![]() |
|
Log-Analyse und Auswertung: TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #17 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101Code:
ATTFilter All processes killed ========== OTL ========== Unable to set value : HKU\S-1-5-21-3478333218-2023943964-1579655039-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E! Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry key HKEY_USERS\S-1-5-21-3478333218-2023943964-1579655039-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Photo Downloader deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\T-DSL-Manager-Setup deleted successfully. Registry key HKEY_USERS\S-1-5-21-3478333218-2023943964-1579655039-1006\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-3478333218-2023943964-1579655039-1006\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_USERS\S-1-5-21-3478333218-2023943964-1579655039-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! D:\AUTOEXEC.BAT moved successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A1D3FEF0 deleted successfully. ========== FILES ========== C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. C:\WINDOWS\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. C:\Dokumente und Einstellungen\Droge\Lokale Einstellungen\Anwendungsdaten\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully. C:\Dokumente und Einstellungen\Droge\Lokale Einstellungen\Anwendungsdaten\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully. C:\Dokumente und Einstellungen\Droge\Lokale Einstellungen\Anwendungsdaten\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt. Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten. Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden. C:\Dokumente und Einstellungen\Droge\Desktop\cmd.bat deleted successfully. C:\Dokumente und Einstellungen\Droge\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 41 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 41 bytes User: Droge ->Temp folder emptied: 113302059 bytes ->Temporary Internet Files folder emptied: 169313165 bytes ->Java cache emptied: 2584954 bytes ->FireFox cache emptied: 508546438 bytes ->Flash cache emptied: 1377227 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 245639 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 401856392 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.142,00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Droge ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.59.1 log created on 09042012_102304 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Danke Annettsche |
![]() | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C ![]() Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! ![]()
__________________ |
![]() | #19 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101Code:
ATTFilter 17:46:04.0750 2740 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 17:46:04.0937 2740 ============================================================ 17:46:04.0937 2740 Current date / time: 2012/09/04 17:46:04.0937 17:46:04.0937 2740 SystemInfo: 17:46:04.0937 2740 17:46:04.0937 2740 OS Version: 5.1.2600 ServicePack: 2.0 17:46:04.0937 2740 Product type: Workstation 17:46:04.0937 2740 ComputerName: ANNETTE 17:46:04.0937 2740 UserName: Droge 17:46:04.0937 2740 Windows directory: C:\WINDOWS 17:46:04.0937 2740 System windows directory: C:\WINDOWS 17:46:04.0937 2740 Processor architecture: Intel x86 17:46:04.0937 2740 Number of processors: 1 17:46:04.0937 2740 Page size: 0x1000 17:46:04.0937 2740 Boot type: Normal boot 17:46:04.0937 2740 ============================================================ 17:46:07.0359 2740 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 17:46:07.0375 2740 ============================================================ 17:46:07.0375 2740 \Device\Harddisk0\DR0: 17:46:07.0390 2740 MBR partitions: 17:46:07.0390 2740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x85CFC5F 17:46:07.0390 2740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x85D3B5F, BlocksNum 0xD38C9F 17:46:07.0390 2740 ============================================================ 17:46:07.0406 2740 C: <-> \Device\Harddisk0\DR0\Partition1 17:46:07.0421 2740 D: <-> \Device\Harddisk0\DR0\Partition2 17:46:07.0421 2740 ============================================================ 17:46:07.0421 2740 Initialize success 17:46:07.0421 2740 ============================================================ 17:47:51.0140 3516 ============================================================ 17:47:51.0140 3516 Scan started 17:47:51.0140 3516 Mode: Manual; 17:47:51.0140 3516 ============================================================ 17:47:51.0546 3516 ================ Scan services ============================= 17:47:51.0765 3516 Abiosdsk - ok 17:47:51.0781 3516 abp480n5 - ok 17:47:51.0875 3516 [ 94B4741D2CF9ED38140B831293D1601A ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 17:47:51.0875 3516 ACPI - ok 17:47:51.0906 3516 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 17:47:51.0906 3516 ACPIEC - ok 17:47:52.0031 3516 [ 2486C8E3F14496341E90CF2AB8BC82ED ] AdobeActiveFileMonitor4.0 C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe 17:47:52.0031 3516 AdobeActiveFileMonitor4.0 - ok 17:47:52.0046 3516 adpu160m - ok 17:47:52.0109 3516 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys 17:47:52.0125 3516 aec - ok 17:47:52.0171 3516 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys 17:47:52.0187 3516 AFD - ok 17:47:52.0203 3516 Aha154x - ok 17:47:52.0218 3516 aic78u2 - ok 17:47:52.0250 3516 aic78xx - ok 17:47:52.0296 3516 [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter C:\WINDOWS\system32\alrsvc.dll 17:47:52.0296 3516 Alerter - ok 17:47:52.0343 3516 [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG C:\WINDOWS\System32\alg.exe 17:47:52.0343 3516 ALG - ok 17:47:52.0359 3516 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 17:47:52.0359 3516 AliIde - ok 17:47:52.0421 3516 [ 769844EB65DF6A62AA51B886290FE51D ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 17:47:52.0421 3516 AmdK8 - ok 17:47:52.0437 3516 amsint - ok 17:47:52.0578 3516 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe 17:47:52.0593 3516 AntiVirSchedulerService - ok 17:47:52.0656 3516 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe 17:47:52.0671 3516 AntiVirService - ok 17:47:52.0687 3516 AppMgmt - ok 17:47:52.0750 3516 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 17:47:52.0750 3516 Arp1394 - ok 17:47:52.0765 3516 asc - ok 17:47:52.0781 3516 asc3350p - ok 17:47:52.0812 3516 asc3550 - ok 17:47:52.0921 3516 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 17:47:52.0921 3516 aspnet_state - ok 17:47:52.0953 3516 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 17:47:52.0953 3516 AsyncMac - ok 17:47:52.0984 3516 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 17:47:53.0000 3516 atapi - ok 17:47:53.0031 3516 Atdisk - ok 17:47:53.0109 3516 [ B395912B170A709DC1B6E113E378C554 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 17:47:53.0125 3516 Ati HotKey Poller - ok 17:47:53.0250 3516 [ 287B11A781F2B7A28F283FD4B7434DAF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 17:47:53.0281 3516 ati2mtag - ok 17:47:53.0343 3516 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 17:47:53.0359 3516 Atmarpc - ok 17:47:53.0406 3516 [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 17:47:53.0406 3516 AudioSrv - ok 17:47:53.0437 3516 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 17:47:53.0437 3516 audstub - ok 17:47:53.0500 3516 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys 17:47:53.0500 3516 avgio - ok 17:47:53.0531 3516 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys 17:47:53.0531 3516 avgntflt - ok 17:47:53.0546 3516 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys 17:47:53.0562 3516 avipbb - ok 17:47:53.0656 3516 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 17:47:53.0671 3516 BCM43XX - ok 17:47:53.0687 3516 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 17:47:53.0703 3516 Beep - ok 17:47:53.0765 3516 [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser C:\WINDOWS\System32\browser.dll 17:47:53.0781 3516 Browser - ok 17:47:53.0812 3516 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys 17:47:53.0812 3516 BTWUSB - ok 17:47:53.0875 3516 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys 17:47:53.0875 3516 CAMCAUD - ok 17:47:53.0953 3516 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys 17:47:53.0968 3516 CAMCHALA - ok 17:47:54.0000 3516 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 17:47:54.0000 3516 cbidf2k - ok 17:47:54.0031 3516 cd20xrnt - ok 17:47:54.0046 3516 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 17:47:54.0046 3516 Cdaudio - ok 17:47:54.0078 3516 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 17:47:54.0078 3516 Cdfs - ok 17:47:54.0125 3516 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 17:47:54.0125 3516 Cdrom - ok 17:47:54.0156 3516 Changer - ok 17:47:54.0218 3516 [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc C:\WINDOWS\system32\cisvc.exe 17:47:54.0218 3516 CiSvc - ok 17:47:54.0250 3516 [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 17:47:54.0250 3516 ClipSrv - ok 17:47:54.0281 3516 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 17:47:54.0281 3516 CmBatt - ok 17:47:54.0312 3516 CmdIde - ok 17:47:54.0343 3516 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 17:47:54.0343 3516 Compbatt - ok 17:47:54.0359 3516 COMSysApp - ok 17:47:54.0406 3516 Cpqarray - ok 17:47:54.0453 3516 [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 17:47:54.0453 3516 CryptSvc - ok 17:47:54.0468 3516 dac2w2k - ok 17:47:54.0484 3516 dac960nt - ok 17:47:54.0546 3516 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 17:47:54.0578 3516 DcomLaunch - ok 17:47:54.0625 3516 [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 17:47:54.0625 3516 Dhcp - ok 17:47:54.0640 3516 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 17:47:54.0640 3516 Disk - ok 17:47:54.0656 3516 dmadmin - ok 17:47:54.0734 3516 [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 17:47:54.0765 3516 dmboot - ok 17:47:54.0796 3516 [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio C:\WINDOWS\system32\drivers\dmio.sys 17:47:54.0796 3516 dmio - ok 17:47:54.0828 3516 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 17:47:54.0828 3516 dmload - ok 17:47:54.0859 3516 [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver C:\WINDOWS\System32\dmserver.dll 17:47:54.0859 3516 dmserver - ok 17:47:54.0921 3516 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 17:47:54.0921 3516 DMusic - ok 17:47:54.0968 3516 [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 17:47:54.0968 3516 Dnscache - ok 17:47:54.0984 3516 dpti2o - ok 17:47:55.0000 3516 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 17:47:55.0000 3516 drmkaud - ok 17:47:55.0062 3516 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys 17:47:55.0062 3516 eabfiltr - ok 17:47:55.0109 3516 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys 17:47:55.0109 3516 eabusb - ok 17:47:55.0140 3516 [ 877A4512CC9074D6954776AF47021766 ] ERSvc C:\WINDOWS\System32\ersvc.dll 17:47:55.0140 3516 ERSvc - ok 17:47:55.0203 3516 [ A07CA23EA361A01E627D911CF139B950 ] Eventlog C:\WINDOWS\system32\services.exe 17:47:55.0203 3516 Eventlog - ok 17:47:55.0265 3516 [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem C:\WINDOWS\system32\es.dll 17:47:55.0265 3516 EventSystem - ok 17:47:55.0296 3516 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 17:47:55.0312 3516 Fastfat - ok 17:47:55.0359 3516 [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 17:47:55.0359 3516 FastUserSwitchingCompatibility - ok 17:47:55.0375 3516 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 17:47:55.0375 3516 Fdc - ok 17:47:55.0421 3516 [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 17:47:55.0421 3516 Fips - ok 17:47:55.0468 3516 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 17:47:55.0468 3516 Flpydisk - ok 17:47:55.0515 3516 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 17:47:55.0531 3516 FltMgr - ok 17:47:55.0546 3516 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 17:47:55.0546 3516 Fs_Rec - ok 17:47:55.0562 3516 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 17:47:55.0578 3516 Ftdisk - ok 17:47:55.0609 3516 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys 17:47:55.0609 3516 ggflt - ok 17:47:55.0671 3516 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys 17:47:55.0671 3516 ggsemc - ok 17:47:55.0734 3516 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 17:47:55.0734 3516 Gpc - ok 17:47:55.0906 3516 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 17:47:55.0906 3516 gusvc - ok 17:47:56.0046 3516 [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 17:47:56.0046 3516 helpsvc - ok 17:47:56.0062 3516 HidServ - ok 17:47:56.0093 3516 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 17:47:56.0093 3516 HidUsb - ok 17:47:56.0171 3516 [ 763EF3C04A07E9155989336CBE166AB0 ] HotSpotFSvc C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe 17:47:56.0187 3516 HotSpotFSvc - ok 17:47:56.0203 3516 hpn - ok 17:47:56.0328 3516 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll 17:47:56.0343 3516 hpqcxs08 - ok 17:47:56.0375 3516 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll 17:47:56.0390 3516 hpqddsvc - ok 17:47:56.0468 3516 [ 16CF6F0847C36FF3A85930ECBC4D3C43 ] hpqwmiex C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe 17:47:56.0468 3516 hpqwmiex - ok 17:47:56.0515 3516 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 17:47:56.0531 3516 HPZid412 - ok 17:47:56.0578 3516 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 17:47:56.0578 3516 HPZipr12 - ok 17:47:56.0609 3516 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 17:47:56.0609 3516 HPZius12 - ok 17:47:56.0671 3516 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys 17:47:56.0687 3516 HSFHWATI - ok 17:47:56.0765 3516 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 17:47:56.0796 3516 HSF_DP - ok 17:47:56.0906 3516 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 17:47:56.0906 3516 HTTP - ok 17:47:56.0953 3516 [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 17:47:56.0968 3516 HTTPFilter - ok 17:47:56.0984 3516 i2omgmt - ok 17:47:57.0000 3516 i2omp - ok 17:47:57.0046 3516 [ 7C575018D0413440D75432A78B88C899 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 17:47:57.0062 3516 i8042prt - ok 17:47:57.0171 3516 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:47:57.0171 3516 IDriverT - ok 17:47:57.0234 3516 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 17:47:57.0234 3516 Imapi - ok 17:47:57.0312 3516 [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService C:\WINDOWS\system32\imapi.exe 17:47:57.0312 3516 ImapiService - ok 17:47:57.0375 3516 [ 379748C22736CE97247FEB4B311E7DE5 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys 17:47:57.0390 3516 InCDfs - ok 17:47:57.0406 3516 [ CDC98D9FF11DC8A88D99370F0786005E ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys 17:47:57.0406 3516 InCDPass - ok 17:47:57.0453 3516 [ 20CBCB4CE7F23DF4E8AD09B8F31A4B78 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys 17:47:57.0453 3516 InCDrec - ok 17:47:57.0468 3516 [ 79774F35DDF9107F05C8021BB2242798 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys 17:47:57.0468 3516 incdrm - ok 17:47:57.0531 3516 InCDsrvR - ok 17:47:57.0562 3516 ini910u - ok 17:47:57.0593 3516 [ D63C33F65F6EBC732116403D88883B2D ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 17:47:57.0593 3516 IntelIde - ok 17:47:57.0625 3516 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 17:47:57.0625 3516 Ip6Fw - ok 17:47:57.0656 3516 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 17:47:57.0656 3516 IpFilterDriver - ok 17:47:57.0687 3516 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 17:47:57.0687 3516 IpInIp - ok 17:47:57.0750 3516 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 17:47:57.0750 3516 IpNat - ok 17:47:57.0765 3516 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 17:47:57.0781 3516 IPSec - ok 17:47:57.0812 3516 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 17:47:57.0812 3516 IRENUM - ok 17:47:57.0828 3516 [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 17:47:57.0828 3516 isapnp - ok 17:47:57.0968 3516 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe 17:47:57.0968 3516 JavaQuickStarterService - ok 17:47:58.0031 3516 [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 17:47:58.0031 3516 Kbdclass - ok 17:47:58.0078 3516 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 17:47:58.0078 3516 kmixer - ok 17:47:58.0125 3516 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 17:47:58.0125 3516 KSecDD - ok 17:47:58.0187 3516 [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 17:47:58.0187 3516 lanmanserver - ok 17:47:58.0234 3516 [ BA5857CA62E866CADDCFD3635D0990BC ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 17:47:58.0234 3516 lanmanworkstation - ok 17:47:58.0250 3516 lbrtfdc - ok 17:47:58.0312 3516 [ 258CACA1DAADE43978E2ECC9BDC94E1C ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 17:47:58.0312 3516 LightScribeService - ok 17:47:58.0359 3516 [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 17:47:58.0375 3516 LmHosts - ok 17:47:58.0453 3516 [ E949D673842858D458F7E6BCD46A2A5D ] MACNDIS5 C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS 17:47:58.0453 3516 MACNDIS5 - ok 17:47:58.0515 3516 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys 17:47:58.0515 3516 MBAMProtector - ok 17:47:58.0609 3516 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 17:47:58.0640 3516 MBAMService - ok 17:47:58.0671 3516 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 17:47:58.0671 3516 mdmxsdk - ok 17:47:58.0734 3516 [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger C:\WINDOWS\System32\msgsvc.dll 17:47:58.0734 3516 Messenger - ok 17:47:58.0781 3516 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 17:47:58.0796 3516 mnmdd - ok 17:47:58.0859 3516 [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 17:47:58.0859 3516 mnmsrvc - ok 17:47:58.0906 3516 [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 17:47:58.0921 3516 Modem - ok 17:47:58.0937 3516 [ 71E15CA47FD947552054AFB28536268F ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 17:47:58.0937 3516 Mouclass - ok 17:47:59.0000 3516 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 17:47:59.0000 3516 mouhid - ok 17:47:59.0015 3516 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 17:47:59.0015 3516 MountMgr - ok 17:47:59.0078 3516 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 17:47:59.0078 3516 MozillaMaintenance - ok 17:47:59.0093 3516 mraid35x - ok 17:47:59.0140 3516 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 17:47:59.0140 3516 MRxDAV - ok 17:47:59.0203 3516 [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 17:47:59.0203 3516 MRxSmb - ok 17:47:59.0218 3516 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 17:47:59.0218 3516 Msfs - ok 17:47:59.0234 3516 MSIServer - ok 17:47:59.0281 3516 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 17:47:59.0281 3516 MSKSSRV - ok 17:47:59.0296 3516 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 17:47:59.0312 3516 MSPCLOCK - ok 17:47:59.0328 3516 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 17:47:59.0328 3516 MSPQM - ok 17:47:59.0359 3516 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 17:47:59.0359 3516 mssmbios - ok 17:47:59.0375 3516 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 17:47:59.0375 3516 Mup - ok 17:47:59.0453 3516 [ 5F9BA398F88FC8928EA6DBD5D144CFCA ] MZCCntrl C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe 17:47:59.0453 3516 MZCCntrl - ok 17:47:59.0484 3516 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 17:47:59.0484 3516 NDIS - ok 17:47:59.0515 3516 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 17:47:59.0515 3516 NdisTapi - ok 17:47:59.0578 3516 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 17:47:59.0578 3516 Ndisuio - ok 17:47:59.0593 3516 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 17:47:59.0593 3516 NdisWan - ok 17:47:59.0609 3516 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 17:47:59.0625 3516 NDProxy - ok 17:47:59.0656 3516 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll 17:47:59.0671 3516 Net Driver HPZ12 - ok 17:47:59.0687 3516 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 17:47:59.0687 3516 NetBIOS - ok 17:47:59.0718 3516 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 17:47:59.0718 3516 NetBT - ok 17:47:59.0765 3516 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE C:\WINDOWS\system32\netdde.exe 17:47:59.0765 3516 NetDDE - ok 17:47:59.0781 3516 [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 17:47:59.0781 3516 NetDDEdsdm - ok 17:47:59.0828 3516 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon C:\WINDOWS\system32\lsass.exe 17:47:59.0843 3516 Netlogon - ok 17:47:59.0906 3516 [ 1E5218FBE323C375B488318950E10FB4 ] Netman C:\WINDOWS\System32\netman.dll 17:47:59.0921 3516 Netman - ok 17:47:59.0968 3516 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 17:47:59.0968 3516 NIC1394 - ok 17:48:00.0015 3516 [ 774274C487493452DF3B0126DBE7FF3B ] Nla C:\WINDOWS\System32\mswsock.dll 17:48:00.0031 3516 Nla - ok 17:48:00.0046 3516 [ 60CF8C7192B3614F240838DDBAA4A245 ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys 17:48:00.0046 3516 nm - ok 17:48:00.0078 3516 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 17:48:00.0078 3516 Npfs - ok 17:48:00.0140 3516 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 17:48:00.0140 3516 Ntfs - ok 17:48:00.0156 3516 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 17:48:00.0171 3516 NtLmSsp - ok 17:48:00.0203 3516 [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 17:48:00.0218 3516 NtmsSvc - ok 17:48:00.0250 3516 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 17:48:00.0250 3516 Null - ok 17:48:00.0281 3516 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 17:48:00.0281 3516 NwlnkFlt - ok 17:48:00.0312 3516 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 17:48:00.0312 3516 NwlnkFwd - ok 17:48:00.0343 3516 [ 197DDF60B254A84D8656850397B5F923 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 17:48:00.0343 3516 ohci1394 - ok 17:48:00.0375 3516 [ B2F17A2EDB5450E61973A037F63A595B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 17:48:00.0375 3516 Parport - ok 17:48:00.0390 3516 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 17:48:00.0390 3516 PartMgr - ok 17:48:00.0406 3516 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 17:48:00.0406 3516 ParVdm - ok 17:48:00.0468 3516 [ 5BBBFFEB0250371B539386D2C902976F ] PCANDIS5 C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS 17:48:00.0468 3516 Suspicious file (NoAccess): C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS. md5: 5BBBFFEB0250371B539386D2C902976F 17:48:00.0468 3516 PCANDIS5 ( LockedFile.Multi.Generic ) - warning 17:48:00.0468 3516 PCANDIS5 - detected LockedFile.Multi.Generic (1) 17:48:00.0484 3516 [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 17:48:00.0484 3516 PCI - ok 17:48:00.0500 3516 PCIDump - ok 17:48:00.0515 3516 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 17:48:00.0515 3516 PCIIde - ok 17:48:00.0546 3516 [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 17:48:00.0546 3516 Pcmcia - ok 17:48:00.0562 3516 PDCOMP - ok 17:48:00.0578 3516 PDFRAME - ok 17:48:00.0593 3516 PDRELI - ok 17:48:00.0609 3516 PDRFRAME - ok 17:48:00.0625 3516 perc2 - ok 17:48:00.0640 3516 perc2hib - ok 17:48:00.0781 3516 [ 9B03B2D34D46F88638D51066531D08DC ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe 17:48:00.0781 3516 PLFlash DeviceIoControl Service - ok 17:48:00.0812 3516 [ A07CA23EA361A01E627D911CF139B950 ] PlugPlay C:\WINDOWS\system32\services.exe 17:48:00.0812 3516 PlugPlay - ok 17:48:00.0875 3516 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 17:48:00.0875 3516 Pml Driver HPZ12 - ok 17:48:00.0906 3516 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 17:48:00.0906 3516 PolicyAgent - ok 17:48:00.0937 3516 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 17:48:00.0937 3516 PptpMiniport - ok 17:48:00.0953 3516 [ F04317FB351B75233979DC65D4CEAD54 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 17:48:00.0968 3516 Processor - ok 17:48:00.0968 3516 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 17:48:00.0984 3516 ProtectedStorage - ok 17:48:01.0000 3516 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 17:48:01.0000 3516 PSched - ok 17:48:01.0015 3516 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 17:48:01.0015 3516 Ptilink - ok 17:48:01.0062 3516 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 17:48:01.0062 3516 PxHelp20 - ok 17:48:01.0078 3516 ql1080 - ok 17:48:01.0093 3516 Ql10wnt - ok 17:48:01.0109 3516 ql12160 - ok 17:48:01.0125 3516 ql1240 - ok 17:48:01.0140 3516 ql1280 - ok 17:48:01.0171 3516 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 17:48:01.0171 3516 RasAcd - ok 17:48:01.0203 3516 [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto C:\WINDOWS\System32\rasauto.dll 17:48:01.0218 3516 RasAuto - ok 17:48:01.0234 3516 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys 17:48:01.0234 3516 Rasirda - ok 17:48:01.0250 3516 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 17:48:01.0250 3516 Rasl2tp - ok 17:48:01.0312 3516 [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan C:\WINDOWS\System32\rasmans.dll 17:48:01.0312 3516 RasMan - ok 17:48:01.0343 3516 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 17:48:01.0343 3516 RasPppoe - ok 17:48:01.0375 3516 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 17:48:01.0375 3516 Raspti - ok 17:48:01.0421 3516 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 17:48:01.0437 3516 Rdbss - ok 17:48:01.0484 3516 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 17:48:01.0484 3516 RDPCDD - ok 17:48:01.0546 3516 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 17:48:01.0546 3516 RDPWD - ok 17:48:01.0609 3516 [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 17:48:01.0609 3516 RDSessMgr - ok 17:48:01.0656 3516 [ AA56702E230860565CB8D43680F57F33 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 17:48:01.0656 3516 redbook - ok 17:48:01.0703 3516 [ EBA80CDF25E02084857957E820004934 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 17:48:01.0718 3516 RemoteAccess - ok 17:48:01.0734 3516 [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator C:\WINDOWS\system32\locator.exe 17:48:01.0734 3516 RpcLocator - ok 17:48:01.0796 3516 [ 8AFBC2E1E5555A1C29953AF854F0FCA5 ] RpcSs C:\WINDOWS\system32\rpcss.dll 17:48:01.0796 3516 RpcSs - ok 17:48:01.0843 3516 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 17:48:01.0859 3516 RSVP - ok 17:48:01.0906 3516 [ 7889E3981E0A5D347E037ABD467D53A5 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 17:48:01.0906 3516 RTL8023xp - ok 17:48:01.0968 3516 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\WINDOWS\system32\DRIVERS\s0016bus.sys 17:48:01.0968 3516 s0016bus - ok 17:48:02.0031 3516 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys 17:48:02.0031 3516 s0016mdfl - ok 17:48:02.0093 3516 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\WINDOWS\system32\DRIVERS\s0016mdm.sys 17:48:02.0093 3516 s0016mdm - ok 17:48:02.0140 3516 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys 17:48:02.0156 3516 s0016mgmt - ok 17:48:02.0171 3516 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\WINDOWS\system32\DRIVERS\s0016nd5.sys 17:48:02.0171 3516 s0016nd5 - ok 17:48:02.0234 3516 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\WINDOWS\system32\DRIVERS\s0016obex.sys 17:48:02.0234 3516 s0016obex - ok 17:48:02.0265 3516 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\WINDOWS\system32\DRIVERS\s0016unic.sys 17:48:02.0265 3516 s0016unic - ok 17:48:02.0312 3516 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\WINDOWS\system32\DRIVERS\s0017bus.sys 17:48:02.0312 3516 s0017bus - ok 17:48:02.0359 3516 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys 17:48:02.0359 3516 s0017mdfl - ok 17:48:02.0390 3516 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm C:\WINDOWS\system32\DRIVERS\s0017mdm.sys 17:48:02.0390 3516 s0017mdm - ok 17:48:02.0406 3516 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys 17:48:02.0421 3516 s0017mgmt - ok 17:48:02.0453 3516 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 C:\WINDOWS\system32\DRIVERS\s0017nd5.sys 17:48:02.0453 3516 s0017nd5 - ok 17:48:02.0484 3516 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex C:\WINDOWS\system32\DRIVERS\s0017obex.sys 17:48:02.0484 3516 s0017obex - ok 17:48:02.0515 3516 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic C:\WINDOWS\system32\DRIVERS\s0017unic.sys 17:48:02.0515 3516 s0017unic - ok 17:48:02.0562 3516 [ 1F561844318914E7EB6E54673A4CC54C ] s117bus C:\WINDOWS\system32\DRIVERS\s117bus.sys 17:48:02.0562 3516 s117bus - ok 17:48:02.0609 3516 [ BA93EEC3CDF6A63B77AE66221AA4F902 ] s117mdfl C:\WINDOWS\system32\DRIVERS\s117mdfl.sys 17:48:02.0609 3516 s117mdfl - ok 17:48:02.0625 3516 [ CBA12FD8A8EE5B5CDFBBAE2381CD6703 ] s117mdm C:\WINDOWS\system32\DRIVERS\s117mdm.sys 17:48:02.0625 3516 s117mdm - ok 17:48:02.0687 3516 [ BD6483E64B1DA17E812B34BCDEFD9459 ] s117mgmt C:\WINDOWS\system32\DRIVERS\s117mgmt.sys 17:48:02.0687 3516 s117mgmt - ok 17:48:02.0750 3516 [ C7CA36C3054B4CD47A1F6611B046E2F9 ] s117nd5 C:\WINDOWS\system32\DRIVERS\s117nd5.sys 17:48:02.0750 3516 s117nd5 - ok 17:48:02.0781 3516 [ E290B3A6B58FB72CA97DD48D64E4FC1C ] s117obex C:\WINDOWS\system32\DRIVERS\s117obex.sys 17:48:02.0796 3516 s117obex - ok 17:48:02.0843 3516 [ 5C4D1BA23C7511AC880E8BA7BAA80DBA ] s117unic C:\WINDOWS\system32\DRIVERS\s117unic.sys 17:48:02.0843 3516 s117unic - ok 17:48:02.0890 3516 [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs C:\WINDOWS\system32\lsass.exe 17:48:02.0890 3516 SamSs - ok 17:48:02.0953 3516 [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 17:48:02.0968 3516 SCardSvr - ok 17:48:03.0015 3516 [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule C:\WINDOWS\system32\schedsvc.dll 17:48:03.0015 3516 Schedule - ok 17:48:03.0078 3516 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys 17:48:03.0078 3516 sdbus - ok 17:48:03.0125 3516 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 17:48:03.0125 3516 Secdrv - ok 17:48:03.0156 3516 [ FED544B43903FB801B106F062110358A ] seclogon C:\WINDOWS\System32\seclogon.dll 17:48:03.0156 3516 seclogon - ok 17:48:03.0187 3516 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys 17:48:03.0203 3516 seehcri - ok 17:48:03.0218 3516 [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS C:\WINDOWS\system32\sens.dll 17:48:03.0218 3516 SENS - ok 17:48:03.0250 3516 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 17:48:03.0250 3516 serenum - ok 17:48:03.0296 3516 [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 17:48:03.0296 3516 Serial - ok 17:48:03.0328 3516 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 17:48:03.0328 3516 Sfloppy - ok 17:48:03.0359 3516 [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 17:48:03.0359 3516 ShellHWDetection - ok 17:48:03.0375 3516 Simbad - ok 17:48:03.0437 3516 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys 17:48:03.0437 3516 SMCIRDA - ok 17:48:03.0531 3516 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 17:48:03.0546 3516 Sony Ericsson PCCompanion - ok 17:48:03.0562 3516 Sparrow - ok 17:48:03.0593 3516 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 17:48:03.0593 3516 splitter - ok 17:48:03.0656 3516 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe 17:48:03.0656 3516 Spooler - ok 17:48:03.0671 3516 [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 17:48:03.0687 3516 sr - ok 17:48:03.0750 3516 [ E150E7618328562598F4CE0B5851B5CD ] srservice C:\WINDOWS\system32\srsvc.dll 17:48:03.0750 3516 srservice - ok 17:48:03.0796 3516 [ AB9C79ED12D65E800AAAD3D72A04792F ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 17:48:03.0812 3516 Srv - ok 17:48:03.0906 3516 [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 17:48:03.0906 3516 SSDPSRV - ok 17:48:03.0984 3516 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 17:48:03.0984 3516 ssmdrv - ok 17:48:04.0031 3516 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys 17:48:04.0046 3516 StillCam - ok 17:48:04.0109 3516 [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc C:\WINDOWS\system32\wiaservc.dll 17:48:04.0125 3516 stisvc - ok 17:48:04.0187 3516 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 17:48:04.0187 3516 swenum - ok 17:48:04.0234 3516 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 17:48:04.0234 3516 swmidi - ok 17:48:04.0250 3516 SwPrv - ok 17:48:04.0265 3516 symc810 - ok 17:48:04.0296 3516 symc8xx - ok 17:48:04.0312 3516 sym_hi - ok 17:48:04.0328 3516 sym_u3 - ok 17:48:04.0468 3516 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 17:48:04.0468 3516 SynTP - ok 17:48:04.0500 3516 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 17:48:04.0500 3516 sysaudio - ok 17:48:04.0546 3516 [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 17:48:04.0546 3516 SysmonLog - ok 17:48:04.0609 3516 [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 17:48:04.0625 3516 TapiSrv - ok 17:48:04.0671 3516 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 17:48:04.0687 3516 Tcpip - ok 17:48:04.0718 3516 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 17:48:04.0718 3516 TDPIPE - ok 17:48:04.0812 3516 [ 73BD16CD305E9F8FD837E92AC3FA9085 ] TDslMgrService C:\Programme\T-DSL Manager\DslMgrSvc.exe 17:48:04.0812 3516 TDslMgrService - ok 17:48:04.0828 3516 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 17:48:04.0828 3516 TDTCP - ok 17:48:04.0890 3516 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 17:48:04.0890 3516 TermDD - ok 17:48:05.0015 3516 [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService C:\WINDOWS\System32\termsrv.dll 17:48:05.0031 3516 TermService - ok 17:48:05.0062 3516 [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes C:\WINDOWS\System32\shsvcs.dll 17:48:05.0078 3516 Themes - ok 17:48:05.0140 3516 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys 17:48:05.0140 3516 tifm21 - ok 17:48:05.0156 3516 TosIde - ok 17:48:05.0203 3516 [ A34E894201D66E380E1FA96FE11B587E ] TrkWks C:\WINDOWS\system32\trkwks.dll 17:48:05.0203 3516 TrkWks - ok 17:48:05.0234 3516 [ 50199A89D61B3B1C5CB123182C40B2A4 ] TSMPacket C:\WINDOWS\system32\DRIVERS\tsmpkt.sys 17:48:05.0234 3516 TSMPacket - ok 17:48:05.0296 3516 [ EDFAE2D486DEE378ACD90348221CAA79 ] TSMService C:\Programme\T-DSL SpeedManager\TSMSvc.exe 17:48:05.0296 3516 TSMService - ok 17:48:05.0359 3516 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 17:48:05.0375 3516 Udfs - ok 17:48:05.0390 3516 ultra - ok 17:48:05.0437 3516 [ 931E8CAFCAA536E8252CD7A375FF9794 ] UMAXPCLS C:\WINDOWS\system32\DRIVERS\umaxpcls.sys 17:48:05.0437 3516 UMAXPCLS - ok 17:48:05.0484 3516 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 17:48:05.0484 3516 Update - ok 17:48:05.0546 3516 [ 855790C1BACED245A6B210AF430ED17B ] upnphost C:\WINDOWS\System32\upnphost.dll 17:48:05.0562 3516 upnphost - ok 17:48:05.0578 3516 [ A99F867E76CFDAA28EE305B93F70E84F ] UPS C:\WINDOWS\System32\ups.exe 17:48:05.0578 3516 UPS - ok 17:48:05.0609 3516 usb2vcom - ok 17:48:05.0671 3516 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 17:48:05.0671 3516 usbccgp - ok 17:48:05.0703 3516 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 17:48:05.0703 3516 usbehci - ok 17:48:05.0750 3516 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 17:48:05.0750 3516 usbhub - ok 17:48:05.0828 3516 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 17:48:05.0828 3516 usbohci - ok 17:48:05.0890 3516 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 17:48:05.0890 3516 usbprint - ok 17:48:05.0984 3516 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 17:48:05.0984 3516 usbscan - ok 17:48:06.0046 3516 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 17:48:06.0046 3516 USBSTOR - ok 17:48:06.0093 3516 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 17:48:06.0093 3516 usbuhci - ok 17:48:06.0218 3516 [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc C:\Programme\Windows Live\Messenger\usnsvc.exe 17:48:06.0218 3516 usnjsvc - ok 17:48:06.0265 3516 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 17:48:06.0265 3516 VgaSave - ok 17:48:06.0328 3516 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 17:48:06.0328 3516 ViaIde - ok 17:48:06.0343 3516 [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 17:48:06.0343 3516 VolSnap - ok 17:48:06.0437 3516 [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS C:\WINDOWS\System32\vssvc.exe 17:48:06.0453 3516 VSS - ok 17:48:06.0500 3516 [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time C:\WINDOWS\system32\w32time.dll 17:48:06.0500 3516 W32Time - ok 17:48:06.0546 3516 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 17:48:06.0546 3516 Wanarp - ok 17:48:06.0625 3516 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 17:48:06.0640 3516 Wdf01000 - ok 17:48:06.0656 3516 WDICA - ok 17:48:06.0703 3516 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 17:48:06.0703 3516 wdmaud - ok 17:48:06.0765 3516 [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient C:\WINDOWS\System32\webclnt.dll 17:48:06.0781 3516 WebClient - ok 17:48:06.0921 3516 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 17:48:06.0984 3516 winachsf - ok 17:48:07.0125 3516 [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 17:48:07.0125 3516 winmgmt - ok 17:48:07.0312 3516 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Programme\Windows Live\installer\WLSetupSvc.exe 17:48:07.0312 3516 WLSetupSvc - ok 17:48:07.0359 3516 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 17:48:07.0359 3516 WmdmPmSN - ok 17:48:07.0421 3516 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 17:48:07.0421 3516 WmiAcpi - ok 17:48:07.0468 3516 [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 17:48:07.0468 3516 WmiApSrv - ok 17:48:07.0609 3516 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 17:48:07.0640 3516 WMPNetworkSvc - ok 17:48:07.0687 3516 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 17:48:07.0687 3516 WpdUsb - ok 17:48:07.0765 3516 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 17:48:07.0765 3516 WudfPf - ok 17:48:07.0796 3516 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 17:48:07.0812 3516 WudfRd - ok 17:48:07.0843 3516 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 17:48:07.0843 3516 WudfSvc - ok 17:48:07.0937 3516 [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 17:48:07.0953 3516 WZCSVC - ok 17:48:08.0000 3516 [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov C:\WINDOWS\System32\xmlprov.dll 17:48:08.0015 3516 xmlprov - ok 17:48:08.0078 3516 ================ Scan global =============================== 17:48:08.0109 3516 [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll 17:48:08.0171 3516 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll 17:48:08.0203 3516 [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll 17:48:08.0234 3516 [ A07CA23EA361A01E627D911CF139B950 ] C:\WINDOWS\system32\services.exe 17:48:08.0234 3516 [Global] - ok 17:48:08.0234 3516 ================ Scan MBR ================================== 17:48:08.0265 3516 [ 5AE5A393505CFFD37FE98C4A7922908D ] \Device\Harddisk0\DR0 17:48:08.0515 3516 \Device\Harddisk0\DR0 - ok 17:48:08.0531 3516 ================ Scan VBR ================================== 17:48:08.0546 3516 [ 583CFBBCB720224C6B48160BF8576250 ] \Device\Harddisk0\DR0\Partition1 17:48:08.0546 3516 \Device\Harddisk0\DR0\Partition1 - ok 17:48:08.0562 3516 [ CCF6D8B0A0FE45C0AF86AA1533D43CE0 ] \Device\Harddisk0\DR0\Partition2 17:48:08.0562 3516 \Device\Harddisk0\DR0\Partition2 - ok 17:48:08.0562 3516 ============================================================ 17:48:08.0562 3516 Scan finished 17:48:08.0562 3516 ============================================================ 17:48:08.0593 3228 Detected object count: 1 17:48:08.0593 3228 Actual detected object count: 1 17:48:14.0984 3228 PCANDIS5 ( LockedFile.Multi.Generic ) - skipped by user 17:48:14.0984 3228 PCANDIS5 ( LockedFile.Multi.Generic ) - User select action: Skip Danke |
![]() | #20 | |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 die AUTOEXEC sollte weg können Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #21 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101Code:
ATTFilter Combofix Logfile: Danke |
![]() | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 SP3/IE8 für Windows XP (32-Bit) installieren
Achte beim Setup des IE8 wieder dadrauf, dass vorher möglichst alle Programme beendet und der Virenscanner deaktiviert wurde. Im Setup selbst bitte nicht an dem Verbesserungsprogramm teilnehmen (oder wie MS das nennt) und auch KEINE Updates über das Setup installieren. Die installieren wir später, ich sag dir dann wie. Melde dich wenn der IE8 drauf ist.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #23 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 SP3 und IE8 sind installiert. Dankie Annettsche |
![]() | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte ![]()
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #25 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-09-07 14:29:28 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541080G9AT00 rev.MB4OA60A Running: fqj3ld8i.exe; Driver: C:\DOKUME~1\Droge\LOKALE~1\Temp\fgldrpow.sys ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) ---- EOF - GMER 1.0.15 ---- OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:37:52 on 07.09.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "WACntlPnl.cpl" - "Hewlett-Packard Development Company, L.P." - C:\WINDOWS\system32\WACntlPnl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "eabconfg.cpl" - "Hewlett-Packard" - C:\Programme\HPQ\Quick Launch Buttons\EABCONFG.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "fgldrpow" (fgldrpow) - ? - C:\DOKUME~1\Droge\LOKALE~1\Temp\fgldrpow.sys (Hidden registry entry, rootkit activity | File not found) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "InCD File System" (InCDfs) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDfs.sys "InCD Reader" (incdrm) - "Nero AG" - C:\WINDOWS\system32\drivers\incdrm.sys "InCDPass" (InCDPass) - "Nero AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys "InCDrec" (InCDrec) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDrec.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS (File is exclusively opened, access blocked) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "T-DSL Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys "USB to Serial Bridge Controller" (usb2vcom) - ? - C:\WINDOWS\System32\Drivers\usb2vcom.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL {950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Nero AG" - C:\Programme\Ahead\InCD\incdshx.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{C4069E3A-68F1-403E-B40E-20066696354B}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_02\bin\npjpi160_02.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\WINDOWS\Downloaded Program Files\popcaploader.dll (File not found) / hxxp://download-spiele.de.pogo.com/online2/pogo/zuma/popcaploader_v10_de.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {A93C41D8-01F8-4F8B-B14C-DE20B117E636} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll {E763472E-A716-4CD9-89BD-DBDA6122F741} "HP Sammelmappe" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {053F9267-DC04-4294-A72C-58F732D338C0} "HP Print Clips" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "HP Photosmart Premier – Schnellstart.lnk" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Droge\Startmenü\Programme\Autostart\desktop.ini "T-DSL Manager.lnk" - "T-Systems" - C:\Programme\T-DSL Manager\DslMgr.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" "SJelite3Launch" - ? - C:\Dokumente und Einstellungen\Droge\Anwendungsdaten\Transcend\SJelite3\SJelite3Launch.exe (File found, but it contains no detailed information) "Sony Ericsson PC Companion" - "Sony Ericsson" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ATIPTA" - "ATI Technologies, Inc." - "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" "Cpqset" - ? - C:\Programme\HPQ\Default Settings\cpqset.exe (File found, but it contains no detailed information) "eabconfg.cpl" - "Hewlett-Packard " - C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe /Start "HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe "QPService" - "CyberLink Corp." - "C:\Programme\HP\QuickPlay\QPService.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "RecGuard" - ? - C:\Windows\SMINST\RecGuard.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "T-DSL SpeedMgr" - "T-Systems Business Services" - "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Active File Monitor V4" (AdobeActiveFileMonitor4.0) - ? - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Statusdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Hotspot Manager" (HotSpotFSvc) - "T-Systems Enterprise Services GmbH" - C:\Programme\Gemeinsame Dateien\T-COM\HotspotMgr\HotSpotFSvc.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe "InCD Helper (read only)" (InCDsrvR) - "Nero AG" - C:\Programme\Ahead\InCD\InCDsrv.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll "Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe "T-DSL Manager" (TDslMgrService) - "T-Systems" - C:\Programme\T-DSL Manager\DslMgrSvc.exe "T-DSL SpeedManager" (TSMService) - "T-Systems Business Services" - C:\Programme\T-DSL SpeedManager\TSMSvc.exe "T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - "Goldshell Digital Media" - C:\WINDOWS\KEINOH~1.SCR -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-07 14:39:32 ----------------------------- 14:39:32.093 OS Version: Windows 5.1.2600 Service Pack 3 14:39:32.093 Number of processors: 1 586 0x2402 14:39:32.093 ComputerName: ANNETTE UserName: Droge 14:39:32.609 Initialize success 14:41:32.421 AVAST engine defs: 12090700 14:42:00.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 14:42:00.796 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3 14:42:00.906 Disk 0 MBR read successfully 14:42:00.906 Disk 0 MBR scan 14:42:01.015 Disk 0 unknown MBR code 14:42:01.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68511 MB offset 63 14:42:01.093 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 6769 MB offset 140327775 14:42:01.156 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870 14:42:01.250 Disk 0 scanning sectors +156296385 14:42:01.640 Disk 0 scanning C:\WINDOWS\system32\drivers 14:42:59.218 Service scanning 14:43:14.937 Service PCANDIS5 C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS **LOCKED** 5 14:43:28.109 Modules scanning 14:44:17.093 Disk 0 trace - called modules: 14:44:17.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 14:44:17.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855941f0] 14:44:17.156 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\0000007a[0x855509e8] 14:44:17.171 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x855c9d98] 14:44:17.609 AVAST engine scan C:\WINDOWS 14:45:17.250 AVAST engine scan C:\WINDOWS\system32 14:53:06.171 AVAST engine scan C:\WINDOWS\system32\drivers 14:54:14.531 AVAST engine scan C:\Dokumente und Einstellungen\Droge 15:24:46.312 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\MBR.dat" 15:24:46.328 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-07.txt" Annettsche Hier noch mal aswMBR mit "Scan finished successfully" Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-07 16:25:43 ----------------------------- 16:25:43.750 OS Version: Windows 5.1.2600 Service Pack 3 16:25:43.750 Number of processors: 1 586 0x2402 16:25:43.750 ComputerName: ANNETTE UserName: Droge 16:25:44.484 Initialize success 16:25:57.546 AVAST engine defs: 12090700 16:26:00.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 16:26:00.109 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3 16:26:00.140 Disk 0 MBR read successfully 16:26:00.140 Disk 0 MBR scan 16:26:00.203 Disk 0 unknown MBR code 16:26:00.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68511 MB offset 63 16:26:00.218 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 6769 MB offset 140327775 16:26:00.234 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870 16:26:00.250 Disk 0 scanning sectors +156296385 16:26:00.296 Disk 0 scanning C:\WINDOWS\system32\drivers 16:26:19.937 Service scanning 16:26:35.312 Service PCANDIS5 C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS **LOCKED** 5 16:26:47.718 Modules scanning 16:26:59.312 Disk 0 trace - called modules: 16:26:59.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 16:26:59.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855941f0] 16:26:59.375 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\0000007a[0x855509e8] 16:26:59.375 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x855c9d98] 16:26:59.750 AVAST engine scan C:\WINDOWS 16:27:20.890 AVAST engine scan C:\WINDOWS\system32 16:29:56.250 AVAST engine scan C:\WINDOWS\system32\drivers 16:30:17.828 AVAST engine scan C:\Dokumente und Einstellungen\Droge 16:46:55.828 AVAST engine scan C:\Dokumente und Einstellungen\All Users 16:48:19.203 Scan finished successfully 16:53:25.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\MBR.dat" 16:53:25.812 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-07_01.txt" |
![]() | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #27 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Ist das normal das das ganz schnell ging? Habe es gleich 2 mal hintereinander gemacht. Der Log direkt nach dem FixMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-10 18:11:04 ----------------------------- 18:11:04.062 OS Version: Windows 5.1.2600 Service Pack 3 18:11:04.062 Number of processors: 1 586 0x2402 18:11:04.062 ComputerName: ANNETTE UserName: Droge 18:11:04.515 Initialize success 18:11:27.515 AVAST engine defs: 12090700 18:11:33.187 Verifying 18:11:43.187 Disk 0 Windows 501 MBR fixed successfully 18:13:11.984 Verifying 18:13:22.000 Disk 0 Windows 501 MBR fixed successfully 18:14:29.359 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\MBR.dat" 18:14:29.359 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-10.txt" Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-10 18:21:26 ----------------------------- 18:21:26.390 OS Version: Windows 5.1.2600 Service Pack 3 18:21:26.390 Number of processors: 1 586 0x2402 18:21:26.390 ComputerName: ANNETTE UserName: Droge 18:21:55.125 Initialize success 18:22:27.968 AVAST engine defs: 12090700 18:22:42.968 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-10_01.txt" |
![]() | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Wieso denn 2x hintereinander ![]() Du solltest den nur 1x machen und danach ein neues Log mit aswMBR (neue scannen), schreib ich denn so undeutlich/unverständlich? ![]()
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #29 |
![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Ich dachte es lief nicht richtig durch, da es nach der kurzen Zeit schon fertig war. Bin auch momentan nicht ganz sortiert im Kopf war die ganze Woche im Krankenhaus... Hier der neue aswMBR Scann: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-15 17:37:36 ----------------------------- 17:37:36.828 OS Version: Windows 5.1.2600 Service Pack 3 17:37:36.828 Number of processors: 1 586 0x2402 17:37:36.828 ComputerName: ANNETTE UserName: Droge 17:37:37.406 Initialize success 17:38:04.296 AVAST engine defs: 12090700 17:38:14.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 17:38:14.796 Disk 0 Vendor: HTS541080G9AT00 MB4OA60A Size: 76319MB BusType: 3 17:38:14.828 Disk 0 MBR read successfully 17:38:14.828 Disk 0 MBR scan 17:38:14.953 Disk 0 Windows XP default MBR code 17:38:14.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68511 MB offset 63 17:38:14.984 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 6769 MB offset 140327775 17:38:15.000 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870 17:38:15.015 Disk 0 scanning sectors +156296385 17:38:15.062 Disk 0 scanning C:\WINDOWS\system32\drivers 17:38:34.500 Service scanning 17:38:50.000 Service PCANDIS5 C:\PROGRA~1\T-DSLS~1\PCANDIS5.SYS **LOCKED** 5 17:39:03.453 Modules scanning 17:39:16.859 Disk 0 trace - called modules: 17:39:16.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 17:39:16.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855941f0] 17:39:16.906 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\0000007a[0x855509e8] 17:39:16.921 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x855c9d98] 17:39:17.375 AVAST engine scan C:\WINDOWS 17:39:38.437 AVAST engine scan C:\WINDOWS\system32 17:42:13.734 AVAST engine scan C:\WINDOWS\system32\drivers 17:42:34.250 AVAST engine scan C:\Dokumente und Einstellungen\Droge 17:58:39.484 AVAST engine scan C:\Dokumente und Einstellungen\All Users 18:00:00.906 Scan finished successfully 18:00:44.921 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\MBR.dat" 18:00:44.921 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Droge\Desktop\aswMBR 2012-09-15.txt" |
![]() | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 Oh im Krankenhaus?! ![]() Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() |
Themen zu TR/ATRAPS.Gen2 TR/ATRAPS.Gen TR/Agent.94208.101 |
0xc0000001, 32 bit, 7-zip, adobe, avira, bho, dllhost.exe, downloader, ebanking, error, festplatte, firefox, flash player, format, google, home, homepage, iexplore.exe, logfile, mozilla, nicht möglich, object, optimierung, photoshop, plug-in, port, realtek, registry, rundll, security, software, temp, usb, wbemess.dll, windows internet |