2009-05-26 09:01 234872 c:\windows\$hf_mig$\KB979687\spuninst.exe
+ 2010-07-16 12:00 . 2010-07-16 12:00 220160 c:\windows\$hf_mig$\KB979687\SP3QFE\wordpad.exe
+ 2012-07-26 16:18 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB978338\update\updspapi.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB978338\update\update.exe
+ 2012-07-26 16:18 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978338\spuninst.exe
+ 2010-02-11 11:36 . 2010-02-11 11:36 226880 c:\windows\$hf_mig$\KB978338\SP3QFE\tcpip6.sys
+ 2010-02-12 04:28 . 2010-02-12 04:28 100864 c:\windows\$hf_mig$\KB978338\SP3QFE\6to4svc.dll
+ 2012-07-18 16:30 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB977816\update\updspapi.dll
+ 2012-07-18 16:30 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB977816\update\update.exe
+ 2012-07-18 16:30 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977816\spuninst.exe
+ 2012-07-25 16:35 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB975560\update\updspapi.dll
+ 2012-07-25 16:35 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB975560\update\update.exe
+ 2012-07-25 16:35 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe
+ 2012-07-06 08:22 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2012-07-06 08:22 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2012-07-06 08:22 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 271360 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2012-07-26 16:18 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:29 . 2009-10-12 13:29 151040 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 388984 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2012-07-26 16:18 . 2009-05-26 11:40 765304 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2012-07-26 16:18 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2012-07-26 16:18 . 2007-11-30 12:39 388984 c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2012-07-26 16:18 . 2007-11-30 12:39 765304 c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2012-07-26 16:18 . 2007-11-30 12:39 234872 c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:50 . 2008-05-09 10:50 430080 c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-09 10:50 . 2008-05-09 10:50 172032 c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:50 . 2008-05-09 10:50 180224 c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:50 . 2008-05-09 10:50 512000 c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2012-07-16 22:34 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
+ 2012-07-16 22:34 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2567680\update\update.exe
+ 2012-07-16 22:34 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2567680\spuninst.exe
+ 2011-06-20 17:43 . 2011-06-20 17:43 293888 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
+ 2012-07-25 16:34 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2508429\update\updspapi.dll
+ 2012-07-25 16:34 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2508429\update\update.exe
+ 2012-07-25 16:34 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2508429\spuninst.exe
+ 2011-02-17 13:19 . 2011-02-17 13:19 357888 c:\windows\$hf_mig$\KB2508429\SP3QFE\srv.sys
+ 2012-07-26 16:18 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2012-07-26 16:18 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-26 11:02 . 2011-04-26 11:02 293888 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2012-07-06 08:03 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2506212\update\updspapi.dll
+ 2012-07-06 08:03 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2506212\update\update.exe
+ 2012-07-06 08:03 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2506212\spuninst.exe
+ 2011-02-08 13:32 . 2011-02-08 13:32 974848 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42u.dll
+ 2011-02-08 13:32 . 2011-02-08 13:32 978944 c:\windows\$hf_mig$\KB2506212\SP3QFE\mfc42.dll
+ 2012-07-10 22:29 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2012-07-10 22:29 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2012-07-10 22:29 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-02-02 07:57 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2012-07-16 22:35 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2012-07-16 22:35 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2012-07-16 22:35 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-02-09 13:52 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-02-09 13:52 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2012-07-26 16:18 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2012-07-26 16:18 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2012-07-09 22:48 . 2010-07-05 13:14 388984 c:\windows\$hf_mig$\KB2476490\update\updspapi.dll
+ 2012-07-09 22:48 . 2010-07-05 13:14 765304 c:\windows\$hf_mig$\KB2476490\update\update.exe
+ 2012-07-09 22:48 . 2010-07-05 13:14 234872 c:\windows\$hf_mig$\KB2476490\spuninst.exe
+ 2010-12-20 17:30 . 2010-12-20 17:30 552448 c:\windows\$hf_mig$\KB2476490\SP3QFE\oleaut32.dll
+ 2012-07-10 22:30 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2443105\update\updspapi.dll
+ 2012-07-10 22:30 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2443105\update\update.exe
+ 2012-07-10 22:30 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2443105\spuninst.exe
+ 2012-07-26 16:18 . 2010-02-22 14:22 388984 c:\windows\$hf_mig$\KB2345886\update\updspapi.dll
+ 2012-07-26 16:18 . 2010-02-22 14:22 765304 c:\windows\$hf_mig$\KB2345886\update\update.exe
+ 2012-07-26 16:18 . 2010-02-22 14:22 234872 c:\windows\$hf_mig$\KB2345886\spuninst.exe
+ 2010-08-26 13:37 . 2010-08-26 13:37 357248 c:\windows\$hf_mig$\KB2345886\SP3QFE\srv.sys
+ 2004-08-04 12:00 . 2010-07-16 12:05 1288192 c:\windows\system32\ole32.dll
+ 2009-11-13 21:55 . 2011-02-02 07:58 2067456 c:\windows\system32\mstscax.dll
+ 2010-07-16 12:05 . 2010-07-16 12:05 1288192 c:\windows\system32\dllcache\ole32.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2010-07-16 12:03 . 2010-07-16 12:03 1289216 c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
+ 2009-11-27 17:23 . 2009-11-27 17:23 1297408 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\ZahalFighter\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\ZahalFighter\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\ZahalFighter\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\dokumente und einstellungen\ZahalFighter\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"Gainward"="c:\windows\TBPanel.exe" [2008-01-29 2177576]
"nTrayFw"="c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-30 16:28 203928 ----a-w- e:\spiele\alc120%\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-05-08 21:25 348624 ----a-w- c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2008-07-21 12:07 2752512 ----a-w- c:\programme\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-01-03 14:26 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-18 13:12 843776 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17 434176 ----a-w- e:\sony\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-01-16 17:02 1242448 ----a-w- e:\spiele\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-03-30 16:44 262144 ----a-w- c:\windows\tsnpstd3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\ICQ_Data\\ICQ7M\\ICQ.exe"=
"e:\\Spiele\\World_of_Tanks\\WorldOfTanks.exe"=
"e:\\Spiele\\World_of_Tanks\\WOTLauncher.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.11.2011 01:50 722416]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17.04.2012 23:34 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [17.04.2012 23:34 86224]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\programme\HitmanPro\hmpsched.exe [30.06.2012 01:25 105832]
S2 OMSI download service;Sony Ericsson OMSI download service;e:\sony\SupServ.exe [03.05.2012 08:53 90112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28.06.2012 20:30 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [01.05.2012 17:22 113120]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [03.05.2012 08:53 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [03.05.2012 08:53 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [03.05.2012 08:53 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [03.05.2012 08:53 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [03.05.2012 08:53 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [03.05.2012 08:53 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [03.05.2012 08:53 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [03.05.2012 08:53 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [03.05.2012 08:53 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [03.05.2012 08:53 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [03.05.2012 08:53 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [03.05.2012 08:53 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [03.05.2012 08:53 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [03.05.2012 08:53 109864]
S4 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [28.06.2012 20:30 655944]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - e:\icq_data\ICQ7M\ICQ.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\ZahalFighter\Anwendungsdaten\Mozilla\Firefox\Profiles\769e3lxv.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-03 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-436374069-1757981266-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:23,1c,6c,89,e4,93,49,d8,3b,f3,0c,74,9a,f3,f5,bb,fb,d2,70,5c,e4,0d,0a,
9d,4d,cc,d1,ef,a0,8a,3e,6b,ef,f9,12,a2,85,51,ce,82,c3,76,0f,52,75,c6,70,cb,\
"??"=hex:2f,b6,6f,45,ee,e2,ec,0a,29,d5,69,d3,55,fd,2c,18
.
[HKEY_USERS\S-1-5-21-436374069-1757981266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:8c,dc,fb,b1,50,00,92,a9,42,10,4f,fe,c2,18,e1,47,63,ff,1a,90,e3,
71,ba,b2,40,fe,0f,ad,c0,39,ab,61,79,cc,e5,d0,05,89,2a,13,55,d0,68,f0,d9,86,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\dokumente und einstellungen\ZahalFighter\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-08-03 20:37:41
ComboFix-quarantined-files.txt 2012-08-03 18:37
.
Vor Suchlauf: 7 Verzeichnis(se), 187.295.649.792 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 187.286.822.912 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CE126E657099C80DA0BD0048F8F1684F
Lg und vielen Dank SF |
|
03.08.2012, 21:01
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.08.2012, 18:08
| #25 |
| | TR/Trash.Gen Trojan erneut von Avira gefunden Hi... ich hoffe ich hab alles richtig gemacht Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-04 18:14:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000006a SAMSUNG_HD322HJ rev.1AC01118
Running: gml8d4nr.exe; Driver: C:\DOKUME~1\ZAHALF~1\LOKALE~1\Temp\uwroiaoc.sys
---- System - GMER 1.0.15 ----
SSDT spqz.sys ZwCreateKey [0xB7EA70E0]
SSDT ADBCA01C ZwCreateThread
SSDT spqz.sys ZwEnumerateKey [0xB7EC5DA4]
SSDT spqz.sys ZwEnumerateValueKey [0xB7EC6132]
SSDT spqz.sys ZwOpenKey [0xB7EA70C0]
SSDT ADBCA008 ZwOpenProcess
SSDT ADBCA00D ZwOpenThread
SSDT spqz.sys ZwQueryKey [0xB7EC620A]
SSDT spqz.sys ZwQueryValueKey [0xB7EC608A]
SSDT spqz.sys ZwSetValueKey [0xB7EC629C]
INT 0x62 ? 8A6A1BF8
INT 0x63 ? 8A714BF8
INT 0x73 ? 8A714BF8
INT 0x94 ? 8A3F1BF8
INT 0xB4 ? 8A6A4BF8
---- Kernel code sections - GMER 1.0.15 ----
? spqz.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB57D83C0, 0x95B7EA, 0xE8000020]
.text USBPORT.SYS!DllUnload B57A48AC 5 Bytes JMP 8A3F11D8
.text au1duee0.SYS A94A0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text au1duee0.SYS A94A03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text au1duee0.SYS A94A03C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text au1duee0.SYS A94A03C9 1 Byte [2E]
.text au1duee0.SYS A94A03C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spqz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spqz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spqz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spqz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spqz.sys
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\au1duee0.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A69F1F8
Device \Driver\usbohci \Device\USBPDO-0 8A3F01F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7151F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7151F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7151F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7151F8
Device \Driver\usbehci \Device\USBPDO-1 8A3E31F8
Device \Driver\PCI_PNP8334 \Device\00000047 spqz.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6A21F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6A21F8
Device \Driver\Cdrom \Device\CdRom0 8A3D61F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A3D61F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 897DB1F8
Device \Driver\NetBT \Device\NetbiosSmb 897DB1F8
Device \Driver\nvata \Device\0000006a 8A7141F8
Device \Driver\usbohci \Device\USBFDO-0 8A3F01F8
Device \Driver\nvata \Device\NvAta0 8A7141F8
Device \Driver\usbehci \Device\USBFDO-1 8A3E31F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897D41F8
Device \Driver\nvata \Device\NvAta1 8A7141F8
Device \Driver\sptd \Device\2345323334 spqz.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 897D41F8
Device \Driver\Ftdisk \Device\FtControl 8A6A21F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1F06834F-A655-46CC-A878-8FD8DC1C9817} 897DB1F8
Device \Driver\au1duee0 \Device\Scsi\au1duee01Port5Path0Target0Lun0 8A2D3370
Device \Driver\au1duee0 \Device\Scsi\au1duee01 8A2D3370
Device \Driver\JRAID \Device\Scsi\JRAID1 8A6A01F8
Device \FileSystem\Cdfs \Cdfs 897D81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Spiele\alc120%\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x0E 0x5D 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0xE6 0x3D 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x34 0xAE 0xA5 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 E:\Spiele\alc120%\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5B 0x0E 0x5D 0x3D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xA8 0xE6 0x3D 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x34 0xAE 0xA5 0x55 ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:38:14 on 04.08.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a9ta00zb" (a9ta00zb) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a9ta00zb.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPANEL.SYS "catchme" (catchme) - ? - C:\DOKUME~1\ZAHALF~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPanel.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7M" - "ICQ, LLC." - E:\ICQ_Data\ICQ7M\ICQ.exe {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\ZahalFighter\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Gainward" - "Gainward Co." - C:\WINDOWS\TBPanel.exe /A "JMB36X Configure" - "JMicron Technology Corp." - C:\WINDOWS\system32\JMRaidSetup.exe boot "JMB36X IDE Setup" - ? - C:\WINDOWS\JM\JMInsIDE.exe (File found, but it contains no detailed information) "nTrayFw" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "ForceWare Intelligent Application Manager (IAM)" (ForceWare Intelligent Application Manager (IAM)) - ? - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe "ForceWare IP service" (nSvcIp) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe "ForceWare user log service" (nSvcLog) - "NVIDIA" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe "Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe "HitmanPro Scheduler" (HitmanProScheduler) - "SurfRight B.V." - C:\Programme\HitmanPro\hmpsched.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Sony Ericsson OMSI download service" (OMSI download service) - ? - E:\Sony\SupServ.exe (File found, but it contains no detailed information) "StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - E:\Spiele\alc120%\Alcohol 120\StarWind\StarWindServiceAE.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Service Pack Installer update service" (spupdsvc) - "Microsoft Corporation" - C:\WINDOWS\system32\spupdsvc.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "NVIDIA App Filter" - "NVIDIA" - C:\WINDOWS\system32\nvappfilter.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 18:40:02
-----------------------------
18:40:02.187 OS Version: Windows 5.1.2600 Service Pack 3
18:40:02.187 Number of processors: 2 586 0x1706
18:40:02.187 ComputerName: KNUSPERKNUT UserName:
18:40:02.406 Initialize success
18:40:53.515 AVAST engine defs: 12080400
18:54:22.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
18:54:22.968 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01118 Size: 305245MB BusType: 3
18:54:22.968 Device \Driver\nvata -> MajorFunction 8a7531f8
18:54:22.984 Disk 0 MBR read successfully
18:54:22.984 Disk 0 MBR scan
18:54:23.046 Disk 0 Windows XP default MBR code
18:54:23.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199996 MB offset 63
18:54:23.062 Disk 0 Partition - 00 0F Extended LBA 105246 MB offset 409593240
18:54:23.078 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 105246 MB offset 409593303
18:54:23.078 Disk 0 scanning sectors +625137345
18:54:23.140 Disk 0 scanning C:\WINDOWS\system32\drivers
18:54:32.640 Service scanning
18:54:39.218 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:54:41.125 Modules scanning
18:54:43.593 Disk 0 trace - called modules:
18:54:43.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7531f8]<<
18:54:43.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6a8ab8]
18:54:43.609 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a6a6ac0]
18:54:43.609 5 ACPI.sys[b7e65620] -> nt!IofCallDriver -> \Device\0000006a[0x8a603030]
18:54:43.609 \Driver\nvata[0x8a5d8a60] -> IRP_MJ_CREATE -> 0x8a7531f8
18:54:43.750 AVAST engine scan C:\WINDOWS
18:54:57.531 AVAST engine scan C:\WINDOWS\system32
18:56:57.390 AVAST engine scan C:\WINDOWS\system32\drivers
18:57:04.343 AVAST engine scan C:\Dokumente und Einstellungen\ZahalFighter
18:59:13.093 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:59:29.984 Scan finished successfully
19:05:10.015 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\ZahalFighter\Desktop\MBR.dat"
19:05:10.031 The log file has been saved successfully to "C:\Dokumente und Einstellungen\ZahalFighter\Desktop\aswMBR.txt"
Lg und vielen Dank |
|
04.08.2012, 19:12
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 15:20
| #27 |
| | TR/Trash.Gen Trojan erneut von Avira gefunden Hallo! Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.05.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ZahalFighter :: KNUSPERKNUT [Administrator] 05.08.2012 14:46:35 mbam-log-2012-08-05 (14-46-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 258274 Laufzeit: 33 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/05/2012 at 04:17 PM
Application Version : 5.5.1012
Core Rules Database Version : 9012
Trace Rules Database Version: 6824
Scan type : Complete Scan
Total Scan Time : 00:40:10
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 538
Memory threats detected : 0
Registry items scanned : 33023
Registry threats detected : 0
File items scanned : 66145
File threats detected : 30
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@ad4.adfarm1.adition[2].txt [ /ad4.adfarm1.adition ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@eyewonder[1].txt [ /eyewonder ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@tracking.mindshare[2].txt [ /tracking.mindshare ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@unitymedia[1].txt [ /unitymedia ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@zanox-affiliate[1].txt [ /zanox-affiliate ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@zbox.zanox[2].txt [ /zbox.zanox ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA0305S3.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA0DARKH.txt [ /dyntracker.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAJTT3DV.txt [ /adformdsp.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA6QQGNM.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA81Z9LY.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAMNE3QT.txt [ /openstat.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAPHR76K.txt [ /adform.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\zahalfighter@cgi-bin[2].txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA09UDZK.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA0P2R4H.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAO1E709.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAC5W0OX.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAO8ZJAI.txt [ /ads.creative-serving.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAK1EVOP.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAK7PRYM.txt [ /server.adformdsp.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAWPANKT.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA4L9DJ8.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CAUL4BSH.txt [ /tracking.mlsat02.de ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA6FH065.txt [ /server.adform.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA18J6VD.txt [ /track.adform.net ]
C:\Dokumente und Einstellungen\ZahalFighter\Cookies\CA6Z17PI.txt [ /ad1.adfarm1.adition.com ]
Trojan.Agent/Gen-Nullo[Short]
E:\SYSTEM VOLUME INFORMATION\_RESTORE{7829A386-96FD-4F22-907D-626FF8A9B70D}\RP200\A0066773.EXE
Lg SF |
|
05.08.2012, 16:39
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Sieht ok aus, da wurden nur Cookies gefunden - und ein Überrest in der Systemwiederherstellung, kann eigentlich alles weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 21:55
| #29 |
| | TR/Trash.Gen Trojan erneut von Avira gefunden Ich kann nichts Negatives feststellen. Ich kann mich nur tausendfach bedanken!!  Ich hoffe ich kann nun auf weiteres auf deine Hilfe verzichten Lg SF |
|
07.08.2012, 20:59
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Trash.Gen Trojan erneut von Avira gefunden Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Trash.Gen Trojan erneut von Avira gefunden |
| .com, .dll, avira, bho, desktop, download, einstellungen, file, helper, heuristiks/extra, heuristiks/shuriken, intranet, juli 2012, logfile, malwarebytes, microsoft, moved, nodrives, nt.dll, nvidia, object, opera, plug-in, realtek, rundll, services.exe, software, svchost.exe, system volume information, temp, trojan, usb, winlogon.exe |
Linear-Darstellung
