Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
Jo, 'cure' war's.
Code:
ATTFilter
13:32:18.0531 2064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:32:19.0046 2064 ============================================================
13:32:19.0046 2064 Current date / time: 2012/08/06 13:32:19.0046
13:32:19.0046 2064 SystemInfo:
13:32:19.0046 2064
13:32:19.0078 2064 OS Version: 5.1.2600 ServicePack: 3.0
13:32:19.0078 2064 Product type: Workstation
13:32:19.0078 2064 ComputerName: ANDREAS-IE3OGLJ
13:32:19.0078 2064 UserName: Andreas
13:32:19.0078 2064 Windows directory: C:\WINDOWS
13:32:19.0078 2064 System windows directory: C:\WINDOWS
13:32:19.0078 2064 Processor architecture: Intel x86
13:32:19.0078 2064 Number of processors: 1
13:32:19.0078 2064 Page size: 0x1000
13:32:19.0078 2064 Boot type: Normal boot
13:32:19.0078 2064 ============================================================
13:32:21.0328 2064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:32:21.0531 2064 Drive \Device\Harddisk1\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:21.0531 2064 ============================================================
13:32:21.0531 2064 \Device\Harddisk0\DR0:
13:32:21.0546 2064 MBR partitions:
13:32:21.0546 2064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
13:32:21.0546 2064 \Device\Harddisk1\DR2:
13:32:21.0546 2064 MBR partitions:
13:32:21.0546 2064 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
13:32:21.0546 2064 ============================================================
13:32:21.0640 2064 C: <-> \Device\Harddisk0\DR0\Partition0
13:32:21.0671 2064 E: <-> \Device\Harddisk1\DR2\Partition0
13:32:21.0718 2064 ============================================================
13:32:21.0718 2064 Initialize success
13:32:21.0718 2064 ============================================================
13:32:51.0453 1784 ============================================================
13:32:51.0453 1784 Scan started
13:32:51.0453 1784 Mode: Manual; SigCheck; TDLFS;
13:32:51.0453 1784 ============================================================
13:32:52.0015 1784 Abiosdsk - ok
13:32:52.0015 1784 abp480n5 - ok
13:32:52.0078 1784 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:32:54.0046 1784 ACPI - ok
13:32:54.0078 1784 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:32:54.0250 1784 ACPIEC - ok
13:32:54.0265 1784 adpu160m - ok
13:32:54.0328 1784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:32:54.0468 1784 aec - ok
13:32:54.0500 1784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:32:54.0546 1784 AFD - ok
13:32:54.0562 1784 Aha154x - ok
13:32:54.0578 1784 aic78u2 - ok
13:32:54.0593 1784 aic78xx - ok
13:32:54.0718 1784 ALCXWDM (8eaa98894a004a47964dcd84f57493c1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:32:55.0000 1784 ALCXWDM - ok
13:32:55.0078 1784 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:32:55.0281 1784 Alerter - ok
13:32:55.0328 1784 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:32:55.0468 1784 ALG - ok
13:32:55.0468 1784 AliIde - ok
13:32:55.0484 1784 amsint - ok
13:32:55.0546 1784 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:32:55.0593 1784 AntiVirSchedulerService - ok
13:32:55.0640 1784 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:32:55.0656 1784 AntiVirService - ok
13:32:55.0687 1784 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
13:32:55.0843 1784 AppMgmt - ok
13:32:55.0859 1784 asc - ok
13:32:55.0859 1784 asc3350p - ok
13:32:55.0875 1784 asc3550 - ok
13:32:55.0937 1784 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
13:32:55.0953 1784 ASPI ( UnsignedFile.Multi.Generic ) - warning
13:32:55.0953 1784 ASPI - detected UnsignedFile.Multi.Generic (1)
13:32:56.0031 1784 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:32:56.0109 1784 aspnet_state - ok
13:32:56.0140 1784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:32:56.0281 1784 AsyncMac - ok
13:32:56.0312 1784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:32:56.0453 1784 atapi - ok
13:32:56.0468 1784 Atdisk - ok
13:32:56.0484 1784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:32:56.0625 1784 Atmarpc - ok
13:32:56.0640 1784 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:32:56.0781 1784 AudioSrv - ok
13:32:56.0796 1784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:32:56.0968 1784 audstub - ok
13:32:56.0984 1784 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:32:57.0375 1784 avgntflt - ok
13:32:57.0421 1784 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:32:57.0437 1784 avipbb - ok
13:32:57.0468 1784 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:32:57.0468 1784 avkmgr - ok
13:32:57.0515 1784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:32:57.0671 1784 Beep - ok
13:32:57.0718 1784 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\System32\drivers\BIOS.sys
13:32:57.0734 1784 BIOS ( UnsignedFile.Multi.Generic ) - warning
13:32:57.0734 1784 BIOS - detected UnsignedFile.Multi.Generic (1)
13:32:57.0781 1784 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\System32\qmgr.dll
13:32:58.0000 1784 BITS - ok
13:32:58.0015 1784 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:32:58.0140 1784 Browser - ok
13:32:58.0171 1784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:32:58.0359 1784 cbidf2k - ok
13:32:58.0359 1784 cd20xrnt - ok
13:32:58.0390 1784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:32:58.0562 1784 Cdaudio - ok
13:32:58.0593 1784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:32:58.0718 1784 Cdfs - ok
13:32:58.0750 1784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:32:58.0875 1784 Cdrom - ok
13:32:58.0890 1784 Changer - ok
13:32:58.0906 1784 cisvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\System32\cisvc.exe
13:32:59.0031 1784 cisvc - ok
13:32:59.0062 1784 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:32:59.0203 1784 ClipSrv - ok
13:32:59.0234 1784 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:59.0390 1784 clr_optimization_v2.0.50727_32 - ok
13:32:59.0390 1784 CmdIde - ok
13:32:59.0406 1784 COMSysApp - ok
13:32:59.0421 1784 Cpqarray - ok
13:32:59.0453 1784 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:32:59.0578 1784 CryptSvc - ok
13:32:59.0578 1784 dac2w2k - ok
13:32:59.0609 1784 dac960nt - ok
13:32:59.0687 1784 dbustrcm - ok
13:32:59.0750 1784 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:32:59.0937 1784 DcomLaunch - ok
13:33:00.0015 1784 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:33:00.0203 1784 Dhcp - ok
13:33:00.0296 1784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:33:00.0421 1784 Disk - ok
13:33:00.0437 1784 dmadmin - ok
13:33:00.0531 1784 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:33:00.0718 1784 dmboot - ok
13:33:00.0750 1784 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:33:00.0890 1784 dmio - ok
13:33:00.0937 1784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:33:01.0109 1784 dmload - ok
13:33:01.0140 1784 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:33:01.0281 1784 dmserver - ok
13:33:01.0296 1784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:33:01.0437 1784 DMusic - ok
13:33:01.0484 1784 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:33:01.0562 1784 Dnscache - ok
13:33:01.0593 1784 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:33:01.0734 1784 Dot3svc - ok
13:33:01.0734 1784 dpti2o - ok
13:33:01.0781 1784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:33:01.0890 1784 drmkaud - ok
13:33:01.0921 1784 dtsoftbus01 (16c5891c6d1fa0b5d9014f85a482eb20) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:33:01.0953 1784 dtsoftbus01 - ok
13:33:01.0984 1784 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:33:02.0125 1784 EapHost - ok
13:33:02.0156 1784 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:33:02.0296 1784 ERSvc - ok
13:33:02.0343 1784 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:33:02.0390 1784 Eventlog - ok
13:33:02.0406 1784 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\System32\es.dll
13:33:02.0437 1784 EventSystem - ok
13:33:02.0468 1784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:33:02.0609 1784 Fastfat - ok
13:33:02.0640 1784 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:33:02.0703 1784 FastUserSwitchingCompatibility - ok
13:33:02.0718 1784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:33:02.0843 1784 Fdc - ok
13:33:02.0890 1784 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:33:03.0000 1784 Fips - ok
13:33:03.0015 1784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:33:03.0187 1784 Flpydisk - ok
13:33:03.0250 1784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:33:03.0406 1784 FltMgr - ok
13:33:03.0500 1784 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:33:03.0515 1784 FontCache3.0.0.0 - ok
13:33:03.0546 1784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:33:03.0718 1784 Fs_Rec - ok
13:33:03.0765 1784 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:33:03.0953 1784 Ftdisk - ok
13:33:03.0968 1784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:33:04.0125 1784 Gpc - ok
13:33:04.0250 1784 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:33:04.0265 1784 gupdate - ok
13:33:04.0296 1784 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
13:33:04.0312 1784 gupdatem - ok
13:33:04.0359 1784 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:33:04.0484 1784 helpsvc - ok
13:33:04.0484 1784 HidServ - ok
13:33:04.0500 1784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:33:04.0640 1784 HidUsb - ok
13:33:04.0703 1784 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:33:04.0875 1784 hkmsvc - ok
13:33:04.0875 1784 hpn - ok
13:33:04.0890 1784 hpt3xx - ok
13:33:04.0984 1784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:33:05.0062 1784 HTTP - ok
13:33:05.0125 1784 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:33:05.0281 1784 HTTPFilter - ok
13:33:05.0281 1784 i2omgmt - ok
13:33:05.0296 1784 i2omp - ok
13:33:05.0359 1784 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:33:05.0484 1784 i8042prt - ok
13:33:05.0562 1784 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:33:05.0625 1784 idsvc - ok
13:33:05.0656 1784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:33:05.0765 1784 Imapi - ok
13:33:05.0796 1784 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\System32\imapi.exe
13:33:05.0937 1784 ImapiService - ok
13:33:05.0937 1784 ini910u - ok
13:33:05.0968 1784 IntelIde - ok
13:33:06.0015 1784 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:33:06.0140 1784 ip6fw - ok
13:33:06.0171 1784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:33:06.0343 1784 IpFilterDriver - ok
13:33:06.0375 1784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:33:06.0500 1784 IpInIp - ok
13:33:06.0531 1784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:33:06.0671 1784 IpNat - ok
13:33:06.0687 1784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:33:06.0812 1784 IPSec - ok
13:33:06.0859 1784 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
13:33:06.0984 1784 irda - ok
13:33:07.0015 1784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:33:07.0156 1784 IRENUM - ok
13:33:07.0187 1784 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll
13:33:07.0296 1784 Irmon - ok
13:33:07.0343 1784 IrUSB (198f123f95f7fd86d8d5c8ca90e79d8a) C:\WINDOWS\system32\DRIVERS\IrUSB.sys
13:33:07.0359 1784 IrUSB ( UnsignedFile.Multi.Generic ) - warning
13:33:07.0359 1784 IrUSB - detected UnsignedFile.Multi.Generic (1)
13:33:07.0421 1784 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:33:07.0546 1784 isapnp - ok
13:33:07.0656 1784 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Programme\Java\jre6\bin\jqs.exe
13:33:07.0671 1784 JavaQuickStarterService - ok
13:33:07.0703 1784 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:33:07.0828 1784 Kbdclass - ok
13:33:07.0875 1784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:33:08.0000 1784 kmixer - ok
13:33:08.0015 1784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:33:08.0109 1784 KSecDD - ok
13:33:08.0156 1784 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:33:08.0203 1784 lanmanserver - ok
13:33:08.0265 1784 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:33:08.0312 1784 lanmanworkstation - ok
13:33:08.0312 1784 lbrtfdc - ok
13:33:08.0359 1784 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:33:08.0500 1784 LmHosts - ok
13:33:08.0515 1784 MBAMProtector - ok
13:33:08.0578 1784 MBAMService (43683e970f008c93c9429ef428147a54) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
13:33:08.0640 1784 MBAMService - ok
13:33:08.0687 1784 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:33:08.0796 1784 Messenger - ok
13:33:08.0828 1784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:33:09.0031 1784 mnmdd - ok
13:33:09.0078 1784 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\System32\mnmsrvc.exe
13:33:09.0187 1784 mnmsrvc - ok
13:33:09.0234 1784 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:33:09.0359 1784 Modem - ok
13:33:09.0390 1784 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:33:09.0531 1784 Mouclass - ok
13:33:09.0593 1784 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:33:09.0734 1784 mouhid - ok
13:33:09.0750 1784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:33:09.0890 1784 MountMgr - ok
13:33:09.0953 1784 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:33:10.0000 1784 MozillaMaintenance - ok
13:33:10.0000 1784 mraid35x - ok
13:33:10.0031 1784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:33:10.0171 1784 MRxDAV - ok
13:33:10.0218 1784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:33:10.0312 1784 MRxSmb - ok
13:33:10.0343 1784 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\System32\msdtc.exe
13:33:10.0484 1784 MSDTC - ok
13:33:10.0515 1784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:33:10.0640 1784 Msfs - ok
13:33:10.0750 1784 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
13:33:10.0875 1784 MSIRCOMM - ok
13:33:10.0890 1784 MSIServer - ok
13:33:10.0921 1784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:33:11.0062 1784 MSKSSRV - ok
13:33:11.0093 1784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:33:11.0234 1784 MSPCLOCK - ok
13:33:11.0265 1784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:33:11.0375 1784 MSPQM - ok
13:33:11.0406 1784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:33:11.0515 1784 mssmbios - ok
13:33:11.0546 1784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:33:11.0593 1784 Mup - ok
13:33:11.0625 1784 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
13:33:11.0640 1784 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
13:33:11.0640 1784 MxlW2k - detected UnsignedFile.Multi.Generic (1)
13:33:11.0687 1784 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:33:11.0828 1784 napagent - ok
13:33:11.0843 1784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:33:11.0968 1784 NDIS - ok
13:33:12.0015 1784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:33:12.0078 1784 NdisTapi - ok
13:33:12.0109 1784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:33:12.0234 1784 Ndisuio - ok
13:33:12.0281 1784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:33:12.0406 1784 NdisWan - ok
13:33:12.0437 1784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:33:12.0484 1784 NDProxy - ok
13:33:12.0500 1784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:33:12.0609 1784 NetBIOS - ok
13:33:12.0640 1784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:33:12.0765 1784 NetBT - ok
13:33:12.0812 1784 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:33:12.0953 1784 NetDDE - ok
13:33:12.0953 1784 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:33:13.0093 1784 NetDDEdsdm - ok
13:33:13.0109 1784 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:33:13.0250 1784 Netlogon - ok
13:33:13.0296 1784 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:33:13.0406 1784 Netman - ok
13:33:13.0500 1784 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:13.0515 1784 NetTcpPortSharing - ok
13:33:13.0546 1784 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:33:13.0578 1784 Nla - ok
13:33:13.0593 1784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:33:13.0718 1784 Npfs - ok
13:33:13.0750 1784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:33:13.0906 1784 Ntfs - ok
13:33:13.0921 1784 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:33:14.0046 1784 NtLmSsp - ok
13:33:14.0109 1784 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:33:14.0265 1784 NtmsSvc - ok
13:33:14.0312 1784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:33:14.0484 1784 Null - ok
13:33:14.0593 1784 nv (cd2acd06129c4107df4483b298a05290) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:33:14.0812 1784 nv - ok
13:33:14.0859 1784 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:33:14.0890 1784 nvata - ok
13:33:14.0921 1784 NVENETFD (b9333604527e02cd2223f200c0bae7e0) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:33:14.0937 1784 NVENETFD - ok
13:33:14.0953 1784 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:33:15.0000 1784 nvnetbus - ok
13:33:15.0015 1784 NVSvc (4a6124c70c9e46565d31ff799750dc64) C:\WINDOWS\System32\nvsvc32.exe
13:33:15.0031 1784 NVSvc - ok
13:33:15.0062 1784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:33:15.0250 1784 NwlnkFlt - ok
13:33:15.0265 1784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:33:15.0421 1784 NwlnkFwd - ok
13:33:15.0437 1784 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:33:15.0578 1784 Parport - ok
13:33:15.0578 1784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:33:15.0718 1784 PartMgr - ok
13:33:15.0734 1784 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:33:15.0890 1784 ParVdm - ok
13:33:15.0906 1784 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:33:16.0031 1784 PCI - ok
13:33:16.0046 1784 PCIDump - ok
13:33:16.0093 1784 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:33:16.0250 1784 PCIIde - ok
13:33:16.0281 1784 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:33:16.0390 1784 Pcmcia - ok
13:33:16.0390 1784 PDCOMP - ok
13:33:16.0406 1784 PDFRAME - ok
13:33:16.0421 1784 PDRELI - ok
13:33:16.0437 1784 PDRFRAME - ok
13:33:16.0437 1784 perc2 - ok
13:33:16.0453 1784 perc2hib - ok
13:33:16.0531 1784 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:33:16.0546 1784 PlugPlay - ok
13:33:16.0593 1784 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\System32\lsass.exe
13:33:16.0703 1784 PolicyAgent - ok
13:33:16.0718 1784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:33:16.0843 1784 PptpMiniport - ok
13:33:16.0859 1784 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:33:16.0984 1784 Processor - ok
13:33:16.0984 1784 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:33:17.0125 1784 ProtectedStorage - ok
13:33:17.0140 1784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:33:17.0265 1784 PSched - ok
13:33:17.0296 1784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:33:17.0437 1784 Ptilink - ok
13:33:17.0437 1784 ql1080 - ok
13:33:17.0453 1784 Ql10wnt - ok
13:33:17.0468 1784 ql12160 - ok
13:33:17.0484 1784 ql1240 - ok
13:33:17.0484 1784 ql1280 - ok
13:33:17.0546 1784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:33:17.0703 1784 RasAcd - ok
13:33:17.0718 1784 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:33:17.0859 1784 RasAuto - ok
13:33:17.0875 1784 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:33:17.0937 1784 Rasirda - ok
13:33:17.0953 1784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:33:18.0078 1784 Rasl2tp - ok
13:33:18.0109 1784 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:33:18.0250 1784 RasMan - ok
13:33:18.0250 1784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:33:18.0390 1784 RasPppoe - ok
13:33:18.0390 1784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:33:18.0578 1784 Raspti - ok
13:33:18.0609 1784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:33:18.0734 1784 Rdbss - ok
13:33:18.0750 1784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:33:18.0906 1784 RDPCDD - ok
13:33:19.0031 1784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:33:19.0203 1784 rdpdr - ok
13:33:19.0328 1784 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:33:19.0531 1784 RDPWD - ok
13:33:19.0687 1784 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:33:19.0859 1784 RDSessMgr - ok
13:33:19.0921 1784 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:33:20.0109 1784 redbook - ok
13:33:20.0187 1784 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:33:20.0375 1784 RemoteAccess - ok
13:33:20.0468 1784 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
13:33:20.0625 1784 RemoteRegistry - ok
13:33:20.0781 1784 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\System32\locator.exe
13:33:20.0937 1784 RpcLocator - ok
13:33:20.0984 1784 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:33:21.0062 1784 RpcSs - ok
13:33:21.0125 1784 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
13:33:21.0328 1784 RSVP - ok
13:33:21.0375 1784 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:33:21.0500 1784 SamSs - ok
13:33:21.0531 1784 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:33:21.0687 1784 SCardSvr - ok
13:33:21.0718 1784 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:33:21.0890 1784 Schedule - ok
13:33:22.0031 1784 SearchAnonymizer (f4bd8926afb3b2067f2bd210032ec3be) C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
13:33:22.0093 1784 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
13:33:22.0093 1784 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
13:33:22.0156 1784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:33:22.0281 1784 Secdrv - ok
13:33:22.0312 1784 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:33:22.0453 1784 seclogon - ok
13:33:22.0484 1784 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:33:22.0625 1784 SENS - ok
13:33:22.0640 1784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:33:22.0796 1784 serenum - ok
13:33:22.0812 1784 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:33:22.0953 1784 Serial - ok
13:33:23.0000 1784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:33:23.0156 1784 Sfloppy - ok
13:33:23.0203 1784 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
13:33:23.0390 1784 SharedAccess - ok
13:33:23.0421 1784 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:33:23.0468 1784 ShellHWDetection - ok
13:33:23.0468 1784 Simbad - ok
13:33:23.0500 1784 Sparrow - ok
13:33:23.0531 1784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:33:23.0656 1784 splitter - ok
13:33:23.0718 1784 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:33:23.0781 1784 Spooler - ok
13:33:23.0796 1784 sptd - ok
13:33:23.0812 1784 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:33:23.0937 1784 sr - ok
13:33:23.0968 1784 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\System32\srsvc.dll
13:33:24.0125 1784 srservice - ok
13:33:24.0203 1784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:33:24.0328 1784 Srv - ok
13:33:24.0359 1784 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:33:24.0500 1784 SSDPSRV - ok
13:33:24.0531 1784 SSHDRV61 (90dcc161d96689e770519c76accea8b1) C:\WINDOWS\System32\drivers\SSHDRV61.sys
13:33:24.0578 1784 SSHDRV61 ( UnsignedFile.Multi.Generic ) - warning
13:33:24.0578 1784 SSHDRV61 - detected UnsignedFile.Multi.Generic (1)
13:33:24.0625 1784 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:33:24.0640 1784 ssmdrv - ok
13:33:24.0640 1784 StarOpen - ok
13:33:24.0687 1784 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:33:24.0890 1784 stisvc - ok
13:33:24.0937 1784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:33:25.0093 1784 swenum - ok
13:33:25.0125 1784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:33:25.0265 1784 swmidi - ok
13:33:25.0296 1784 SwPrv - ok
13:33:25.0312 1784 symc810 - ok
13:33:25.0328 1784 symc8xx - ok
13:33:25.0343 1784 sym_hi - ok
13:33:25.0359 1784 sym_u3 - ok
13:33:25.0375 1784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:33:25.0546 1784 sysaudio - ok
13:33:25.0625 1784 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:33:25.0781 1784 SysmonLog - ok
13:33:25.0937 1784 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:33:26.0140 1784 TapiSrv - ok
13:33:26.0359 1784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:33:26.0500 1784 Tcpip - ok
13:33:26.0578 1784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:33:26.0718 1784 TDPIPE - ok
13:33:26.0765 1784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:33:26.0921 1784 TDTCP - ok
13:33:27.0000 1784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:33:27.0140 1784 TermDD - ok
13:33:27.0281 1784 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:33:27.0468 1784 TermService - ok
13:33:27.0578 1784 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:33:27.0609 1784 Themes - ok
13:33:27.0671 1784 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\System32\tlntsvr.exe
13:33:27.0828 1784 TlntSvr - ok
13:33:27.0843 1784 TosIde - ok
13:33:27.0921 1784 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:33:28.0125 1784 TrkWks - ok
13:33:28.0203 1784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:33:28.0375 1784 Udfs - ok
13:33:28.0375 1784 ultra - ok
13:33:28.0484 1784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:33:28.0718 1784 Update - ok
13:33:28.0828 1784 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:33:29.0000 1784 upnphost - ok
13:33:29.0046 1784 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:33:29.0203 1784 UPS - ok
13:33:29.0265 1784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:33:29.0437 1784 usbccgp - ok
13:33:29.0468 1784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:33:29.0640 1784 usbhub - ok
13:33:29.0687 1784 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:33:29.0843 1784 usbohci - ok
13:33:29.0906 1784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:33:30.0093 1784 usbprint - ok
13:33:30.0171 1784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:33:30.0343 1784 usbscan - ok
13:33:30.0390 1784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:33:30.0562 1784 USBSTOR - ok
13:33:30.0593 1784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:33:30.0781 1784 VgaSave - ok
13:33:30.0781 1784 ViaIde - ok
13:33:30.0828 1784 VolSnap (4dc8a879a7f7c136e5fa10c6295d6d31) C:\WINDOWS\system32\drivers\VolSnap.sys
13:33:30.0828 1784 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 4dc8a879a7f7c136e5fa10c6295d6d31, Fake md5: a5a712f4e880874a477af790b5186e1d
13:33:30.0843 1784 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
13:33:30.0843 1784 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
13:33:30.0921 1784 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:33:31.0437 1784 VSS - ok
13:33:31.0500 1784 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\System32\w32time.dll
13:33:31.0750 1784 W32Time - ok
13:33:31.0843 1784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:33:32.0046 1784 Wanarp - ok
13:33:32.0046 1784 WDICA - ok
13:33:32.0109 1784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:33:32.0265 1784 wdmaud - ok
13:33:32.0328 1784 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:33:32.0484 1784 WebClient - ok
13:33:32.0703 1784 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:33:32.0890 1784 winmgmt - ok
13:33:33.0031 1784 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\MsPMSNSv.dll
13:33:33.0218 1784 WmdmPmSN - ok
13:33:33.0453 1784 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
13:33:33.0828 1784 Wmi - ok
13:33:33.0937 1784 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:33:34.0187 1784 WmiApSrv - ok
13:33:34.0312 1784 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
13:33:34.0687 1784 wscsvc - ok
13:33:34.0750 1784 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:33:34.0953 1784 wuauserv - ok
13:33:35.0078 1784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:33:35.0453 1784 WudfPf - ok
13:33:35.0484 1784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:33:35.0671 1784 WudfRd - ok
13:33:35.0718 1784 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:33:35.0859 1784 WudfSvc - ok
13:33:36.0203 1784 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:33:36.0718 1784 WZCSVC - ok
13:33:36.0734 1784 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:33:36.0953 1784 xmlprov - ok
13:33:36.0968 1784 MBR (0x1B8) (e24810ee950b6f5f27cb02111df934e3) \Device\Harddisk0\DR0
13:33:36.0984 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
13:33:36.0984 1784 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
13:33:37.0281 1784 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:33:38.0343 1784 \Device\Harddisk1\DR2 - ok
13:33:38.0375 1784 Boot (0x1200) (3c104e373481fcbd06de79f1d8059706) \Device\Harddisk0\DR0\Partition0
13:33:38.0390 1784 \Device\Harddisk0\DR0\Partition0 - ok
13:33:38.0406 1784 Boot (0x1200) (b8edbc127af70cf160cb0b62c107b092) \Device\Harddisk1\DR2\Partition0
13:33:38.0421 1784 \Device\Harddisk1\DR2\Partition0 - ok
13:33:38.0421 1784 ============================================================
13:33:38.0421 1784 Scan finished
13:33:38.0421 1784 ============================================================
13:33:38.0625 0992 Detected object count: 8
13:33:38.0625 0992 Actual detected object count: 8
13:35:39.0921 0992 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0921 0992 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0921 0992 BIOS ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0921 0992 BIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0937 0992 IrUSB ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0937 0992 IrUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0937 0992 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0937 0992 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0937 0992 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0937 0992 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:39.0937 0992 SSHDRV61 ( UnsignedFile.Multi.Generic ) - skipped by user
13:35:39.0937 0992 SSHDRV61 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:35:40.0187 0992 C:\WINDOWS\system32\drivers\VolSnap.sys - copied to quarantine
13:35:40.0890 0992 Backup copy found, using it..
13:35:40.0984 0992 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured on reboot
13:35:40.0984 0992 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
13:35:41.0390 0992 \Device\Harddisk0\DR0\# - copied to quarantine
13:35:41.0390 0992 \Device\Harddisk0\DR0 - copied to quarantine
13:35:41.0390 0992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
13:35:41.0390 0992 \Device\Harddisk0\DR0 - ok
13:35:41.0390 0992 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
13:35:55.0078 2088 Deinitialize success
Öhm ... ich hab wohl so'n Mail-Bot am Start ... ich hab grad meine Mails gecheckt und seh in meinem Posteingang eine Mail.
Absender: meine eigene Adresse
Betreff "RE: FW: whats up..."
Empfänger: ALLE eMailadressen, mit denen ich derletzt verkehrt hab + aus'm Adressenbuch
Inhalt: "I guess your job search is going well. ..." und so'n webcams.holidayvalley.com-Link, den ich nich anklicken werd.
Kranke Sache, soll ich nen extra-Thread aufmachen?
Themen zu Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen
Zum Thema Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen - Jo, 'cure' war's.
Code:
Alles auswählen Aufklappen ATTFilter
13:32:18.0531 2064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:32:19.0046 2064 ============================================================
13:32:19.0046 2064 Current date / time: 2012/08/06 13:32:19.0046
- Avira findet "BOO/Whistler.A" in Masterbootsektor HD0 Bootsektor 'C:\', lässt sich nicht entfernen...
06.08.2012, 12:44
Hybrid-Darstellung
