| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Banker? wpbt0.dll im AutostartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2012, 09:21
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Banker? wpbt0.dll im Autostart Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Eazel-DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q="
FF - prefs.js..browser.startup.homepage: "http://ecosia.org/"
FF - prefs.js..network.proxy.http: "192.168.2.1"
[2008.12.16 13:22:12 | 000,000,878 | ---- | M] () -- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\sxwon4km.default\searchplugins\conduit.xml
[2012.03.12 03:08:52 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
O2 - BHO: (no name) - {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2927945317-715114077-1847080715-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2927945317-715114077-1847080715-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2927945317-715114077-1847080715-1006\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2927945317-715114077-1847080715-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.16 01:40:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3aee2448-6fe1-11e0-acad-002243428053}\Shell - "" = AutoRun
O33 - MountPoints2\{3aee2448-6fe1-11e0-acad-002243428053}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3aee2448-6fe1-11e0-acad-002243428053}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3aee244b-6fe1-11e0-acad-002243428053}\Shell - "" = AutoRun
O33 - MountPoints2\{3aee244b-6fe1-11e0-acad-002243428053}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3aee244b-6fe1-11e0-acad-002243428053}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2012.03.19 02:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gastkonto\Anwendungsdaten\CheckPoint
:Files
C:\Dokumente und Einstellungen\Matthias\Anwendungsdaten\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.07.2012, 12:34
| #17 |
 | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne,
__________________habe das Skript laufen lassen. Nach dem Neustart ist die folgende OTL-Logdatei geöffnet worden und das bereits gepostete "Pop Up" mit dem "HP CUE Status hat ein Problem festgestellt und muss beendet werden" Prblemsignatur: AppName: hpqste08.exe AppVer: 70.0.170.0 ModName: unknown ModVer: 0.0.0.0 Offset: 00cddfb0 Hier das OTL-Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Eazel-DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2096149&SearchSource=3&q=" removed from browser.search.defaulturl
Prefs.js: "hxxp://ecosia.org/" removed from browser.startup.homepage
Prefs.js: "192.168.2.1" removed from network.proxy.http
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\sxwon4km.default\searchplugins\conduit.xml moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content\images folder moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content folder moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome folder moved successfully.
C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2927945317-715114077-1847080715-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2927945317-715114077-1847080715-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2927945317-715114077-1847080715-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2927945317-715114077-1847080715-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aee2448-6fe1-11e0-acad-002243428053}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aee2448-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aee2448-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aee2448-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aee2448-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aee2448-6fe1-11e0-acad-002243428053}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aee244b-6fe1-11e0-acad-002243428053}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aee244b-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aee244b-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aee244b-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aee244b-6fe1-11e0-acad-002243428053}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aee244b-6fe1-11e0-acad-002243428053}\ not found.
File E:\AutoRun.exe not found.
C:\Dokumente und Einstellungen\Gastkonto\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Dokumente und Einstellungen\Gastkonto\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Dokumente und Einstellungen\Gastkonto\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Dokumente und Einstellungen\Gastkonto\Anwendungsdaten\CheckPoint folder moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\5535ab32-7fa7918e-n folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-1ce3f4ee-n folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Gast
->Temp folder emptied: 621373 bytes
->Temporary Internet Files folder emptied: 256630 bytes
->FireFox cache emptied: 19086400 bytes
->Flash cache emptied: 405 bytes
User: Gastkonto
->Temp folder emptied: 8059600 bytes
->Temporary Internet Files folder emptied: 1169102 bytes
->Java cache emptied: 2258 bytes
->FireFox cache emptied: 43766439 bytes
->Flash cache emptied: 499 bytes
User: LocalService
->Temp folder emptied: 2199528 bytes
->Temporary Internet Files folder emptied: 33129 bytes
User: *****
->Temp folder emptied: 970252998 bytes
->Temporary Internet Files folder emptied: 1049715252 bytes
->FireFox cache emptied: 60048051 bytes
->Google Chrome cache emptied: 19820985 bytes
->Flash cache emptied: 10026223 bytes
User: NetworkService
->Temp folder emptied: 2130296 bytes
->Temporary Internet Files folder emptied: 1098723 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109790545 bytes
RecycleBin emptied: 130955 bytes
Total Files Cleaned = 2.192,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: Gast
->Flash cache emptied: 0 bytes
User: Gastkonto
->Flash cache emptied: 0 bytes
User: LocalService
User: *****
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_131108
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
HangLooser |
|
25.07.2012, 13:22
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im Autostart Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
25.07.2012, 19:15
| #19 |
| | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne, ok, hier also das Logfile des TDSS Scan: Code:
ATTFilter 20:02:17.0218 2096 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:02:17.0546 2096 ============================================================
20:02:17.0546 2096 Current date / time: 2012/07/25 20:02:17.0546
20:02:17.0546 2096 SystemInfo:
20:02:17.0546 2096
20:02:17.0546 2096 OS Version: 5.1.2600 ServicePack: 3.0
20:02:17.0546 2096 Product type: Workstation
20:02:17.0546 2096 ComputerName: ****
20:02:17.0546 2096 UserName: *****
20:02:17.0546 2096 Windows directory: C:\WINDOWS
20:02:17.0546 2096 System windows directory: C:\WINDOWS
20:02:17.0546 2096 Processor architecture: Intel x86
20:02:17.0546 2096 Number of processors: 2
20:02:17.0546 2096 Page size: 0x1000
20:02:17.0546 2096 Boot type: Normal boot
20:02:17.0546 2096 ============================================================
20:02:19.0250 2096 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:02:19.0250 2096 ============================================================
20:02:19.0250 2096 \Device\Harddisk0\DR0:
20:02:19.0250 2096 MBR partitions:
20:02:19.0250 2096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00684E
20:02:19.0250 2096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA00688D, BlocksNum 0x89FE86F
20:02:19.0250 2096 ============================================================
20:02:19.0375 2096 C: <-> \Device\Harddisk0\DR0\Partition0
20:02:19.0437 2096 D: <-> \Device\Harddisk0\DR0\Partition1
20:02:19.0437 2096 ============================================================
20:02:19.0437 2096 Initialize success
20:02:19.0437 2096 ============================================================
20:03:40.0546 3504 ============================================================
20:03:40.0546 3504 Scan started
20:03:40.0546 3504 Mode: Manual; SigCheck; TDLFS;
20:03:40.0546 3504 ============================================================
20:03:41.0187 3504 Abiosdsk - ok
20:03:41.0203 3504 abp480n5 - ok
20:03:41.0265 3504 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:03:41.0781 3504 ACPI - ok
20:03:41.0843 3504 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:03:42.0062 3504 ACPIEC - ok
20:03:42.0062 3504 adpu160m - ok
20:03:42.0140 3504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:03:42.0359 3504 aec - ok
20:03:42.0390 3504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:03:42.0484 3504 AFD - ok
20:03:42.0484 3504 Aha154x - ok
20:03:42.0500 3504 aic78u2 - ok
20:03:42.0515 3504 aic78xx - ok
20:03:42.0546 3504 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:03:42.0781 3504 Alerter - ok
20:03:42.0828 3504 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:03:42.0937 3504 ALG - ok
20:03:42.0937 3504 AliIde - ok
20:03:42.0953 3504 amsint - ok
20:03:42.0953 3504 AppMgmt - ok
20:03:43.0031 3504 ASAPIW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
20:03:43.0031 3504 ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning
20:03:43.0031 3504 ASAPIW2k - detected UnsignedFile.Multi.Generic (1)
20:03:43.0046 3504 asc - ok
20:03:43.0062 3504 asc3350p - ok
20:03:43.0062 3504 asc3550 - ok
20:03:43.0171 3504 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:03:43.0218 3504 aspnet_state - ok
20:03:43.0250 3504 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
20:03:43.0312 3504 AsusACPI - ok
20:03:43.0343 3504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:03:43.0531 3504 AsyncMac - ok
20:03:43.0593 3504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:03:43.0796 3504 atapi - ok
20:03:43.0812 3504 Atdisk - ok
20:03:43.0875 3504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:03:44.0078 3504 Atmarpc - ok
20:03:44.0156 3504 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:03:44.0359 3504 AudioSrv - ok
20:03:44.0390 3504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:03:44.0578 3504 audstub - ok
20:03:44.0750 3504 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
20:03:44.0812 3504 AVG Security Toolbar Service - ok
20:03:45.0156 3504 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Programme\AVG\AVG2012\avgidsagent.exe
20:03:45.0562 3504 AVGIDSAgent - ok
20:03:45.0718 3504 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:03:45.0796 3504 AVGIDSDriver - ok
20:03:45.0812 3504 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
20:03:45.0843 3504 AVGIDSFilter - ok
20:03:45.0859 3504 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:03:45.0875 3504 AVGIDSHX - ok
20:03:45.0906 3504 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:03:45.0921 3504 AVGIDSShim - ok
20:03:45.0953 3504 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:03:46.0000 3504 Avgldx86 - ok
20:03:46.0015 3504 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:03:46.0031 3504 Avgmfx86 - ok
20:03:46.0046 3504 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:03:46.0078 3504 Avgrkx86 - ok
20:03:46.0109 3504 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:03:46.0156 3504 Avgtdix - ok
20:03:46.0296 3504 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Programme\AVG\AVG2012\avgwdsvc.exe
20:03:46.0343 3504 avgwd - ok
20:03:46.0390 3504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:03:46.0609 3504 Beep - ok
20:03:46.0703 3504 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:03:46.0984 3504 BITS - ok
20:03:47.0062 3504 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:03:47.0281 3504 Browser - ok
20:03:47.0390 3504 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
20:03:47.0468 3504 btaudio - ok
20:03:47.0515 3504 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
20:03:47.0531 3504 BTDriver - ok
20:03:47.0625 3504 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:03:47.0718 3504 BTKRNL - ok
20:03:47.0796 3504 btwdins (f20629ff9ed48efa98fdc5d99919e8c0) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:03:47.0843 3504 btwdins - ok
20:03:47.0890 3504 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:03:47.0921 3504 BTWDNDIS - ok
20:03:47.0937 3504 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:03:47.0968 3504 btwhid - ok
20:03:47.0984 3504 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
20:03:48.0000 3504 BTWUSB - ok
20:03:48.0031 3504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:03:48.0250 3504 cbidf2k - ok
20:03:48.0328 3504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:03:48.0531 3504 CCDECODE - ok
20:03:48.0531 3504 cd20xrnt - ok
20:03:48.0609 3504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:03:48.0828 3504 Cdaudio - ok
20:03:48.0890 3504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:03:49.0109 3504 Cdfs - ok
20:03:49.0171 3504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:03:49.0390 3504 Cdrom - ok
20:03:49.0406 3504 Changer - ok
20:03:49.0468 3504 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
20:03:49.0687 3504 CiSvc - ok
20:03:49.0750 3504 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:03:49.0968 3504 ClipSrv - ok
20:03:50.0046 3504 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:03:50.0093 3504 clr_optimization_v2.0.50727_32 - ok
20:03:50.0140 3504 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:03:50.0359 3504 CmBatt - ok
20:03:50.0359 3504 CmdIde - ok
20:03:50.0390 3504 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:03:50.0671 3504 Compbatt - ok
20:03:50.0687 3504 COMSysApp - ok
20:03:50.0703 3504 Cpqarray - ok
20:03:50.0750 3504 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:03:50.0968 3504 CryptSvc - ok
20:03:50.0984 3504 dac2w2k - ok
20:03:50.0984 3504 dac960nt - ok
20:03:51.0062 3504 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:03:51.0171 3504 DcomLaunch - ok
20:03:51.0234 3504 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:03:51.0453 3504 Dhcp - ok
20:03:51.0531 3504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:03:51.0750 3504 Disk - ok
20:03:51.0750 3504 dmadmin - ok
20:03:51.0859 3504 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:03:52.0109 3504 dmboot - ok
20:03:52.0187 3504 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:03:52.0390 3504 dmio - ok
20:03:52.0453 3504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:03:52.0656 3504 dmload - ok
20:03:52.0718 3504 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:03:52.0921 3504 dmserver - ok
20:03:53.0015 3504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:03:53.0234 3504 DMusic - ok
20:03:53.0312 3504 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:03:53.0421 3504 Dnscache - ok
20:03:53.0453 3504 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:03:53.0671 3504 Dot3svc - ok
20:03:53.0671 3504 dpti2o - ok
20:03:53.0750 3504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:03:53.0953 3504 drmkaud - ok
20:03:54.0000 3504 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:03:54.0234 3504 EapHost - ok
20:03:54.0281 3504 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:03:54.0500 3504 ERSvc - ok
20:03:54.0562 3504 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:03:54.0609 3504 Eventlog - ok
20:03:54.0656 3504 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
20:03:54.0734 3504 EventSystem - ok
20:03:54.0781 3504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:03:55.0000 3504 Fastfat - ok
20:03:55.0046 3504 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:03:55.0140 3504 FastUserSwitchingCompatibility - ok
20:03:55.0171 3504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:03:55.0375 3504 Fdc - ok
20:03:55.0406 3504 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:03:55.0640 3504 Fips - ok
20:03:55.0734 3504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:03:55.0984 3504 Flpydisk - ok
20:03:56.0015 3504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:03:56.0234 3504 FltMgr - ok
20:03:56.0375 3504 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:03:56.0406 3504 FontCache3.0.0.0 - ok
20:03:56.0453 3504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:03:56.0671 3504 Fs_Rec - ok
20:03:56.0734 3504 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:03:56.0937 3504 Ftdisk - ok
20:03:57.0062 3504 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Programme\NOS\bin\getPlus_Helper.dll
20:03:57.0078 3504 getPlusHelper - ok
20:03:57.0125 3504 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:03:57.0140 3504 ggflt - ok
20:03:57.0187 3504 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:03:57.0203 3504 ggsemc - ok
20:03:57.0250 3504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:03:57.0468 3504 Gpc - ok
20:03:57.0578 3504 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
20:03:57.0625 3504 gupdate - ok
20:03:57.0625 3504 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
20:03:57.0656 3504 gupdatem - ok
20:03:57.0703 3504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:03:57.0906 3504 HDAudBus - ok
20:03:58.0000 3504 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:03:58.0234 3504 helpsvc - ok
20:03:58.0296 3504 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
20:03:58.0500 3504 HidServ - ok
20:03:58.0562 3504 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:03:58.0765 3504 HidUsb - ok
20:03:58.0828 3504 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:03:59.0031 3504 hkmsvc - ok
20:03:59.0031 3504 hpn - ok
20:03:59.0109 3504 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:03:59.0250 3504 HPZid412 - ok
20:03:59.0281 3504 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:03:59.0375 3504 HPZipr12 - ok
20:03:59.0390 3504 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:03:59.0453 3504 HPZius12 - ok
20:03:59.0500 3504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:03:59.0562 3504 HTTP - ok
20:03:59.0593 3504 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:03:59.0843 3504 HTTPFilter - ok
20:03:59.0906 3504 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:04:00.0000 3504 hwdatacard - ok
20:04:00.0015 3504 i2omgmt - ok
20:04:00.0031 3504 i2omp - ok
20:04:00.0078 3504 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:04:00.0296 3504 i8042prt - ok
20:04:00.0703 3504 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:04:01.0390 3504 ialm - ok
20:04:01.0578 3504 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:04:01.0671 3504 idsvc - ok
20:04:01.0796 3504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:04:02.0015 3504 Imapi - ok
20:04:02.0093 3504 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
20:04:02.0312 3504 ImapiService - ok
20:04:02.0312 3504 ini910u - ok
20:04:02.0625 3504 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:04:03.0031 3504 IntcAzAudAddService - ok
20:04:03.0125 3504 IntelIde - ok
20:04:03.0156 3504 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:04:03.0375 3504 intelppm - ok
20:04:03.0406 3504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:04:03.0640 3504 Ip6Fw - ok
20:04:03.0687 3504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:04:03.0906 3504 IpFilterDriver - ok
20:04:03.0906 3504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:04:04.0109 3504 IpInIp - ok
20:04:04.0171 3504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:04:04.0390 3504 IpNat - ok
20:04:04.0437 3504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:04:04.0656 3504 IPSec - ok
20:04:04.0718 3504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:04:04.0812 3504 IRENUM - ok
20:04:04.0875 3504 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:04:05.0078 3504 isapnp - ok
20:04:05.0203 3504 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
20:04:05.0234 3504 IviRegMgr - ok
20:04:05.0359 3504 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
20:04:05.0390 3504 JavaQuickStarterService - ok
20:04:05.0437 3504 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:04:05.0640 3504 Kbdclass - ok
20:04:05.0734 3504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:04:05.0937 3504 kmixer - ok
20:04:06.0000 3504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:04:06.0125 3504 KSecDD - ok
20:04:06.0156 3504 Ktp (9ea9d6ba04629cb14260f46ff8bbd65a) C:\WINDOWS\system32\DRIVERS\ETD.sys
20:04:06.0500 3504 Ktp - ok
20:04:06.0546 3504 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
20:04:06.0593 3504 L1e - ok
20:04:06.0640 3504 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:04:06.0718 3504 LanmanServer - ok
20:04:06.0750 3504 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:04:06.0812 3504 lanmanworkstation - ok
20:04:06.0828 3504 lbrtfdc - ok
20:04:06.0859 3504 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:04:07.0093 3504 LmHosts - ok
20:04:07.0140 3504 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\WINDOWS\system32\drivers\massfilter.sys
20:04:07.0203 3504 massfilter - ok
20:04:07.0296 3504 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
20:04:07.0343 3504 McComponentHostService - ok
20:04:07.0375 3504 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:04:07.0593 3504 Messenger - ok
20:04:07.0656 3504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:04:07.0843 3504 mnmdd - ok
20:04:07.0906 3504 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
20:04:08.0109 3504 mnmsrvc - ok
20:04:08.0171 3504 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:04:08.0375 3504 Modem - ok
20:04:08.0421 3504 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:04:08.0625 3504 Mouclass - ok
20:04:08.0687 3504 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:04:08.0875 3504 mouhid - ok
20:04:08.0937 3504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:04:09.0140 3504 MountMgr - ok
20:04:09.0234 3504 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:04:09.0265 3504 MozillaMaintenance - ok
20:04:09.0312 3504 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:04:09.0500 3504 MPE - ok
20:04:09.0500 3504 mraid35x - ok
20:04:09.0578 3504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:04:09.0812 3504 MRxDAV - ok
20:04:09.0890 3504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:04:09.0984 3504 MRxSmb - ok
20:04:10.0015 3504 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
20:04:10.0234 3504 MSDTC - ok
20:04:10.0312 3504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:04:10.0500 3504 Msfs - ok
20:04:10.0515 3504 MSIServer - ok
20:04:10.0593 3504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:04:10.0781 3504 MSKSSRV - ok
20:04:10.0843 3504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:04:11.0031 3504 MSPCLOCK - ok
20:04:11.0078 3504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:04:11.0296 3504 MSPQM - ok
20:04:11.0375 3504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:04:11.0734 3504 mssmbios - ok
20:04:11.0765 3504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:04:11.0968 3504 MSTEE - ok
20:04:12.0031 3504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:04:12.0093 3504 Mup - ok
20:04:12.0125 3504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:04:12.0343 3504 NABTSFEC - ok
20:04:12.0406 3504 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:04:12.0640 3504 napagent - ok
20:04:12.0718 3504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:04:12.0984 3504 NDIS - ok
20:04:13.0031 3504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:04:13.0234 3504 NdisIP - ok
20:04:13.0312 3504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:04:13.0359 3504 NdisTapi - ok
20:04:13.0406 3504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:04:13.0609 3504 Ndisuio - ok
20:04:13.0656 3504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:04:13.0859 3504 NdisWan - ok
20:04:13.0906 3504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:04:14.0000 3504 NDProxy - ok
20:04:14.0140 3504 Nero BackItUp Scheduler 3 (5aa05f5ca4c6d3b5ec2ce1cdf6736270) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
20:04:14.0234 3504 Nero BackItUp Scheduler 3 - ok
20:04:14.0296 3504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:04:14.0500 3504 NetBIOS - ok
20:04:14.0562 3504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:04:14.0781 3504 NetBT - ok
20:04:14.0859 3504 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:04:15.0062 3504 NetDDE - ok
20:04:15.0062 3504 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:04:15.0265 3504 NetDDEdsdm - ok
20:04:15.0312 3504 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:04:15.0546 3504 Netlogon - ok
20:04:15.0625 3504 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:04:15.0843 3504 Netman - ok
20:04:15.0968 3504 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:04:16.0015 3504 NetTcpPortSharing - ok
20:04:16.0062 3504 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:04:16.0125 3504 Nla - ok
20:04:16.0156 3504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:04:16.0359 3504 Npfs - ok
20:04:16.0406 3504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:04:16.0656 3504 Ntfs - ok
20:04:16.0671 3504 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:04:16.0968 3504 NtLmSsp - ok
20:04:17.0031 3504 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:04:17.0250 3504 NtmsSvc - ok
20:04:17.0312 3504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:04:17.0515 3504 Null - ok
20:04:17.0578 3504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:04:17.0781 3504 NwlnkFlt - ok
20:04:17.0796 3504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:04:18.0000 3504 NwlnkFwd - ok
20:04:18.0156 3504 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
20:04:18.0203 3504 odserv - ok
20:04:18.0250 3504 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:04:18.0281 3504 ose - ok
20:04:18.0328 3504 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:04:18.0546 3504 Parport - ok
20:04:18.0609 3504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:04:18.0812 3504 PartMgr - ok
20:04:18.0875 3504 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:04:19.0062 3504 ParVdm - ok
20:04:19.0140 3504 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:04:19.0343 3504 PCI - ok
20:04:19.0343 3504 PCIDump - ok
20:04:19.0390 3504 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:04:19.0562 3504 PCIIde - ok
20:04:19.0640 3504 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:04:19.0843 3504 Pcmcia - ok
20:04:19.0859 3504 PDCOMP - ok
20:04:19.0859 3504 PDFRAME - ok
20:04:19.0875 3504 PDRELI - ok
20:04:19.0890 3504 PDRFRAME - ok
20:04:19.0890 3504 perc2 - ok
20:04:19.0906 3504 perc2hib - ok
20:04:19.0984 3504 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
20:04:20.0000 3504 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:04:20.0000 3504 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:04:20.0046 3504 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:04:20.0078 3504 PlugPlay - ok
20:04:20.0140 3504 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
20:04:20.0218 3504 Pml Driver HPZ12 - ok
20:04:20.0265 3504 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:04:20.0468 3504 PolicyAgent - ok
20:04:20.0531 3504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:04:20.0765 3504 PptpMiniport - ok
20:04:20.0765 3504 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:04:20.0968 3504 ProtectedStorage - ok
20:04:20.0968 3504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:04:21.0171 3504 PSched - ok
20:04:21.0250 3504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:04:21.0453 3504 Ptilink - ok
20:04:21.0500 3504 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:04:21.0531 3504 PxHelp20 - ok
20:04:21.0531 3504 ql1080 - ok
20:04:21.0546 3504 Ql10wnt - ok
20:04:21.0562 3504 ql12160 - ok
20:04:21.0562 3504 ql1240 - ok
20:04:21.0578 3504 ql1280 - ok
20:04:21.0625 3504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:04:21.0828 3504 RasAcd - ok
20:04:21.0890 3504 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:04:22.0171 3504 RasAuto - ok
20:04:22.0203 3504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:04:22.0406 3504 Rasl2tp - ok
20:04:22.0484 3504 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:04:22.0703 3504 RasMan - ok
20:04:22.0765 3504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:04:22.0968 3504 RasPppoe - ok
20:04:23.0031 3504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:04:23.0250 3504 Raspti - ok
20:04:23.0359 3504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:04:23.0562 3504 Rdbss - ok
20:04:23.0609 3504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:04:23.0812 3504 RDPCDD - ok
20:04:23.0890 3504 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:04:23.0968 3504 RDPWD - ok
20:04:24.0000 3504 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:04:24.0234 3504 RDSessMgr - ok
20:04:24.0312 3504 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:04:24.0500 3504 redbook - ok
20:04:24.0562 3504 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:04:24.0765 3504 RemoteAccess - ok
20:04:24.0828 3504 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
20:04:25.0031 3504 RpcLocator - ok
20:04:25.0093 3504 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:04:25.0156 3504 RpcSs - ok
20:04:25.0187 3504 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
20:04:25.0421 3504 RSVP - ok
20:04:25.0484 3504 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
20:04:25.0593 3504 RT80x86 - ok
20:04:25.0625 3504 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:04:25.0828 3504 SamSs - ok
20:04:25.0890 3504 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:04:26.0093 3504 SCardSvr - ok
20:04:26.0171 3504 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:04:26.0390 3504 Schedule - ok
20:04:26.0453 3504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:04:26.0546 3504 Secdrv - ok
20:04:26.0578 3504 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:04:26.0796 3504 seclogon - ok
20:04:26.0843 3504 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:04:27.0046 3504 SENS - ok
20:04:27.0109 3504 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:04:27.0390 3504 Serial - ok
20:04:27.0421 3504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:04:27.0640 3504 Sfloppy - ok
20:04:27.0718 3504 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:04:27.0937 3504 SharedAccess - ok
20:04:28.0015 3504 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:04:28.0046 3504 ShellHWDetection - ok
20:04:28.0046 3504 Simbad - ok
20:04:28.0078 3504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:04:28.0281 3504 SLIP - ok
20:04:28.0296 3504 Sparrow - ok
20:04:28.0359 3504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:04:28.0546 3504 splitter - ok
20:04:28.0609 3504 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:04:28.0640 3504 Spooler - ok
20:04:28.0687 3504 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:04:28.0812 3504 sr - ok
20:04:28.0843 3504 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
20:04:28.0953 3504 srservice - ok
20:04:28.0984 3504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:04:29.0093 3504 Srv - ok
20:04:29.0140 3504 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:04:29.0250 3504 SSDPSRV - ok
20:04:29.0296 3504 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:04:29.0578 3504 stisvc - ok
20:04:29.0640 3504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:04:29.0843 3504 streamip - ok
20:04:29.0921 3504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:04:30.0140 3504 swenum - ok
20:04:30.0218 3504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:04:30.0421 3504 swmidi - ok
20:04:30.0421 3504 SwPrv - ok
20:04:30.0437 3504 symc810 - ok
20:04:30.0437 3504 symc8xx - ok
20:04:30.0453 3504 sym_hi - ok
20:04:30.0468 3504 sym_u3 - ok
20:04:30.0484 3504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:04:30.0671 3504 sysaudio - ok
20:04:30.0750 3504 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:04:30.0953 3504 SysmonLog - ok
20:04:31.0031 3504 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:04:31.0265 3504 TapiSrv - ok
20:04:31.0359 3504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:04:31.0406 3504 Tcpip - ok
20:04:31.0437 3504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:04:31.0640 3504 TDPIPE - ok
20:04:31.0640 3504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:04:31.0890 3504 TDTCP - ok
20:04:31.0953 3504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:04:32.0171 3504 TermDD - ok
20:04:32.0265 3504 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:04:32.0593 3504 TermService - ok
20:04:32.0640 3504 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:04:32.0671 3504 Themes - ok
20:04:32.0671 3504 TosIde - ok
20:04:32.0734 3504 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:04:32.0953 3504 TrkWks - ok
20:04:33.0031 3504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:04:33.0234 3504 Udfs - ok
20:04:33.0406 3504 UI Assistant Service (a447361e6156afef47a42ae9e89b2bb3) C:\Programme\Join Air\AssistantServices.exe
20:04:33.0453 3504 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
20:04:33.0453 3504 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
20:04:33.0453 3504 ultra - ok
20:04:33.0500 3504 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
20:04:33.0546 3504 UMWdf - ok
20:04:33.0609 3504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:04:33.0859 3504 Update - ok
20:04:33.0937 3504 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:04:34.0078 3504 upnphost - ok
20:04:34.0093 3504 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:04:34.0296 3504 UPS - ok
20:04:34.0375 3504 USB28xxBGA (21f3c6673e57023125504719a7f3ee6e) C:\WINDOWS\system32\DRIVERS\emBDA.sys
20:04:34.0437 3504 USB28xxBGA - ok
20:04:34.0468 3504 USB28xxOEM (990771ceac1cd7e398b3d27c6fbd3c02) C:\WINDOWS\system32\DRIVERS\emOEM.sys
20:04:34.0500 3504 USB28xxOEM - ok
20:04:34.0546 3504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:04:34.0765 3504 usbccgp - ok
20:04:34.0828 3504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:04:35.0015 3504 usbehci - ok
20:04:35.0062 3504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:04:35.0250 3504 usbhub - ok
20:04:35.0328 3504 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:04:35.0531 3504 usbprint - ok
20:04:35.0593 3504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:04:35.0781 3504 usbscan - ok
20:04:35.0843 3504 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:04:36.0062 3504 usbstor - ok
20:04:36.0125 3504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:04:36.0312 3504 usbuhci - ok
20:04:36.0375 3504 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:04:36.0562 3504 usbvideo - ok
20:04:36.0640 3504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:04:36.0828 3504 VgaSave - ok
20:04:36.0828 3504 ViaIde - ok
20:04:36.0906 3504 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:04:37.0109 3504 VolSnap - ok
20:04:37.0187 3504 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:04:37.0312 3504 VSS - ok
20:04:37.0359 3504 vToolbarUpdater11.2.0 - ok
20:04:37.0406 3504 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
20:04:37.0828 3504 W32Time - ok
20:04:37.0843 3504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:04:38.0046 3504 Wanarp - ok
20:04:38.0140 3504 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:04:38.0203 3504 Wdf01000 - ok
20:04:38.0218 3504 WDICA - ok
20:04:38.0250 3504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:04:38.0468 3504 wdmaud - ok
20:04:38.0531 3504 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:04:38.0750 3504 WebClient - ok
20:04:38.0859 3504 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:04:39.0062 3504 winmgmt - ok
20:04:39.0140 3504 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
20:04:39.0171 3504 WmdmPmSN - ok
20:04:39.0218 3504 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:04:39.0437 3504 WmiApSrv - ok
20:04:39.0515 3504 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:04:39.0546 3504 WpdUsb - ok
20:04:39.0593 3504 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:04:39.0796 3504 wscsvc - ok
20:04:39.0859 3504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:04:40.0062 3504 WSTCODEC - ok
20:04:40.0078 3504 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:04:40.0296 3504 wuauserv - ok
20:04:40.0390 3504 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:04:40.0609 3504 WZCSVC - ok
20:04:40.0687 3504 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:04:40.0890 3504 xmlprov - ok
20:04:40.0953 3504 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
20:04:41.0062 3504 ZTEusbmdm6k - ok
20:04:41.0093 3504 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
20:04:41.0140 3504 ZTEusbnmea - ok
20:04:41.0156 3504 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
20:04:41.0187 3504 ZTEusbser6k - ok
20:04:41.0234 3504 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
20:04:42.0062 3504 \Device\Harddisk0\DR0 - ok
20:04:42.0078 3504 Boot (0x1200) (412e605d63c78dbd70ccbb277e9ec288) \Device\Harddisk0\DR0\Partition0
20:04:42.0093 3504 \Device\Harddisk0\DR0\Partition0 - ok
20:04:42.0109 3504 Boot (0x1200) (57eed6c3a17f27569b640362533df957) \Device\Harddisk0\DR0\Partition1
20:04:42.0109 3504 \Device\Harddisk0\DR0\Partition1 - ok
20:04:42.0109 3504 ============================================================
20:04:42.0109 3504 Scan finished
20:04:42.0109 3504 ============================================================
20:04:42.0234 3448 Detected object count: 3
20:04:42.0234 3448 Actual detected object count: 3
20:09:41.0046 3448 ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:41.0046 3448 ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:41.0046 3448 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:41.0046 3448 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:41.0046 3448 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:41.0046 3448 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:09:47.0062 1628 ============================================================
20:09:47.0062 1628 Scan started
20:09:47.0062 1628 Mode: Manual; SigCheck; TDLFS;
20:09:47.0062 1628 ============================================================
20:09:47.0500 1628 Abiosdsk - ok
20:09:47.0515 1628 abp480n5 - ok
20:09:47.0562 1628 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:09:47.0859 1628 ACPI - ok
20:09:47.0921 1628 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:09:48.0140 1628 ACPIEC - ok
20:09:48.0140 1628 adpu160m - ok
20:09:48.0218 1628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:09:48.0421 1628 aec - ok
20:09:48.0484 1628 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:09:48.0531 1628 AFD - ok
20:09:48.0531 1628 Aha154x - ok
20:09:48.0546 1628 aic78u2 - ok
20:09:48.0562 1628 aic78xx - ok
20:09:48.0578 1628 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:09:48.0796 1628 Alerter - ok
20:09:48.0828 1628 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:09:48.0937 1628 ALG - ok
20:09:48.0953 1628 AliIde - ok
20:09:48.0953 1628 amsint - ok
20:09:48.0968 1628 AppMgmt - ok
20:09:49.0015 1628 ASAPIW2k (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\ASAPIW2k.sys
20:09:49.0046 1628 ASAPIW2k ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0046 1628 ASAPIW2k - detected UnsignedFile.Multi.Generic (1)
20:09:49.0046 1628 asc - ok
20:09:49.0062 1628 asc3350p - ok
20:09:49.0062 1628 asc3550 - ok
20:09:49.0171 1628 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:09:49.0187 1628 aspnet_state - ok
20:09:49.0234 1628 AsusACPI (784fcb197f9a50a419d8ce4980655ae4) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
20:09:49.0281 1628 AsusACPI - ok
20:09:49.0312 1628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:49.0515 1628 AsyncMac - ok
20:09:49.0593 1628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:49.0812 1628 atapi - ok
20:09:49.0812 1628 Atdisk - ok
20:09:49.0875 1628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:50.0062 1628 Atmarpc - ok
20:09:50.0109 1628 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:09:50.0312 1628 AudioSrv - ok
20:09:50.0359 1628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:50.0546 1628 audstub - ok
20:09:50.0718 1628 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
20:09:50.0750 1628 AVG Security Toolbar Service - ok
20:09:51.0125 1628 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Programme\AVG\AVG2012\avgidsagent.exe
20:09:51.0421 1628 AVGIDSAgent - ok
20:09:51.0578 1628 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
20:09:51.0609 1628 AVGIDSDriver - ok
20:09:51.0640 1628 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
20:09:51.0656 1628 AVGIDSFilter - ok
20:09:51.0687 1628 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
20:09:51.0703 1628 AVGIDSHX - ok
20:09:51.0718 1628 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
20:09:51.0734 1628 AVGIDSShim - ok
20:09:51.0765 1628 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:09:51.0796 1628 Avgldx86 - ok
20:09:51.0812 1628 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:09:51.0843 1628 Avgmfx86 - ok
20:09:51.0843 1628 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:09:51.0875 1628 Avgrkx86 - ok
20:09:51.0921 1628 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:09:51.0953 1628 Avgtdix - ok
20:09:52.0078 1628 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Programme\AVG\AVG2012\avgwdsvc.exe
20:09:52.0109 1628 avgwd - ok
20:09:52.0140 1628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:52.0359 1628 Beep - ok
20:09:52.0406 1628 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:09:52.0609 1628 BITS - ok
20:09:52.0687 1628 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:09:52.0890 1628 Browser - ok
20:09:52.0984 1628 btaudio (faba1418646a2b433c0bded6ff92d2fa) C:\WINDOWS\system32\drivers\btaudio.sys
20:09:53.0031 1628 btaudio - ok
20:09:53.0078 1628 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
20:09:53.0093 1628 BTDriver - ok
20:09:53.0171 1628 BTKRNL (aef038061bc1cafb4865d43a85beb1a1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:09:53.0234 1628 BTKRNL - ok
20:09:53.0312 1628 btwdins (f20629ff9ed48efa98fdc5d99919e8c0) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:09:53.0359 1628 btwdins - ok
20:09:53.0390 1628 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:09:53.0421 1628 BTWDNDIS - ok
20:09:53.0437 1628 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
20:09:53.0453 1628 btwhid - ok
20:09:53.0484 1628 BTWUSB (179a37c86fd2b9cc28eb93d093d394c7) C:\WINDOWS\system32\Drivers\btwusb.sys
20:09:53.0515 1628 BTWUSB - ok
20:09:53.0546 1628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:53.0734 1628 cbidf2k - ok
20:09:53.0812 1628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:09:54.0000 1628 CCDECODE - ok
20:09:54.0015 1628 cd20xrnt - ok
20:09:54.0078 1628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:54.0281 1628 Cdaudio - ok
20:09:54.0359 1628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:54.0562 1628 Cdfs - ok
20:09:54.0625 1628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:54.0843 1628 Cdrom - ok
20:09:54.0843 1628 Changer - ok
20:09:54.0921 1628 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
20:09:55.0125 1628 CiSvc - ok
20:09:55.0140 1628 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:09:55.0328 1628 ClipSrv - ok
20:09:55.0421 1628 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:55.0437 1628 clr_optimization_v2.0.50727_32 - ok
20:09:55.0484 1628 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:55.0687 1628 CmBatt - ok
20:09:55.0687 1628 CmdIde - ok
20:09:55.0750 1628 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:55.0968 1628 Compbatt - ok
20:09:55.0968 1628 COMSysApp - ok
20:09:55.0984 1628 Cpqarray - ok
20:09:56.0250 1628 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:09:56.0484 1628 CryptSvc - ok
20:09:56.0484 1628 dac2w2k - ok
20:09:56.0500 1628 dac960nt - ok
20:09:56.0578 1628 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:09:56.0640 1628 DcomLaunch - ok
20:09:56.0687 1628 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:56.0875 1628 Dhcp - ok
20:09:56.0953 1628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:57.0171 1628 Disk - ok
20:09:57.0171 1628 dmadmin - ok
20:09:57.0296 1628 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:57.0500 1628 dmboot - ok
20:09:57.0578 1628 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:09:57.0765 1628 dmio - ok
20:09:57.0812 1628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:58.0000 1628 dmload - ok
20:09:58.0078 1628 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:09:58.0265 1628 dmserver - ok
20:09:58.0343 1628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:58.0562 1628 DMusic - ok
20:09:58.0625 1628 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:09:58.0671 1628 Dnscache - ok
20:09:58.0703 1628 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:09:58.0906 1628 Dot3svc - ok
20:09:58.0906 1628 dpti2o - ok
20:09:58.0984 1628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:59.0171 1628 drmkaud - ok
20:09:59.0234 1628 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:09:59.0437 1628 EapHost - ok
20:09:59.0500 1628 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:09:59.0718 1628 ERSvc - ok
20:09:59.0781 1628 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:09:59.0812 1628 Eventlog - ok
20:09:59.0859 1628 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
20:09:59.0890 1628 EventSystem - ok
20:09:59.0937 1628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:10:00.0125 1628 Fastfat - ok
20:10:00.0171 1628 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:10:00.0218 1628 FastUserSwitchingCompatibility - ok
20:10:00.0234 1628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:10:00.0437 1628 Fdc - ok
20:10:00.0484 1628 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:10:00.0671 1628 Fips - ok
20:10:00.0734 1628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:10:00.0937 1628 Flpydisk - ok
20:10:01.0015 1628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:10:01.0218 1628 FltMgr - ok
20:10:01.0468 1628 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:10:01.0562 1628 FontCache3.0.0.0 - ok
20:10:01.0593 1628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:10:01.0812 1628 Fs_Rec - ok
20:10:01.0890 1628 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:10:02.0078 1628 Ftdisk - ok
20:10:02.0187 1628 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Programme\NOS\bin\getPlus_Helper.dll
20:10:02.0218 1628 getPlusHelper - ok
20:10:02.0265 1628 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:10:02.0281 1628 ggflt - ok
20:10:02.0328 1628 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:10:02.0343 1628 ggsemc - ok
20:10:02.0390 1628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:10:02.0609 1628 Gpc - ok
20:10:02.0718 1628 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
20:10:02.0750 1628 gupdate - ok
20:10:02.0750 1628 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
20:10:02.0781 1628 gupdatem - ok
20:10:02.0828 1628 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:10:03.0015 1628 HDAudBus - ok
20:10:03.0125 1628 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:10:03.0343 1628 helpsvc - ok
20:10:03.0390 1628 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
20:10:03.0578 1628 HidServ - ok
20:10:03.0640 1628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:10:03.0828 1628 HidUsb - ok
20:10:03.0890 1628 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:10:04.0078 1628 hkmsvc - ok
20:10:04.0093 1628 hpn - ok
20:10:04.0171 1628 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:10:04.0234 1628 HPZid412 - ok
20:10:04.0250 1628 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:10:04.0296 1628 HPZipr12 - ok
20:10:04.0312 1628 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:10:04.0375 1628 HPZius12 - ok
20:10:04.0421 1628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:10:04.0468 1628 HTTP - ok
20:10:04.0484 1628 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:10:04.0703 1628 HTTPFilter - ok
20:10:04.0796 1628 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
20:10:04.0843 1628 hwdatacard - ok
20:10:04.0859 1628 i2omgmt - ok
20:10:04.0875 1628 i2omp - ok
20:10:04.0906 1628 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:10:05.0093 1628 i8042prt - ok
20:10:05.0484 1628 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:10:05.0750 1628 ialm - ok
20:10:05.0937 1628 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:10:06.0000 1628 idsvc - ok
20:10:06.0125 1628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:10:06.0328 1628 Imapi - ok
20:10:06.0390 1628 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
20:10:06.0578 1628 ImapiService - ok
20:10:06.0593 1628 ini910u - ok
20:10:07.0109 1628 IntcAzAudAddService (47c79f7e330cbb829934d00f64d55fc9) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:10:07.0390 1628 IntcAzAudAddService - ok
20:10:07.0500 1628 IntelIde - ok
20:10:07.0531 1628 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:10:07.0734 1628 intelppm - ok
20:10:07.0796 1628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:10:08.0000 1628 Ip6Fw - ok
20:10:08.0062 1628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:10:08.0265 1628 IpFilterDriver - ok
20:10:08.0265 1628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:10:08.0468 1628 IpInIp - ok
20:10:08.0546 1628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:10:08.0765 1628 IpNat - ok
20:10:08.0843 1628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:10:09.0046 1628 IPSec - ok
20:10:09.0109 1628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:10:09.0218 1628 IRENUM - ok
20:10:09.0250 1628 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:10:09.0468 1628 isapnp - ok
20:10:09.0593 1628 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
20:10:09.0625 1628 IviRegMgr - ok
20:10:09.0750 1628 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
20:10:09.0781 1628 JavaQuickStarterService - ok
20:10:09.0812 1628 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:10:10.0015 1628 Kbdclass - ok
20:10:10.0093 1628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:10:10.0328 1628 kmixer - ok
20:10:10.0390 1628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:10:10.0437 1628 KSecDD - ok
20:10:10.0468 1628 Ktp (9ea9d6ba04629cb14260f46ff8bbd65a) C:\WINDOWS\system32\DRIVERS\ETD.sys
20:10:10.0515 1628 Ktp - ok
20:10:10.0562 1628 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
20:10:10.0578 1628 L1e - ok
20:10:10.0625 1628 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:10:10.0671 1628 LanmanServer - ok
20:10:10.0703 1628 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:10:10.0750 1628 lanmanworkstation - ok
20:10:10.0750 1628 lbrtfdc - ok
20:10:10.0796 1628 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:10:11.0000 1628 LmHosts - ok
20:10:11.0046 1628 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\WINDOWS\system32\drivers\massfilter.sys
20:10:11.0093 1628 massfilter - ok
20:10:11.0171 1628 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
20:10:11.0203 1628 McComponentHostService - ok
20:10:11.0234 1628 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:10:11.0437 1628 Messenger - ok
20:10:11.0500 1628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:10:11.0687 1628 mnmdd - ok
20:10:11.0765 1628 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
20:10:12.0078 1628 mnmsrvc - ok
20:10:12.0109 1628 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:10:12.0296 1628 Modem - ok
20:10:12.0359 1628 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:10:12.0546 1628 Mouclass - ok
20:10:12.0625 1628 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:10:12.0796 1628 mouhid - ok
20:10:12.0875 1628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:10:13.0062 1628 MountMgr - ok
20:10:13.0156 1628 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:10:13.0187 1628 MozillaMaintenance - ok
20:10:13.0234 1628 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:10:13.0421 1628 MPE - ok
20:10:13.0437 1628 mraid35x - ok
20:10:13.0515 1628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:10:13.0718 1628 MRxDAV - ok
20:10:13.0812 1628 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:10:13.0875 1628 MRxSmb - ok
20:10:13.0890 1628 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
20:10:14.0093 1628 MSDTC - ok
20:10:14.0171 1628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:10:14.0375 1628 Msfs - ok
20:10:14.0375 1628 MSIServer - ok
20:10:14.0421 1628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:10:14.0609 1628 MSKSSRV - ok
20:10:14.0671 1628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:10:14.0859 1628 MSPCLOCK - ok
20:10:14.0906 1628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:10:15.0109 1628 MSPQM - ok
20:10:15.0140 1628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:10:15.0343 1628 mssmbios - ok
20:10:15.0359 1628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:10:15.0562 1628 MSTEE - ok
20:10:15.0625 1628 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:10:15.0656 1628 Mup - ok
20:10:15.0687 1628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:10:15.0875 1628 NABTSFEC - ok
20:10:15.0953 1628 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:10:16.0156 1628 napagent - ok
20:10:16.0234 1628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:10:16.0453 1628 NDIS - ok
20:10:16.0515 1628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:10:16.0687 1628 NdisIP - ok
20:10:16.0765 1628 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:10:16.0796 1628 NdisTapi - ok
20:10:16.0828 1628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:10:17.0031 1628 Ndisuio - ok
20:10:17.0171 1628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:10:17.0390 1628 NdisWan - ok
20:10:17.0484 1628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:10:17.0531 1628 NDProxy - ok
20:10:17.0687 1628 Nero BackItUp Scheduler 3 (5aa05f5ca4c6d3b5ec2ce1cdf6736270) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
20:10:17.0750 1628 Nero BackItUp Scheduler 3 - ok
20:10:17.0796 1628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:10:17.0984 1628 NetBIOS - ok
20:10:18.0062 1628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:10:18.0265 1628 NetBT - ok
20:10:18.0343 1628 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:10:18.0531 1628 NetDDE - ok
20:10:18.0531 1628 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:10:18.0734 1628 NetDDEdsdm - ok
20:10:18.0796 1628 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:10:19.0000 1628 Netlogon - ok
20:10:19.0093 1628 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:10:19.0281 1628 Netman - ok
20:10:19.0421 1628 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:19.0453 1628 NetTcpPortSharing - ok
20:10:19.0515 1628 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:10:19.0562 1628 Nla - ok
20:10:19.0609 1628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:10:19.0781 1628 Npfs - ok
20:10:19.0875 1628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:10:20.0109 1628 Ntfs - ok
20:10:20.0125 1628 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:10:20.0312 1628 NtLmSsp - ok
20:10:20.0375 1628 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:10:20.0578 1628 NtmsSvc - ok
20:10:20.0640 1628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:10:20.0828 1628 Null - ok
20:10:20.0890 1628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:10:21.0109 1628 NwlnkFlt - ok
20:10:21.0109 1628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:10:21.0296 1628 NwlnkFwd - ok
20:10:21.0453 1628 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
20:10:21.0484 1628 odserv - ok
20:10:21.0531 1628 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:10:21.0562 1628 ose - ok
20:10:21.0609 1628 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:10:21.0828 1628 Parport - ok
20:10:21.0906 1628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:10:22.0093 1628 PartMgr - ok
20:10:22.0156 1628 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:10:22.0656 1628 ParVdm - ok
20:10:22.0703 1628 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:10:22.0890 1628 PCI - ok
20:10:22.0890 1628 PCIDump - ok
20:10:22.0984 1628 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:10:23.0171 1628 PCIIde - ok
20:10:23.0234 1628 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:10:23.0421 1628 Pcmcia - ok
20:10:23.0437 1628 PDCOMP - ok
20:10:23.0437 1628 PDFRAME - ok
20:10:23.0453 1628 PDRELI - ok
20:10:23.0468 1628 PDRFRAME - ok
20:10:23.0468 1628 perc2 - ok
20:10:23.0484 1628 perc2hib - ok
20:10:23.0578 1628 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\WINDOWS\system32\IoctlSvc.exe
20:10:23.0578 1628 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:10:23.0578 1628 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:10:23.0625 1628 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:10:23.0656 1628 PlugPlay - ok
20:10:23.0703 1628 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
20:10:23.0781 1628 Pml Driver HPZ12 - ok
20:10:23.0828 1628 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:10:24.0015 1628 PolicyAgent - ok
20:10:24.0093 1628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:10:24.0312 1628 PptpMiniport - ok
20:10:24.0328 1628 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:10:24.0515 1628 ProtectedStorage - ok
20:10:24.0531 1628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:10:24.0718 1628 PSched - ok
20:10:24.0781 1628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:10:24.0984 1628 Ptilink - ok
20:10:25.0046 1628 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:10:25.0078 1628 PxHelp20 - ok
20:10:25.0093 1628 ql1080 - ok
20:10:25.0093 1628 Ql10wnt - ok
20:10:25.0109 1628 ql12160 - ok
20:10:25.0109 1628 ql1240 - ok
20:10:25.0125 1628 ql1280 - ok
20:10:25.0156 1628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:10:25.0359 1628 RasAcd - ok
20:10:25.0406 1628 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:10:25.0593 1628 RasAuto - ok
20:10:25.0640 1628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:10:25.0843 1628 Rasl2tp - ok
20:10:25.0921 1628 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:10:26.0109 1628 RasMan - ok
20:10:26.0156 1628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:10:26.0343 1628 RasPppoe - ok
20:10:26.0390 1628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:10:26.0593 1628 Raspti - ok
20:10:26.0671 1628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:10:26.0859 1628 Rdbss - ok
20:10:26.0906 1628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:10:27.0109 1628 RDPCDD - ok
20:10:27.0187 1628 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:10:27.0218 1628 RDPWD - ok
20:10:27.0265 1628 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:10:27.0453 1628 RDSessMgr - ok
20:10:27.0531 1628 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:10:27.0859 1628 redbook - ok
20:10:27.0890 1628 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:10:28.0093 1628 RemoteAccess - ok
20:10:28.0140 1628 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
20:10:28.0343 1628 RpcLocator - ok
20:10:28.0406 1628 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:10:28.0453 1628 RpcSs - ok
20:10:28.0484 1628 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
20:10:28.0671 1628 RSVP - ok
20:10:28.0781 1628 RT80x86 (162d6aee49372b9ce17c418cc5cde7b5) C:\WINDOWS\system32\DRIVERS\RT2860.sys
20:10:28.0843 1628 RT80x86 - ok
20:10:28.0890 1628 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:10:29.0078 1628 SamSs - ok
20:10:29.0140 1628 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:10:29.0343 1628 SCardSvr - ok
20:10:29.0390 1628 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:10:29.0593 1628 Schedule - ok
20:10:29.0640 1628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:10:29.0734 1628 Secdrv - ok
20:10:29.0765 1628 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:10:29.0968 1628 seclogon - ok
20:10:30.0015 1628 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:10:30.0203 1628 SENS - ok
20:10:30.0265 1628 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:10:30.0468 1628 Serial - ok
20:10:30.0531 1628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:10:30.0734 1628 Sfloppy - ok
20:10:30.0828 1628 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:10:31.0015 1628 SharedAccess - ok
20:10:31.0093 1628 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:10:31.0125 1628 ShellHWDetection - ok
20:10:31.0140 1628 Simbad - ok
20:10:31.0171 1628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:10:31.0375 1628 SLIP - ok
20:10:31.0375 1628 Sparrow - ok
20:10:31.0437 1628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:10:31.0625 1628 splitter - ok
20:10:31.0687 1628 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:10:31.0718 1628 Spooler - ok
20:10:31.0765 1628 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:10:31.0875 1628 sr - ok
20:10:31.0906 1628 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
20:10:32.0000 1628 srservice - ok
20:10:32.0078 1628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:10:32.0109 1628 Srv - ok
20:10:32.0156 1628 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:10:32.0265 1628 SSDPSRV - ok
20:10:32.0312 1628 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:10:32.0515 1628 stisvc - ok
20:10:32.0578 1628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:10:32.0765 1628 streamip - ok
20:10:32.0828 1628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:10:33.0062 1628 swenum - ok
20:10:33.0093 1628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:10:33.0296 1628 swmidi - ok
20:10:33.0296 1628 SwPrv - ok
20:10:33.0312 1628 symc810 - ok
20:10:33.0328 1628 symc8xx - ok
20:10:33.0328 1628 sym_hi - ok
20:10:33.0343 1628 sym_u3 - ok
20:10:33.0359 1628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:10:33.0546 1628 sysaudio - ok
20:10:33.0625 1628 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:10:33.0812 1628 SysmonLog - ok
20:10:33.0906 1628 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:10:34.0109 1628 TapiSrv - ok
20:10:34.0203 1628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:10:34.0250 1628 Tcpip - ok
20:10:34.0281 1628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:10:34.0484 1628 TDPIPE - ok
20:10:34.0484 1628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:10:34.0718 1628 TDTCP - ok
20:10:34.0796 1628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:10:34.0968 1628 TermDD - ok
20:10:35.0062 1628 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:10:35.0281 1628 TermService - ok
20:10:35.0343 1628 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:10:35.0375 1628 Themes - ok
20:10:35.0375 1628 TosIde - ok
20:10:35.0437 1628 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:10:35.0640 1628 TrkWks - ok
20:10:35.0718 1628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:10:35.0906 1628 Udfs - ok
20:10:36.0031 1628 UI Assistant Service (a447361e6156afef47a42ae9e89b2bb3) C:\Programme\Join Air\AssistantServices.exe
20:10:36.0046 1628 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
20:10:36.0046 1628 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
20:10:36.0046 1628 ultra - ok
20:10:36.0093 1628 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
20:10:36.0109 1628 UMWdf - ok
20:10:36.0171 1628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:10:36.0406 1628 Update - ok
20:10:36.0484 1628 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:10:36.0609 1628 upnphost - ok
20:10:36.0625 1628 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:10:36.0812 1628 UPS - ok
20:10:36.0890 1628 USB28xxBGA (21f3c6673e57023125504719a7f3ee6e) C:\WINDOWS\system32\DRIVERS\emBDA.sys
20:10:36.0921 1628 USB28xxBGA - ok
20:10:36.0937 1628 USB28xxOEM (990771ceac1cd7e398b3d27c6fbd3c02) C:\WINDOWS\system32\DRIVERS\emOEM.sys
20:10:36.0968 1628 USB28xxOEM - ok
20:10:37.0000 1628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:10:37.0203 1628 usbccgp - ok
20:10:37.0265 1628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:10:37.0453 1628 usbehci - ok
20:10:37.0515 1628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:10:37.0703 1628 usbhub - ok
20:10:37.0765 1628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:10:37.0968 1628 usbprint - ok
20:10:38.0062 1628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:10:38.0265 1628 usbscan - ok
20:10:38.0312 1628 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:10:38.0515 1628 usbstor - ok
20:10:38.0578 1628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:10:38.0765 1628 usbuhci - ok
20:10:38.0843 1628 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:10:39.0031 1628 usbvideo - ok
20:10:39.0109 1628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:10:39.0281 1628 VgaSave - ok
20:10:39.0296 1628 ViaIde - ok
20:10:39.0375 1628 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:10:39.0562 1628 VolSnap - ok
20:10:39.0656 1628 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:10:39.0765 1628 VSS - ok
20:10:39.0828 1628 vToolbarUpdater11.2.0 - ok
20:10:39.0890 1628 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
20:10:40.0078 1628 W32Time - ok
20:10:40.0140 1628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:10:40.0343 1628 Wanarp - ok
20:10:40.0421 1628 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:10:40.0468 1628 Wdf01000 - ok
20:10:40.0484 1628 WDICA - ok
20:10:40.0515 1628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:10:40.0718 1628 wdmaud - ok
20:10:40.0781 1628 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:10:40.0968 1628 WebClient - ok
20:10:41.0078 1628 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:10:41.0281 1628 winmgmt - ok
20:10:41.0343 1628 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
20:10:41.0375 1628 WmdmPmSN - ok
20:10:41.0406 1628 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:10:41.0609 1628 WmiApSrv - ok
20:10:41.0671 1628 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:10:41.0703 1628 WpdUsb - ok
20:10:41.0734 1628 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:10:41.0953 1628 wscsvc - ok
20:10:42.0015 1628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:10:42.0203 1628 WSTCODEC - ok
20:10:42.0265 1628 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:10:42.0468 1628 wuauserv - ok
20:10:42.0578 1628 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:10:42.0765 1628 WZCSVC - ok
20:10:42.0843 1628 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:10:43.0031 1628 xmlprov - ok
20:10:43.0093 1628 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
20:10:43.0140 1628 ZTEusbmdm6k - ok
20:10:43.0156 1628 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
20:10:43.0187 1628 ZTEusbnmea - ok
20:10:43.0203 1628 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
20:10:43.0234 1628 ZTEusbser6k - ok
20:10:43.0265 1628 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
20:10:44.0265 1628 \Device\Harddisk0\DR0 - ok
20:10:44.0296 1628 Boot (0x1200) (412e605d63c78dbd70ccbb277e9ec288) \Device\Harddisk0\DR0\Partition0
20:10:44.0296 1628 \Device\Harddisk0\DR0\Partition0 - ok
20:10:44.0328 1628 Boot (0x1200) (57eed6c3a17f27569b640362533df957) \Device\Harddisk0\DR0\Partition1
20:10:44.0328 1628 \Device\Harddisk0\DR0\Partition1 - ok
20:10:44.0328 1628 ============================================================
20:10:44.0328 1628 Scan finished
20:10:44.0328 1628 ============================================================
20:10:44.0343 1624 Detected object count: 3
20:10:44.0343 1624 Actual detected object count: 3
20:11:02.0609 1624 ASAPIW2k ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:02.0609 1624 ASAPIW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:02.0609 1624 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:02.0609 1624 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:02.0625 1624 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:02.0625 1624 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:21.0312 1644 Deinitialize success
hanglooser |
|
26.07.2012, 12:36
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im Autostart Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 16:40
| #21 |
| | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne, sorry dass Du von mir so lange nichts gehört hast. Mein Urlaub ist mir dazwischen gekommen. Ich hatte das Netbook mitgenommen, aber leider hat es an einer stabilen und sicheren Internetverbindung gemangelt. Hier also die Combofix Logdatei: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-13.01 - ***** 14.08.2012 17:10:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1015.580 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*****\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\que\notifyq.dqueue
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\que\notifyq.lqueue
c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SmartFax\Settings.xml
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SoftPhone\CurrentLog.txt
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SoftPhone\QuickDial.xml
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientHistory.xml
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SoftPhone\SipClientSettings.xml
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SoftPhone\SipLog.cdb
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\1&1 SoftPhone\SipLog.lck
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\Common\Contacts.cdb
c:\dokumente und einstellungen\*****\Anwendungsdaten\1&1\Common\Contacts.lck
c:\dokumente und einstellungen\*****\WINDOWS
c:\windows\system32\10017
c:\windows\system32\10017\components\AcroFF.txt
c:\windows\system32\10018
c:\windows\system32\10018\chrome.manifest
c:\windows\system32\10018\components\AcroFF.txt
c:\windows\system32\10018\install.rdf
c:\windows\system32\Cache
c:\windows\system32\Cache\1fdc89b76d1a2502.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\de80e9109be6b5ce.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\eac4ee23102048c5.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fb28e369c7147a35.fb
c:\windows\system32\kock
c:\windows\system32\UAs
c:\windows\system32\UAs\iexplore.exe_UAs001.dat
c:\windows\system32\UAs\iexplore.exe_UAs002.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-14 bis 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-07-25 11:11 . 2012-07-25 11:11 -------- d-----w- C:\_OTL
2012-07-24 20:28 . 2012-07-24 20:28 -------- d-----w- c:\windows\Internet Logs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2012-07-13 14:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:55 . 2008-07-08 13:59 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-07-08 13:58 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-07-08 13:58 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-08 13:59 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-07-10 18:04 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-07-10 18:04 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-07-10 17:51 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-07-10 17:51 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-07-10 17:51 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-07-10 18:04 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-07-10 18:04 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-07-10 17:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-07-10 17:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-08 13:58 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-07-10 18:04 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-07-10 17:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-07-10 17:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2008-10-22 20:10 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2008-10-22 20:10 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2008-10-22 20:10 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-07-08 13:58 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 09:56 . 2012-05-18 09:57 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-05-18 09:56 . 2012-05-18 09:57 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-05-18 09:56 . 2012-05-18 09:57 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2008-05-07 14:34 . 2010-07-10 18:31 15523560 ----a-w- c:\programme\U1 Setup.exe
2012-07-20 18:14 . 2011-08-24 17:24 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\programme\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\programme\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\programme\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"ETDWare"="c:\programme\Elantech\ETDCtrl.exe" [2008-07-23 335872]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-09-24 198160]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]
"UIExec"="c:\programme\Join Air\UIExec.exe" [2009-08-31 132608]
"AVG_TRAY"="c:\programme\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\*****\Startmenü\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SuperHybridEngine.lnk - c:\programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-7-10 303104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Readon Technology\\Readon TV Movie Radio Player 7.2.0.0\\internettv.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.04.2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.01.2011 04:32 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.01.2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.02.2011 07:54 301248]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG2012\avgwdsvc.exe [14.02.2012 04:53 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 13:32 17232]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [10.07.2010 20:14 625024]
S2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG2012\avgidsagent.exe [04.07.2012 17:25 5160568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.03.2012 03:04 135664]
S2 UI Assistant Service;UI Assistant Service;c:\programme\Join Air\AssistantServices.exe [16.02.2010 11:06 241664]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe --> c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [09.05.2011 20:48 167264]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.05.2012 11:57 13224]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [12.03.2012 03:04 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.02.2010 11:06 9728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [13.05.2012 21:32 113120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-03-12 01:03]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-03-12 01:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: In 1&&1 SoftPhone wählen - c:\dokumente und einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\*****\Anwendungsdaten\Mozilla\Firefox\Profiles\sxwon4km.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd4432583-cc7c-47a9-8a3e-5b4af92680bf%7D&mid=59fd019ff9f7181cc501c982a1fc7cd6-7cceb60287906c49fc53f5bf8eef2588b4d7b669&ds=AVG&v=10.2.0.3&lang=de&pr=fr&d=2011-12-08%2011%3A18%3A41&sap=ku&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-LightScribe Control Panel - c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
HKLM-Run-vProt - c:\programme\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_dec12 - c:\programme\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-Adobe Digital Editions - c:\dokumente und einstellungen\*****\anwendungsdaten\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-14 17:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-08-14 17:21:13
ComboFix-quarantined-files.txt 2012-08-14 15:21
.
Vor Suchlauf: 10 Verzeichnis(se), 32.169.054.208 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 33.849.237.504 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B34574F52DFDB200DD27B774A95FD2F7
[/code] Viele Grüße, hanglooser |
|
14.08.2012, 17:08
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im Autostart Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 15:02
| #23 |
| | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne, ich habe alle 3 Scans in der vorgegebebenen Reihenfolge ausgeführt! hier also die Logfildes: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-15 15:06:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160827AS rev.3.AAA
Running: yx126wqn.exe; Driver: C:\DOKUME~1\Matthias\LOKALE~1\Temp\pxtdypoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA9D2A004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA9D2A0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA9D29D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA9D29E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA9D29EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA9D29F56]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:25:12 on 15.08.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASAPIW2K" (ASAPIW2k) - "VOB Computersysteme GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys "AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys "AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys "AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys "AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys "AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys "AVGIDSHX" (AVGIDSHX) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\avgidshx.sys "AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys "catchme" (catchme) - ? - C:\DOKUME~1\*****\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgse.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL {6B6D6277-1327-4b55-BF6E-DCCB37C406A3} "CJukeMenuExt Object" - "WoLoSoft International" - C:\Programme\WoLoSoft\Juke\JukeExt.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {d6044399-0b9e-4084-a9ac-c4b7c7800fcf} "Eee Storage" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgdtiex.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} "AVG Do Not Track" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgdtiex.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgssie.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - c:\program files\real\realplayer\rpbrowserrecordplugin.dll {22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "SuperHybridEngine.lnk" - "ASUSTeK Computer Inc." - C:\Programme\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AsusACPIServer" - "ASUSTeK Computer Inc." - C:\Programme\EeePC\ACPI\AsAcpiSvr.exe "AsusEPCMonitor" - "ASUSTeK Computer Inc." - C:\Programme\EeePC\ACPI\AsEPCMon.exe "AsusTray" - "ASUSTeK Computer Inc." - C:\Programme\EeePC\ACPI\AsTray.exe "AVG_TRAY" - "AVG Technologies CZ, s.r.o." - "C:\Programme\AVG\AVG2012\avgtray.exe" "DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "ETDWare" - "ELANTECH Devices Corp." - C:\Programme\Elantech\ETDCtrl.exe "HP Software Update" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "NBKeyScan" - "Nero AG" - "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe "PinnacleDriverCheck" - ? - C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "UIExec" - ? - "C:\Programme\Join Air\UIExec.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgwdsvc.exe "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG2012\avgidsagent.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\Join Air\AssistantServices.exe (File found, but it contains no detailed information) "vToolbarUpdater11.2.0" (vToolbarUpdater11.2.0) - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe (File not found) "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 15:30:07
-----------------------------
15:30:07.328 OS Version: Windows 5.1.2600 Service Pack 3
15:30:07.328 Number of processors: 2 586 0x1C02
15:30:07.328 ComputerName: ***** UserName:
15:30:08.125 Initialize success
15:41:52.640 AVAST engine defs: 12081501
15:42:05.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:42:05.343 Disk 0 Vendor: ST9160827AS 3.AAA Size: 152627MB BusType: 3
15:42:05.359 Disk 0 MBR read successfully
15:42:05.359 Disk 0 MBR scan
15:42:05.406 Disk 0 Windows XP default MBR code
15:42:05.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81933 MB offset 63
15:42:05.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70653 MB offset 167798925
15:42:05.453 Disk 0 Partition 3 00 EF EFI FAT B_ 39 MB offset 312496380
15:42:05.468 Disk 0 scanning sectors +312576705
15:42:05.546 Disk 0 scanning C:\WINDOWS\system32\drivers
15:42:17.140 Service scanning
15:42:40.750 Modules scanning
15:43:11.453 Disk 0 trace - called modules:
15:43:11.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:43:11.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86be7548]
15:43:11.484 3 CLASSPNP.SYS[f7608fd7] -> nt!IofCallDriver -> \Device\00000069[0x86bc89e8]
15:43:11.484 5 ACPI.sys[f749e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b75d98]
15:43:12.000 AVAST engine scan C:\WINDOWS
15:43:37.015 AVAST engine scan C:\WINDOWS\system32
15:47:15.281 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:33.281 AVAST engine scan C:\Dokumente und Einstellungen\*****
15:53:13.187 AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:55:56.796 Scan finished successfully
15:56:15.406 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\MBR.dat"
15:56:15.421 The log file has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\aswMBR.txt"
hanglooser |
|
15.08.2012, 20:30
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im Autostart Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 17:05
| #25 |
| | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne, nach dem Scan von Malware war ich ja noch zuversichtlich... hier also die beiden Scanlogs: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Matthias :: ZEUS [Administrator] 16.08.2012 13:03:25 mbam-log-2012-08-16 (13-03-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364791 Laufzeit: 1 Stunde(n), 39 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2012 at 05:48 PM
Application Version : 5.5.1012
Core Rules Database Version : 9068
Trace Rules Database Version: 6880
Scan type : Complete Scan
Total Scan Time : 02:08:18
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 35340
Registry threats detected : 0
File items scanned : 117977
File threats detected : 41
Adware.Tracking Cookie
C:\DOKUMENTE UND EINSTELLUNGEN\GASTKONTO\Cookies\gastkonto@www.windowsmedia[2].txt [ Cookie:gastkonto@www.windowsmedia.com/ ]
.divx.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.im.banner.t-online.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.paypal.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.stats.paypal.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.mitfahrzentrale.de [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOKUMENTE UND EINSTELLUNGEN\*****\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9916987E-F762-4514-907A-40B8F4E905A6}\RP663\A0175702.EXE
LG hanglooser |
|
17.08.2012, 18:51
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im Autostart Sieht ok aus, da wurden nur Cookies gefunden. Und wenn überhaupt nur noch ein Überrest in der Systemwiederherstellung. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2012, 20:10
| #27 |
| | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne, das hört sich ja ziemlich gut an!!! Das mit den Cookies werde ich dann mal nach Deinem Vorbild angehen und eine Linux Partition ist vielleicht auch nicht das schlechteste. Ich hatte beim letzten Neustart wieder einmal die Altbekannte Fehlermeldung: HP CUE Status hat ein Problem festgestellt und muss beendet werden Problemsignatur: AppName: hpqste08.exe AppVer: 70.0.170.0 ModName: unknown ModVer: 0.0.0.0 Offset: 00cddfb0 Ansosten läuft alles soweit problemlos :-) LG, hanglooser |
|
18.08.2012, 11:46
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im AutostartCode:
ATTFilter HP CUE Status hat ein Problem festgestellt und muss beendet werden
Problemsignatur: AppName: hpqste08.exe AppVer: 70.0.170.0 ModName: unknown
ModVer: 0.0.0.0 Offset: 00cddfb0
Wenn ja, versuch mal den gesamten Kram zu deinstallieren. Anschließend nur den reinen Treibern installieren über neuen Drucker hinzufügen - NICHT das SETUP von CD ausführen weil da immer irgendein weiterer nicht benötiger Unsinn mitinstalliert wird Ansosnten wären wir dann durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.08.2012, 20:27
| #29 |
| | Trojan.Banker? wpbt0.dll im Autostart Hallo Arne, ich hoffe wir haben uns nicht zu früh gefreut! Ich bin beim Aufräumen nach Deinen Anweisungen vorgegangen und habe dann auch die Windows und Java Updates durchgeführt. Habe nun folgenden Fehler nach einer Weile: jusched.exe hat ein Problem festgestellt und muss beendet werden. Problemsignatur AppName: jusched.exe AppVer: 2.0.7.1 ModName: user32.dll ModVer: 5.1.2600.5512 Offset: 000187f1 Gruß hanglooser |
|
20.08.2012, 21:36
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Banker? wpbt0.dll im Autostart Hast du die alten Java-Versionen alle vorher deinstalliert? Welches Java genau hast du jetzt nachinstalliert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Banker? wpbt0.dll im Autostart |
| .dll, 32 bit, abgebrochen, acroiehelpe.dll, administrator, anti-malware, asus, autostart, avg secure search, avg security toolbar, browser, dateien, dll, explorer, helper, heuristiks/extra, heuristiks/shuriken, laden, logfiles, malwarebytes, microsoft, modul, neue, plug-in, rundll, scan, searchscopes, secure search, service pack 3, software, speicher, super, temp, vtoolbarupdater, winxp, öffnet |
Linear-Darstellung
