| |
| |||||||
Log-Analyse und Auswertung: Trojaner nach ominöser E-Mail von vertrauter Quelle?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.08.2012, 13:22
| #1 | |||
 |  Trojaner nach ominöser E-Mail von vertrauter Quelle? Hallo Gemeinde, meine Freundin hat vom E-Mail-Account (GMX) ihrer Schwester folgenden Link gesendet bekommen. h**p://sundolphin.broval.ne.jp/wordpress/wp-content/plugins/zexpsuubeuo/lifenews.php?valuable208.gif Er führt zu einer Seite in der auf deutsch irgendwelche Abnehmpillen beworben werden. Erster Gedanke: schlechter Scherz, aber dann die Idee, Mist.... jetzt habe ich im Netz geschaut und nur einen (für mich) relevanten Link gefunden, da mein Japanisch etwas eingerostet ist und mein Englisch für Computerdinge zu schlecht habe ich nur deutsche Seiten gesucht: ***.computerbase.de/forum/showtrhead.php?t=1093217 Obwohl es bisher noch keine offenen "Probleme" gibt, haben wir Dinge wie Online-Banking etc. eingestellt, da bei uns Aufregung herrscht, ob wir uns einen Trojaner eingefangen haben. Das vorgeschlagenen Vorgehen habe ich durchgeführt (auch defogger) und Dateien folgen. Ich hoffe, ich habe alles so ausgeführt, daß Ihr damit was anfangen könnt. Vielen Dank für Eure Zeit und Hilfe!! Grüße bakalude OTL.txt : Zitat:
Extras.txt Zitat:
Zitat:
|
|
05.08.2012, 12:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner nach ominöser E-Mail von vertrauter Quelle? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
09.08.2012, 20:39
| #3 |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? Hallo Arne,
__________________erst einmal "danke" für Deine Antwort und Vorschläge und Entschuldigung für die recht späte Reaktion meinerseits. Ich hoffe, Du kannst was damit anfangen und dann schaun wa mal, was bei raus kommt. Einen schönen Abend noch, Gruß Tobias Nun die logs von malware und eset. malware Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.09.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 *** :: *** [Administrator] 09.08.2012 17:51:10 mbam-log-2012-08-09 (17-51-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 271067 Laufzeit: 1 Stunde(n), 15 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3c8b3b33124d104a88c94c7d04374546
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 06:53:38
# local_time=2012-08-09 08:53:38 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777175 100 0 36495558 36495558 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 257 257 0 0
# scanned=81751
# found=8
# cleaned=0
# scan_time=5869
C:\autorun.inf INF/Autorun worm (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\G DATA\AVKScanner\29235f5f.rav probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\G DATA\AVKScanner\35f631ad.rav probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\G DATA\AVKScanner\9e18eeaf.rav probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\G DATA\AVKScanner\be39cbd5.rav probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\G DATA\AVKScanner\cdf75845.rav probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\G DATA\AVKScanner\dbe9e067.rav probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\autorun.inf INF/Autorun worm (unable to clean) 00000000000000000000000000000000 I
|
|
10.08.2012, 21:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach ominöser E-Mail von vertrauter Quelle? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.08.2012, 21:57
| #5 |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? |
|
11.08.2012, 16:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach ominöser E-Mail von vertrauter Quelle? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Trojaner nach ominöser E-Mail von vertrauter Quelle? |
|
12.08.2012, 10:13
| #7 | |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? hallo, habe Deine Aweisungen befolgt: Zitat:
gruß tobias |
|
12.08.2012, 14:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach ominöser E-Mail von vertrauter Quelle? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2012, 20:22
| #9 |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? hi, der normale Modus von Windows war nie eingeschränkt. Scheint alles ohne Probleme zu laufen. Und der einzig leere Ordner ist "Autostart", den ich aber vorher schon geleert habe,weil der Rechner so langsam hochfuhr..wenn es da jedoch eine Möglichkeit zur Prüfung gibt... Bist Du eigentlich auf einer Spur oder was ist Dein allgemeiner Eindruck der Logs? Gruß Tobias |
|
14.08.2012, 14:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach ominöser E-Mail von vertrauter Quelle? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.08.2012, 13:18
| #11 |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? hi, erldigt. entschuldige bitte, code und quote habe ich letztens verwechselt, war etwas unachtsam... OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2012 13:31:28 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\FirstSteps\Desktop\säuberung Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 645,60 Mb Available Physical Memory | 63,09% Memory free 2,40 Gb Paging File | 2,01 Gb Available in Paging File | 83,74% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,53 Gb Total Space | 17,39 Gb Free Space | 23,34% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\FirstSteps\Desktop\säuberung\OTL.exe (OldTimer Tools) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\WINDOWS\sm56cht.dll () MOD - C:\WINDOWS\sm56chs.dll () MOD - C:\WINDOWS\sm56spn.dll () MOD - C:\WINDOWS\sm56itl.dll () MOD - C:\WINDOWS\sm56ger.dll () MOD - C:\WINDOWS\sm56fra.dll () MOD - C:\WINDOWS\sm56eng.dll () MOD - C:\WINDOWS\sm56brz.dll () MOD - C:\WINDOWS\sm56jpn.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (accvssvc) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe (AccSys GmbH) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (mvd22) -- C:\Programme\Clarus\Samsung SecretZone\mvd22.sys File not found DRV - (mdf16) -- C:\Programme\Clarus\Samsung SecretZone\mdf16.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/home IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.gmx.net/tab2 [binary data] IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes,DefaultScope = {D82F9124-A7B4-4766-AD67-36083B790129} IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{68DF8993-BB0A-4BA7-929A-8124A29501BB}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{887037E5-BBBF-4A24-B947-0DF9AC620FF1}: "URL" = hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.ebaysuche&s_brand=gmx&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-52222-30040-7/4?mpre=hxxp://shop.ebay.de/?_sacat=See-All-Categories&_nkw={searchTerms} IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{ACF93E4A-97B3-44FC-B335-CA3313D283B8}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{D82F9124-A7B4-4766-AD67-36083B790129}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{E70EBB3B-2DAC-490A-9BBC-1B6D104D516B}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\..\SearchScopes\{FC83EE5B-AC82-478A-B232-E27AFC09727F}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-707883813-383016393-3555952569-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.06.14 09:59:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.06.14 09:59:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.06.14 09:59:44 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} file://D:\berufsscout\swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C9AF9-3685-4038-962F-D1BB8383B551}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.10.27 07:51:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006.05.09 20:36:18 | 000,000,034 | -HS- | M] () - C:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\Shell - "" = AutoRun O33 - MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe O33 - MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\Shell - "" = AutoRun O33 - MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 2000 Series.lnk - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Dropbox.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Samsung Auto Backup Guage.lnk - C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe - (Clarus, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Samsung Auto Backup Real-Time Daemon.lnk - C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe - (Clarus, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^Samsung Auto Backup Scheduler.lnk - C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe - (Clarus, Inc.) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DSLCoMan - hkey= - key= - C:\Programme\DSL Connection Manager\DSLCoMan.exe (AccSys GmbH) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) MsConfig - StartUpReg: YeppStudioAgent - hkey= - key= - C:\Programme\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe () SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {09D80335-9BBF-48EB-9576-8B6928C251A2} - GMX Update ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {412EF925-3539-44AE-B9EC-F79D4E8DBE54} - GMX Browser Add-on ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{0E14C9D4-8E08-406B-A942-A362FC390586} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.09 19:11:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.08.09 17:47:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.08.09 17:47:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.09 17:47:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.09 17:47:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.03 14:24:36 | 000,000,000 | ---D | C] -- C:\FirstSteps\Desktop\säuberung [2012.07.24 22:49:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2012.07.24 22:44:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.07.24 22:28:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.07.24 22:28:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.17 13:22:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.17 13:22:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.17 13:22:08 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2012.08.16 09:33:50 | 000,198,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.15 22:45:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.08.15 22:27:54 | 000,002,489 | ---- | M] () -- C:\FirstSteps\Desktop\Microsoft Word.lnk [2012.08.15 22:09:49 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.12 12:04:59 | 000,100,352 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.03 10:02:58 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.07.24 22:28:24 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.07.23 18:20:13 | 000,116,189 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat [2012.07.23 18:20:12 | 000,098,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.15 22:40:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2012.08.03 10:02:58 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.07.24 22:28:23 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.02.19 22:03:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2008.02.17 11:13:19 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\***\ProfileDuration.csv [2008.01.14 21:46:02 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.02.12 17:19:18 | 000,100,352 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.01.19 17:21:23 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat [2006.01.18 19:29:39 | 000,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2008.09.28 08:32:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys [2011.08.07 20:28:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clarus [2006.05.12 20:52:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2010.03.21 13:01:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1 [2010.03.21 13:02:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{4982A2B2-A1A9-4911-9CE4-2B4981000AF7} [2012.06.03 17:26:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Softland [2008.06.28 12:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CoSoSys [2012.08.02 23:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2006.01.22 17:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller [2006.05.12 22:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2011.02.08 22:46:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ordner HP Share-to-Web [2012.06.03 17:26:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Softland [2006.01.19 17:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2006.05.13 10:12:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe [2006.03.19 11:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM [2007.08.16 18:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ahead [2008.06.28 12:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CoSoSys [2009.05.26 20:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX [2012.08.02 23:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2008.03.21 19:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Help [2005.10.27 07:54:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities [2008.09.28 08:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield [2006.03.11 19:57:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia [2012.08.09 17:47:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2012.07.13 00:42:20 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft [2006.01.22 17:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller [2006.05.12 22:48:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2011.02.08 22:46:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ordner HP Share-to-Web [2012.06.03 17:26:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Softland [2007.04.11 14:04:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2006.01.19 17:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template [2010.05.20 23:03:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3 < %APPDATA%\*.exe /s > [2007.12.21 17:09:26 | 001,523,040 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2006.01.22 17:58:06 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > [2006.05.29 11:48:10 | 015,303,824 | ---- | M] (InstallShield Software Corporation) -- C:\cab.exe [2006.03.07 10:06:58 | 000,094,208 | ---- | M] (AccSys GmbH) -- C:\pcconfig.exe < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.12.18 21:39:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2008.12.18 21:39:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.12.18 21:39:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008.12.18 21:39:49 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys [2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\OemDir\iaStor.sys [2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: VIAMRAID.SYS > [2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys [2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\OemDir\viamraid.sys [2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\system32\drivers\viamraid.sys < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB883529$\winlogon.exe [2004.08.25 18:59:56 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=325A82EBBD69248D75C5F831E8817D17 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.10.27 09:41:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.10.27 09:41:55 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.10.27 09:41:55 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > < End of report > [/code] gruß tobias |
|
17.08.2012, 20:39
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach ominöser E-Mail von vertrauter Quelle? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.27 07:51:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.05.09 20:36:18 | 000,000,034 | -HS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\Shell - "" = AutoRun
O33 - MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\Shell - "" = AutoRun
O33 - MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2006.05.29 11:48:10 | 015,303,824 | ---- | M] (InstallShield Software Corporation) -- C:\cab.exe
[2006.03.07 10:06:58 | 000,094,208 | ---- | M] (AccSys GmbH) -- C:\pcconfig.exe
:Files
C:\autorun.inf
C:\WINDOWS\autorun.inf
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.08.2012, 18:51
| #13 |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? hallo, hoffe, der urlaub war etwas erholsam. hab das otl-fix durchgeführt.. gruß tobias otl-fix Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\WizmaxBackup_NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-707883813-383016393-3555952569-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\WizmaxBackup_NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\AUTOEXEC.BAT not found.
File C:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59966fe4-eb17-11de-83c4-0013ce71de6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59966fe4-eb17-11de-83c4-0013ce71de6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59966fe4-eb17-11de-83c4-0013ce71de6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59966fe4-eb17-11de-83c4-0013ce71de6d}\ not found.
File E:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1d43e5e-6452-11df-8407-0013ce71de6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1d43e5e-6452-11df-8407-0013ce71de6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1d43e5e-6452-11df-8407-0013ce71de6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1d43e5e-6452-11df-8407-0013ce71de6d}\ not found.
File E:\LaunchU3.exe -a not found.
File C:\cab.exe not found.
File C:\pcconfig.exe not found.
========== FILES ==========
File\Folder C:\autorun.inf not found.
File\Folder C:\WINDOWS\autorun.inf not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 785959 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 291 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,00 mb
[EMPTYFLASH]
User: All Users
User: Besitzer
User: Default User
User: LocalService
User: NetworkService
User: ***
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.59.1 log created on 08282012_194145
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
30.08.2012, 19:12
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner nach ominöser E-Mail von vertrauter Quelle? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.08.2012, 20:58
| #15 |
| | Trojaner nach ominöser E-Mail von vertrauter Quelle? hi, auch dies erledigt. gruß tobias tdss-killer-log: Code:
ATTFilter 21:49:09.0203 3796 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:49:09.0218 3796 ============================================================
21:49:09.0218 3796 Current date / time: 2012/08/30 21:49:09.0218
21:49:09.0218 3796 SystemInfo:
21:49:09.0218 3796
21:49:09.0218 3796 OS Version: 5.1.2600 ServicePack: 3.0
21:49:09.0218 3796 Product type: Workstation
21:49:09.0218 3796 ComputerName: ***
21:49:09.0218 3796 UserName: ***
21:49:09.0218 3796 Windows directory: C:\WINDOWS
21:49:09.0218 3796 System windows directory: C:\WINDOWS
21:49:09.0218 3796 Processor architecture: Intel x86
21:49:09.0218 3796 Number of processors: 1
21:49:09.0218 3796 Page size: 0x1000
21:49:09.0218 3796 Boot type: Normal boot
21:49:09.0218 3796 ============================================================
21:49:11.0328 3796 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:49:11.0328 3796 ============================================================
21:49:11.0328 3796 \Device\Harddisk0\DR0:
21:49:11.0328 3796 MBR partitions:
21:49:11.0328 3796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
21:49:11.0328 3796 ============================================================
21:49:11.0500 3796 C: <-> \Device\Harddisk0\DR0\Partition1
21:49:11.0500 3796 ============================================================
21:49:11.0500 3796 Initialize success
21:49:11.0500 3796 ============================================================
21:50:26.0109 2872 ============================================================
21:50:26.0109 2872 Scan started
21:50:26.0109 2872 Mode: Manual; SigCheck; TDLFS;
21:50:26.0109 2872 ============================================================
21:50:26.0937 2872 ================ Scan services =============================
21:50:27.0125 2872 Abiosdsk - ok
21:50:27.0140 2872 abp480n5 - ok
21:50:27.0312 2872 [ 582D30BFCA778872655136018DE00572 ] accvssvc C:\Programme\Gemeinsame Dateien\AccSys\AccVSSvc.exe
21:50:27.0562 2872 accvssvc ( UnsignedFile.Multi.Generic ) - warning
21:50:27.0562 2872 accvssvc - detected UnsignedFile.Multi.Generic (1)
21:50:27.0625 2872 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:50:27.0828 2872 ACPI - ok
21:50:27.0843 2872 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:50:27.0968 2872 ACPIEC - ok
21:50:28.0031 2872 [ 2486C8E3F14496341E90CF2AB8BC82ED ] AdobeActiveFileMonitor4.0 C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
21:50:28.0062 2872 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - warning
21:50:28.0062 2872 AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
21:50:28.0203 2872 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:28.0234 2872 AdobeFlashPlayerUpdateSvc - ok
21:50:28.0234 2872 adpu160m - ok
21:50:28.0265 2872 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:50:28.0437 2872 aec - ok
21:50:28.0515 2872 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:50:28.0593 2872 AFD - ok
21:50:28.0656 2872 [ B34B1AB0A7690A0E2301FEC6D17B2FC1 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
21:50:28.0718 2872 AFS2K ( UnsignedFile.Multi.Generic ) - warning
21:50:28.0718 2872 AFS2K - detected UnsignedFile.Multi.Generic (1)
21:50:28.0718 2872 Aha154x - ok
21:50:28.0734 2872 aic78u2 - ok
21:50:28.0734 2872 aic78xx - ok
21:50:28.0781 2872 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:50:29.0031 2872 Alerter - ok
21:50:29.0062 2872 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:50:29.0156 2872 ALG - ok
21:50:29.0156 2872 AliIde - ok
21:50:29.0171 2872 amsint - ok
21:50:29.0171 2872 AppMgmt - ok
21:50:29.0218 2872 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:50:29.0359 2872 Arp1394 - ok
21:50:29.0359 2872 asc - ok
21:50:29.0375 2872 asc3350p - ok
21:50:29.0375 2872 asc3550 - ok
21:50:29.0421 2872 [ EB62FA6D7DA4E774E47D376E4D19CA5F ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
21:50:29.0468 2872 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
21:50:29.0468 2872 Aspi32 - detected UnsignedFile.Multi.Generic (1)
21:50:29.0578 2872 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
21:50:29.0609 2872 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
21:50:29.0609 2872 aspnet_state - detected UnsignedFile.Multi.Generic (1)
21:50:29.0640 2872 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:50:29.0828 2872 AsyncMac - ok
21:50:29.0875 2872 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:50:30.0093 2872 atapi - ok
21:50:30.0093 2872 Atdisk - ok
21:50:30.0187 2872 [ A2093ED04D20F3ACA0C0D348234C6998 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:50:30.0296 2872 Ati HotKey Poller - ok
21:50:30.0421 2872 [ 99F6DB087497F55D5F8D971F7689F054 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:50:30.0546 2872 ati2mtag - ok
21:50:30.0625 2872 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:50:30.0859 2872 Atmarpc - ok
21:50:30.0953 2872 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:50:31.0109 2872 AudioSrv - ok
21:50:31.0187 2872 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:50:31.0312 2872 audstub - ok
21:50:31.0375 2872 AVP - ok
21:50:31.0453 2872 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:50:31.0609 2872 Beep - ok
21:50:31.0687 2872 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:50:31.0875 2872 BITS - ok
21:50:31.0921 2872 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:50:32.0000 2872 Browser - ok
21:50:32.0046 2872 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:50:32.0218 2872 cbidf2k - ok
21:50:32.0234 2872 cd20xrnt - ok
21:50:32.0265 2872 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:50:32.0421 2872 Cdaudio - ok
21:50:32.0500 2872 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:50:32.0718 2872 Cdfs - ok
21:50:32.0765 2872 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:50:32.0984 2872 Cdrom - ok
21:50:33.0000 2872 Changer - ok
21:50:33.0031 2872 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:50:33.0218 2872 CiSvc - ok
21:50:33.0234 2872 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:50:33.0375 2872 ClipSrv - ok
21:50:33.0406 2872 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:50:33.0531 2872 CmBatt - ok
21:50:33.0531 2872 CmdIde - ok
21:50:33.0546 2872 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:50:33.0687 2872 Compbatt - ok
21:50:33.0703 2872 COMSysApp - ok
21:50:33.0703 2872 Cpqarray - ok
21:50:33.0781 2872 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:50:33.0921 2872 CryptSvc - ok
21:50:33.0921 2872 dac2w2k - ok
21:50:33.0937 2872 dac960nt - ok
21:50:34.0000 2872 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:50:34.0078 2872 DcomLaunch - ok
21:50:34.0125 2872 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:50:34.0281 2872 Dhcp - ok
21:50:34.0296 2872 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:50:34.0437 2872 Disk - ok
21:50:34.0453 2872 dmadmin - ok
21:50:34.0515 2872 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:50:34.0718 2872 dmboot - ok
21:50:34.0750 2872 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:50:34.0890 2872 dmio - ok
21:50:34.0953 2872 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:50:35.0078 2872 dmload - ok
21:50:35.0109 2872 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:50:35.0265 2872 dmserver - ok
21:50:35.0312 2872 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:50:35.0484 2872 DMusic - ok
21:50:35.0500 2872 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:50:35.0671 2872 Dnscache - ok
21:50:35.0703 2872 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:50:35.0921 2872 Dot3svc - ok
21:50:35.0921 2872 dpti2o - ok
21:50:35.0953 2872 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:50:36.0156 2872 drmkaud - ok
21:50:36.0203 2872 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:50:36.0406 2872 EapHost - ok
21:50:36.0453 2872 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:50:36.0687 2872 ERSvc - ok
21:50:36.0750 2872 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:50:36.0828 2872 Eventlog - ok
21:50:36.0906 2872 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:50:36.0984 2872 EventSystem - ok
21:50:37.0031 2872 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:50:37.0234 2872 Fastfat - ok
21:50:37.0296 2872 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:50:37.0390 2872 FastUserSwitchingCompatibility - ok
21:50:37.0453 2872 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
21:50:37.0734 2872 Fax - ok
21:50:37.0765 2872 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:50:37.0890 2872 Fdc - ok
21:50:37.0968 2872 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:50:38.0125 2872 Fips - ok
21:50:38.0156 2872 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:50:38.0312 2872 Flpydisk - ok
21:50:38.0375 2872 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:50:38.0531 2872 FltMgr - ok
21:50:38.0578 2872 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:50:38.0750 2872 Fs_Rec - ok
21:50:38.0781 2872 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:50:38.0953 2872 Ftdisk - ok
21:50:38.0984 2872 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:50:39.0156 2872 Gpc - ok
21:50:39.0203 2872 [ 2A013E7530BEAB6E569FAA83F517E836 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
21:50:39.0281 2872 HdAudAddService - ok
21:50:39.0312 2872 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:50:39.0468 2872 HDAudBus - ok
21:50:39.0578 2872 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:50:39.0781 2872 helpsvc - ok
21:50:39.0781 2872 HidServ - ok
21:50:39.0796 2872 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:50:40.0000 2872 HidUsb - ok
21:50:40.0031 2872 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:50:40.0234 2872 hkmsvc - ok
21:50:40.0234 2872 hpn - ok
21:50:40.0328 2872 [ D3EAA6F63FFF759D36F8B7ADC0B52B7D ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:50:40.0390 2872 HPZid412 - ok
21:50:40.0406 2872 [ 8B34661CD899E9274395D5F9CEEF725E ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:50:40.0468 2872 HPZipr12 - ok
21:50:40.0500 2872 [ 8C5B5566BBC78D6AEDAD44E92DBD878E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:50:40.0562 2872 HPZius12 - ok
21:50:40.0625 2872 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:50:40.0718 2872 HTTP - ok
21:50:40.0734 2872 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:50:40.0984 2872 HTTPFilter - ok
21:50:41.0000 2872 i2omgmt - ok
21:50:41.0015 2872 i2omp - ok
21:50:41.0031 2872 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:50:41.0171 2872 i8042prt - ok
21:50:41.0265 2872 [ BDCE6B54E1D7D8399175A83A02274B7A ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
21:50:41.0343 2872 iaStor - ok
21:50:41.0390 2872 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:50:41.0500 2872 Imapi - ok
21:50:41.0625 2872 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:50:41.0828 2872 ImapiService - ok
21:50:41.0828 2872 ini910u - ok
21:50:42.0156 2872 [ 1265393299A72ADA509F5973040BB93F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:50:42.0531 2872 IntcAzAudAddService - ok
21:50:42.0562 2872 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:50:42.0843 2872 IntelIde - ok
21:50:42.0937 2872 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:50:43.0093 2872 intelppm - ok
21:50:43.0109 2872 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:50:43.0250 2872 Ip6Fw - ok
21:50:43.0296 2872 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:50:43.0437 2872 IpFilterDriver - ok
21:50:43.0453 2872 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:50:43.0593 2872 IpInIp - ok
21:50:43.0640 2872 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:50:43.0812 2872 IpNat - ok
21:50:43.0859 2872 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:50:44.0031 2872 IPSec - ok
21:50:44.0062 2872 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:50:44.0156 2872 IRENUM - ok
21:50:44.0171 2872 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:50:44.0343 2872 isapnp - ok
21:50:44.0375 2872 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:50:44.0562 2872 Kbdclass - ok
21:50:44.0640 2872 [ 94D67D49BD9503BB1D838405D80F2058 ] kl1 C:\WINDOWS\system32\drivers\kl1.sys
21:50:44.0671 2872 kl1 - ok
21:50:44.0687 2872 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
21:50:44.0718 2872 kl2 - ok
21:50:44.0812 2872 [ 44EC6B3DBE167C7FA818F9918D2CBF22 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
21:50:44.0843 2872 KLIF - ok
21:50:44.0921 2872 [ 8D6E11BFA9927978D25B1B8029554F07 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
21:50:44.0937 2872 klim5 - ok
21:50:45.0015 2872 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
21:50:45.0031 2872 klmouflt - ok
21:50:45.0062 2872 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:50:45.0296 2872 kmixer - ok
21:50:45.0343 2872 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:50:45.0421 2872 KSecDD - ok
21:50:45.0468 2872 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:50:45.0562 2872 lanmanserver - ok
21:50:45.0640 2872 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:50:45.0718 2872 lanmanworkstation - ok
21:50:45.0734 2872 lbrtfdc - ok
21:50:45.0796 2872 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:50:45.0953 2872 LmHosts - ok
21:50:45.0968 2872 mdf16 - ok
21:50:46.0093 2872 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
21:50:46.0140 2872 MDM - ok
21:50:46.0187 2872 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:50:46.0468 2872 Messenger - ok
21:50:46.0531 2872 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:50:46.0656 2872 mnmdd - ok
21:50:46.0703 2872 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:50:46.0843 2872 mnmsrvc - ok
21:50:46.0890 2872 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:50:47.0015 2872 Modem - ok
21:50:47.0015 2872 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:50:47.0187 2872 Mouclass - ok
21:50:47.0218 2872 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:50:47.0375 2872 mouhid - ok
21:50:47.0406 2872 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:50:47.0546 2872 MountMgr - ok
21:50:47.0562 2872 mraid35x - ok
21:50:47.0562 2872 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:50:47.0703 2872 MRxDAV - ok
21:50:47.0781 2872 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:47.0875 2872 MRxSmb - ok
21:50:47.0906 2872 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:50:48.0046 2872 MSDTC - ok
21:50:48.0046 2872 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:50:48.0187 2872 Msfs - ok
21:50:48.0203 2872 MSIServer - ok
21:50:48.0234 2872 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:48.0390 2872 MSKSSRV - ok
21:50:48.0421 2872 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:48.0546 2872 MSPCLOCK - ok
21:50:48.0562 2872 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:48.0703 2872 MSPQM - ok
21:50:48.0750 2872 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:50:48.0875 2872 mssmbios - ok
21:50:48.0921 2872 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:50:48.0953 2872 Mup - ok
21:50:48.0968 2872 mvd22 - ok
21:50:49.0015 2872 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:50:49.0156 2872 napagent - ok
21:50:49.0171 2872 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:50:49.0328 2872 NDIS - ok
21:50:49.0375 2872 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:49.0406 2872 NdisTapi - ok
21:50:49.0421 2872 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:49.0578 2872 Ndisuio - ok
21:50:49.0609 2872 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:49.0750 2872 NdisWan - ok
21:50:49.0796 2872 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:49.0875 2872 NDProxy - ok
21:50:49.0890 2872 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:50.0031 2872 NetBIOS - ok
21:50:50.0062 2872 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:50.0218 2872 NetBT - ok
21:50:50.0265 2872 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:50:50.0406 2872 NetDDE - ok
21:50:50.0421 2872 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:50:50.0578 2872 NetDDEdsdm - ok
21:50:50.0640 2872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:50:50.0796 2872 Netlogon - ok
21:50:50.0812 2872 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:50:50.0968 2872 Netman - ok
21:50:51.0000 2872 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:50:51.0156 2872 NIC1394 - ok
21:50:51.0218 2872 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:50:51.0250 2872 Nla - ok
21:50:51.0328 2872 [ B15E0180C43D8B5219196D76878CC2DD ] NPF C:\WINDOWS\system32\drivers\npf.sys
21:50:51.0359 2872 NPF - ok
21:50:51.0359 2872 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:50:51.0531 2872 Npfs - ok
21:50:51.0593 2872 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:51.0812 2872 Ntfs - ok
21:50:51.0812 2872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:50:52.0000 2872 NtLmSsp - ok
21:50:52.0046 2872 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:50:52.0171 2872 NtmsSvc - ok
21:50:52.0234 2872 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:50:52.0375 2872 Null - ok
21:50:52.0421 2872 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:52.0562 2872 NwlnkFlt - ok
21:50:52.0593 2872 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:52.0734 2872 NwlnkFwd - ok
21:50:52.0750 2872 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:50:52.0875 2872 ohci1394 - ok
21:50:52.0921 2872 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:50:53.0062 2872 Parport - ok
21:50:53.0062 2872 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:53.0203 2872 PartMgr - ok
21:50:53.0250 2872 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:53.0375 2872 ParVdm - ok
21:50:53.0375 2872 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:53.0500 2872 PCI - ok
21:50:53.0515 2872 PCIDump - ok
21:50:53.0562 2872 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:50:53.0687 2872 PCIIde - ok
21:50:53.0718 2872 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:53.0859 2872 Pcmcia - ok
21:50:53.0875 2872 PDCOMP - ok
21:50:53.0875 2872 PDFRAME - ok
21:50:53.0921 2872 PDRELI - ok
21:50:53.0921 2872 PDRFRAME - ok
21:50:53.0921 2872 perc2 - ok
21:50:53.0937 2872 perc2hib - ok
21:50:53.0968 2872 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:50:54.0000 2872 PlugPlay - ok
21:50:54.0062 2872 [ 67C4B32A2D107862DF0E3346AADDA86E ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:50:54.0093 2872 Pml Driver HPZ12 - ok
21:50:54.0109 2872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:50:54.0250 2872 PolicyAgent - ok
21:50:54.0265 2872 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:54.0406 2872 PptpMiniport - ok
21:50:54.0421 2872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:50:54.0531 2872 ProtectedStorage - ok
21:50:54.0546 2872 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:50:54.0687 2872 PSched - ok
21:50:54.0703 2872 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:54.0828 2872 Ptilink - ok
21:50:54.0859 2872 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:50:54.0875 2872 PxHelp20 - ok
21:50:54.0875 2872 ql1080 - ok
21:50:54.0890 2872 Ql10wnt - ok
21:50:54.0890 2872 ql12160 - ok
21:50:54.0906 2872 ql1240 - ok
21:50:54.0906 2872 ql1280 - ok
21:50:54.0953 2872 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:55.0078 2872 RasAcd - ok
21:50:55.0125 2872 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:50:55.0250 2872 RasAuto - ok
21:50:55.0281 2872 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:55.0437 2872 Rasl2tp - ok
21:50:55.0500 2872 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:50:55.0625 2872 RasMan - ok
21:50:55.0656 2872 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:55.0781 2872 RasPppoe - ok
21:50:55.0781 2872 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:55.0968 2872 Raspti - ok
21:50:56.0015 2872 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:56.0187 2872 Rdbss - ok
21:50:56.0203 2872 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:56.0343 2872 RDPCDD - ok
21:50:56.0375 2872 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:56.0406 2872 RDPWD - ok
21:50:56.0484 2872 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:50:56.0640 2872 RDSessMgr - ok
21:50:56.0703 2872 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:56.0843 2872 redbook - ok
21:50:56.0921 2872 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:50:57.0109 2872 RemoteAccess - ok
21:50:57.0156 2872 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:50:57.0312 2872 RpcLocator - ok
21:50:57.0375 2872 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:50:57.0406 2872 RpcSs - ok
21:50:57.0468 2872 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:50:57.0625 2872 RSVP - ok
21:50:57.0703 2872 [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
21:50:57.0828 2872 RTL8023xp - ok
21:50:57.0859 2872 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:50:58.0093 2872 rtl8139 - ok
21:50:58.0140 2872 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:50:58.0328 2872 SamSs - ok
21:50:58.0359 2872 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:50:58.0562 2872 SCardSvr - ok
21:50:58.0640 2872 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:50:58.0843 2872 Schedule - ok
21:50:58.0921 2872 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:59.0015 2872 Secdrv - ok
21:50:59.0062 2872 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:50:59.0281 2872 seclogon - ok
21:50:59.0312 2872 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:50:59.0546 2872 SENS - ok
21:50:59.0593 2872 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:50:59.0812 2872 Serial - ok
21:50:59.0859 2872 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:51:00.0078 2872 Sfloppy - ok
21:51:00.0171 2872 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:51:00.0421 2872 SharedAccess - ok
21:51:00.0468 2872 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:51:00.0500 2872 ShellHWDetection - ok
21:51:00.0515 2872 Simbad - ok
21:51:00.0593 2872 [ B8A2F8DCDC75F19962D975727F393920 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:51:00.0703 2872 SiSRaid2 - ok
21:51:00.0796 2872 [ AF2C8104D58662FD0D3AD966BDA3157E ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys
21:51:00.0906 2872 smserial - ok
21:51:00.0906 2872 Sparrow - ok
21:51:00.0968 2872 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:51:01.0218 2872 splitter - ok
21:51:01.0296 2872 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:51:01.0406 2872 Spooler - ok
21:51:01.0421 2872 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:51:01.0593 2872 sr - ok
21:51:01.0656 2872 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:51:01.0828 2872 srservice - ok
21:51:01.0921 2872 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:51:01.0984 2872 Srv - ok
21:51:02.0015 2872 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:51:02.0171 2872 SSDPSRV - ok
21:51:02.0234 2872 [ 71D609C5DFF067906D930BDE031C4CFE ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:51:02.0265 2872 ssmdrv ( UnsignedFile.Multi.Generic ) - warning
21:51:02.0265 2872 ssmdrv - detected UnsignedFile.Multi.Generic (1)
21:51:02.0375 2872 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:51:02.0531 2872 stisvc - ok
21:51:02.0593 2872 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:51:02.0750 2872 swenum - ok
21:51:02.0796 2872 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:51:03.0015 2872 swmidi - ok
21:51:03.0031 2872 SwPrv - ok
21:51:03.0046 2872 symc810 - ok
21:51:03.0046 2872 symc8xx - ok
21:51:03.0062 2872 sym_hi - ok
21:51:03.0078 2872 sym_u3 - ok
21:51:03.0140 2872 [ EBA71A1B7DB9F6E3F70C15A64817C53F ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:51:03.0234 2872 SynTP - ok
21:51:03.0281 2872 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:51:03.0484 2872 sysaudio - ok
21:51:03.0500 2872 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:51:03.0718 2872 SysmonLog - ok
21:51:03.0765 2872 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:51:03.0968 2872 TapiSrv - ok
21:51:04.0062 2872 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:51:04.0140 2872 Tcpip - ok
21:51:04.0156 2872 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:51:04.0375 2872 TDPIPE - ok
21:51:04.0390 2872 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:51:04.0578 2872 TDTCP - ok
21:51:04.0625 2872 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:51:04.0734 2872 TermDD - ok
21:51:04.0796 2872 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:51:04.0921 2872 TermService - ok
21:51:04.0937 2872 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:51:04.0968 2872 Themes - ok
21:51:04.0968 2872 TosIde - ok
21:51:04.0984 2872 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:51:05.0140 2872 TrkWks - ok
21:51:05.0171 2872 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:51:05.0312 2872 Udfs - ok
21:51:05.0312 2872 ultra - ok
21:51:05.0390 2872 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:51:05.0531 2872 Update - ok
21:51:05.0593 2872 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:51:05.0703 2872 upnphost - ok
21:51:05.0718 2872 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:51:05.0843 2872 UPS - ok
21:51:05.0875 2872 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:51:06.0015 2872 usbccgp - ok
21:51:06.0062 2872 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:51:06.0218 2872 usbehci - ok
21:51:06.0234 2872 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:51:06.0359 2872 usbhub - ok
21:51:06.0406 2872 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:51:06.0546 2872 usbprint - ok
21:51:06.0562 2872 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:51:06.0718 2872 usbscan - ok
21:51:06.0750 2872 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:51:06.0875 2872 USBSTOR - ok
21:51:06.0890 2872 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:51:07.0031 2872 usbuhci - ok
21:51:07.0046 2872 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:51:07.0203 2872 VgaSave - ok
21:51:07.0203 2872 ViaIde - ok
21:51:07.0265 2872 [ 6AAA39DD79A8341CE0EF9249F21D6B89 ] viamraid C:\WINDOWS\system32\drivers\viamraid.sys
21:51:07.0343 2872 viamraid - ok
21:51:07.0343 2872 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:51:07.0468 2872 VolSnap - ok
21:51:07.0515 2872 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:51:07.0593 2872 VSS - ok
21:51:07.0843 2872 [ C89DA341FCC883A3D79DC11727484FC2 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:51:08.0078 2872 w29n51 - ok
21:51:08.0140 2872 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:51:08.0359 2872 W32Time - ok
21:51:08.0406 2872 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:51:08.0656 2872 Wanarp - ok
21:51:08.0656 2872 WDICA - ok
21:51:08.0718 2872 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:51:08.0859 2872 wdmaud - ok
21:51:08.0937 2872 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:51:09.0078 2872 WebClient - ok
21:51:09.0218 2872 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:51:09.0406 2872 winmgmt - ok
21:51:09.0500 2872 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:51:09.0546 2872 WmdmPmSN - ok
21:51:09.0593 2872 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:51:09.0781 2872 WmiAcpi - ok
21:51:09.0812 2872 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:51:09.0968 2872 WmiApSrv - ok
21:51:10.0093 2872 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:51:10.0187 2872 WMPNetworkSvc - ok
21:51:10.0265 2872 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:51:10.0484 2872 wscsvc - ok
21:51:10.0531 2872 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:51:10.0812 2872 wuauserv - ok
21:51:10.0859 2872 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:51:10.0890 2872 WudfPf - ok
21:51:10.0921 2872 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:51:10.0968 2872 WudfRd - ok
21:51:11.0000 2872 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:51:11.0031 2872 WudfSvc - ok
21:51:11.0109 2872 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:51:11.0281 2872 WZCSVC - ok
21:51:11.0359 2872 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:51:11.0546 2872 xmlprov - ok
21:51:11.0562 2872 ================ Scan global ===============================
21:51:11.0625 2872 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:51:11.0703 2872 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:51:11.0734 2872 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:51:11.0750 2872 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:51:11.0750 2872 [Global] - ok
21:51:11.0765 2872 ================ Scan MBR ==================================
21:51:11.0796 2872 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:51:12.0187 2872 \Device\Harddisk0\DR0 - ok
21:51:12.0203 2872 ================ Scan VBR ==================================
21:51:12.0203 2872 [ F9ADF6DBEC5064600153FE7892F61B1C ] \Device\Harddisk0\DR0\Partition1
21:51:12.0203 2872 \Device\Harddisk0\DR0\Partition1 - ok
21:51:12.0218 2872 ============================================================
21:51:12.0218 2872 Scan finished
21:51:12.0218 2872 ============================================================
21:51:12.0328 3868 Detected object count: 6
21:51:12.0328 3868 Actual detected object count: 6
21:51:34.0312 3868 accvssvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:34.0312 3868 accvssvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:34.0312 3868 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:34.0312 3868 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:34.0328 3868 AFS2K ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:34.0328 3868 AFS2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:34.0328 3868 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:34.0328 3868 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:34.0328 3868 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:34.0328 3868 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:34.0328 3868 ssmdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:34.0328 3868 ssmdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:32.0531 3780 Deinitialize success
|
|
| Themen zu Trojaner nach ominöser E-Mail von vertrauter Quelle? |
| avira, avp.exe, bho, dsl, e-banking, e-mail, einstellungen, error, firefox, flash player, format, hdaudio.sys, home, homepage, kaspersky, logfile, ntdll.dll, object, origin, plug-in, realtek, registry, rundll, scan, security, server, software, tastatur, trojaner, udp, windows internet |
isabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
