| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu behebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.09.2012, 20:53
| #46 |
 |  Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu behebenCode:
ATTFilter 21:45:43.0984 5052 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:45:44.0015 5052 ============================================================
21:45:44.0015 5052 Current date / time: 2012/09/23 21:45:44.0015
21:45:44.0015 5052 SystemInfo:
21:45:44.0015 5052
21:45:44.0015 5052 OS Version: 5.1.2600 ServicePack: 3.0
21:45:44.0015 5052 Product type: Workstation
21:45:44.0015 5052 ComputerName: LENOVO-6E136213
21:45:44.0015 5052 UserName: Administrator
21:45:44.0015 5052 Windows directory: C:\WINDOWS
21:45:44.0015 5052 System windows directory: C:\WINDOWS
21:45:44.0015 5052 Processor architecture: Intel x86
21:45:44.0015 5052 Number of processors: 2
21:45:44.0015 5052 Page size: 0x1000
21:45:44.0015 5052 Boot type: Normal boot
21:45:44.0015 5052 ============================================================
21:45:46.0250 5052 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:45:46.0250 5052 ============================================================
21:45:46.0250 5052 \Device\Harddisk0\DR0:
21:45:46.0250 5052 MBR partitions:
21:45:46.0250 5052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x87F9F21
21:45:46.0250 5052 ============================================================
21:45:46.0296 5052 C: <-> \Device\Harddisk0\DR0\Partition1
21:45:46.0296 5052 ============================================================
21:45:46.0296 5052 Initialize success
21:45:46.0296 5052 ============================================================
21:46:16.0312 4128 ============================================================
21:46:16.0312 4128 Scan started
21:46:16.0312 4128 Mode: Manual; SigCheck; TDLFS;
21:46:16.0312 4128 ============================================================
21:46:16.0609 4128 ================ Scan system memory ========================
21:46:16.0625 4128 System memory - ok
21:46:16.0625 4128 ================ Scan services =============================
21:46:17.0187 4128 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:46:17.0421 4128 Aavmker4 - ok
21:46:17.0421 4128 Abiosdsk - ok
21:46:17.0468 4128 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:46:17.0781 4128 abp480n5 - ok
21:46:17.0843 4128 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
21:46:18.0031 4128 ac97intc - ok
21:46:18.0171 4128 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:46:18.0406 4128 ACPI - ok
21:46:18.0421 4128 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:46:18.0593 4128 ACPIEC - ok
21:46:18.0812 4128 [ AC83DA08B02BC2AC4F9920523275BB0F ] AcPrfMgrSvc C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:46:18.0843 4128 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
21:46:18.0843 4128 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
21:46:18.0953 4128 [ F0DFCAB03CC9C71137D00C17FEB08873 ] AcSvc C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
21:46:19.0078 4128 AcSvc ( UnsignedFile.Multi.Generic ) - warning
21:46:19.0078 4128 AcSvc - detected UnsignedFile.Multi.Generic (1)
21:46:19.0296 4128 [ D537F3D03C6301FEFA21F3EEE8CC82D8 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:46:19.0500 4128 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - warning
21:46:19.0500 4128 ADIHdAudAddService - detected UnsignedFile.Multi.Generic (1)
21:46:19.0593 4128 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:46:19.0859 4128 adpu160m - ok
21:46:19.0921 4128 [ 860DF7676869CD8690CB2B23AB6DE66A ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
21:46:20.0000 4128 AEAudio ( UnsignedFile.Multi.Generic ) - warning
21:46:20.0000 4128 AEAudio - detected UnsignedFile.Multi.Generic (1)
21:46:20.0093 4128 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:46:20.0390 4128 aec - ok
21:46:20.0437 4128 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:46:20.0500 4128 AegisP - ok
21:46:20.0625 4128 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:46:20.0781 4128 AFD - ok
21:46:20.0843 4128 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:46:21.0046 4128 agp440 - ok
21:46:21.0078 4128 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:46:21.0218 4128 agpCPQ - ok
21:46:21.0250 4128 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:46:21.0343 4128 Aha154x - ok
21:46:21.0390 4128 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:46:21.0531 4128 aic78u2 - ok
21:46:21.0562 4128 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:46:21.0718 4128 aic78xx - ok
21:46:21.0781 4128 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:46:21.0921 4128 Alerter - ok
21:46:21.0968 4128 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:46:22.0125 4128 ALG - ok
21:46:22.0125 4128 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:46:22.0296 4128 AliIde - ok
21:46:22.0328 4128 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:46:22.0515 4128 alim1541 - ok
21:46:22.0562 4128 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:46:22.0750 4128 amdagp - ok
21:46:22.0750 4128 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:46:22.0843 4128 amsint - ok
21:46:22.0890 4128 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
21:46:22.0906 4128 ANC ( UnsignedFile.Multi.Generic ) - warning
21:46:22.0906 4128 ANC - detected UnsignedFile.Multi.Generic (1)
21:46:23.0031 4128 [ BB53E21960498EBACB7D2E676F034083 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:46:23.0140 4128 ApfiltrService - ok
21:46:23.0281 4128 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:46:23.0531 4128 AppMgmt - ok
21:46:23.0593 4128 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:46:23.0828 4128 Arp1394 - ok
21:46:23.0843 4128 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:46:23.0984 4128 asc - ok
21:46:24.0046 4128 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:46:24.0125 4128 asc3350p - ok
21:46:24.0140 4128 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:46:24.0312 4128 asc3550 - ok
21:46:24.0500 4128 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:46:24.0578 4128 aspnet_state - ok
21:46:24.0609 4128 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:46:24.0625 4128 aswFsBlk - ok
21:46:24.0703 4128 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:46:24.0750 4128 aswMon2 - ok
21:46:24.0796 4128 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:46:24.0828 4128 AswRdr - ok
21:46:25.0265 4128 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:46:26.0000 4128 aswSnx - ok
21:46:26.0203 4128 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:46:26.0640 4128 aswSP - ok
21:46:26.0687 4128 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:46:26.0750 4128 aswTdi - ok
21:46:26.0765 4128 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:46:26.0968 4128 AsyncMac - ok
21:46:27.0031 4128 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:46:27.0140 4128 atapi - ok
21:46:27.0140 4128 Atdisk - ok
21:46:27.0203 4128 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:46:27.0453 4128 Atmarpc - ok
21:46:27.0500 4128 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
21:46:27.0562 4128 atmeltpm - ok
21:46:27.0625 4128 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:46:27.0796 4128 AudioSrv - ok
21:46:27.0859 4128 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:46:28.0031 4128 audstub - ok
21:46:28.0218 4128 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Programme\AVAST Software\Avast\AvastSvc.exe
21:46:28.0265 4128 avast! Antivirus - ok
21:46:28.0390 4128 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:46:28.0546 4128 b57w2k - ok
21:46:28.0671 4128 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:46:28.0718 4128 BcmSqlStartupSvc - ok
21:46:28.0750 4128 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:46:29.0171 4128 Beep - ok
21:46:29.0234 4128 [ 534B95FBD867D0512DCB43E6CC1AA91E ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
21:46:29.0296 4128 BlueletAudio ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0296 4128 BlueletAudio - detected UnsignedFile.Multi.Generic (1)
21:46:29.0328 4128 [ 01D1832F2B13DFAF7384884F7C3E0124 ] BlueletSCOAudio C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
21:46:29.0359 4128 BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0359 4128 BlueletSCOAudio - detected UnsignedFile.Multi.Generic (1)
21:46:29.0453 4128 [ 55F24E6EC983FCC7510293B05A27CEEC ] BlueSoleil Hid Service C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
21:46:29.0531 4128 BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0531 4128 BlueSoleil Hid Service - detected UnsignedFile.Multi.Generic (1)
21:46:29.0625 4128 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
21:46:29.0843 4128 Browser - ok
21:46:29.0875 4128 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
21:46:29.0890 4128 BT ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0890 4128 BT - detected UnsignedFile.Multi.Generic (1)
21:46:29.0921 4128 [ F7FF961F1B8BD229F94F648889A87B94 ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
21:46:29.0968 4128 Btcsrusb ( UnsignedFile.Multi.Generic ) - warning
21:46:29.0968 4128 Btcsrusb - detected UnsignedFile.Multi.Generic (1)
21:46:29.0984 4128 [ E69D9E7854095A9C81ACEE40D766FE2D ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
21:46:30.0031 4128 BTHidEnum ( UnsignedFile.Multi.Generic ) - warning
21:46:30.0031 4128 BTHidEnum - detected UnsignedFile.Multi.Generic (1)
21:46:30.0093 4128 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
21:46:30.0109 4128 BTHidMgr ( UnsignedFile.Multi.Generic ) - warning
21:46:30.0109 4128 BTHidMgr - detected UnsignedFile.Multi.Generic (1)
21:46:30.0718 4128 [ 9DA09B5800B9DE8336948664E3B9CC94 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:46:31.0734 4128 BTKRNL - ok
21:46:31.0765 4128 [ 6B05FDC0CFC3753B520D2D4176CC32D0 ] BTNetFilter C:\WINDOWS\system32\drivers\BTNetFilter.sys
21:46:31.0796 4128 BTNetFilter ( UnsignedFile.Multi.Generic ) - warning
21:46:31.0796 4128 BTNetFilter - detected UnsignedFile.Multi.Generic (1)
21:46:32.0015 4128 [ D14C346D293E6F83CBB55AC641FF941E ] btwdins C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:46:32.0171 4128 btwdins ( UnsignedFile.Multi.Generic ) - warning
21:46:32.0171 4128 btwdins - detected UnsignedFile.Multi.Generic (1)
21:46:32.0218 4128 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
21:46:32.0375 4128 BTWUSB - ok
21:46:32.0375 4128 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:46:32.0531 4128 cbidf - ok
21:46:32.0546 4128 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:46:32.0656 4128 cbidf2k - ok
21:46:32.0687 4128 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:46:32.0828 4128 CCDECODE - ok
21:46:32.0859 4128 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:46:32.0937 4128 cd20xrnt - ok
21:46:32.0968 4128 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:46:33.0109 4128 Cdaudio - ok
21:46:33.0187 4128 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:46:33.0328 4128 Cdfs - ok
21:46:33.0390 4128 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:46:33.0562 4128 Cdrom - ok
21:46:33.0562 4128 Changer - ok
21:46:33.0609 4128 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:46:33.0718 4128 CiSvc - ok
21:46:33.0750 4128 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:46:33.0906 4128 ClipSrv - ok
21:46:33.0984 4128 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:34.0109 4128 clr_optimization_v2.0.50727_32 - ok
21:46:34.0140 4128 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:46:34.0328 4128 CmBatt - ok
21:46:34.0375 4128 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:46:34.0578 4128 CmdIde - ok
21:46:34.0593 4128 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:46:34.0703 4128 Compbatt - ok
21:46:34.0718 4128 COMSysApp - ok
21:46:34.0734 4128 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:46:34.0875 4128 Cpqarray - ok
21:46:34.0953 4128 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:46:35.0109 4128 CryptSvc - ok
21:46:35.0218 4128 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:46:35.0546 4128 dac2w2k - ok
21:46:35.0578 4128 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:46:35.0718 4128 dac960nt - ok
21:46:36.0000 4128 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:46:36.0453 4128 DcomLaunch - ok
21:46:36.0593 4128 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:46:36.0781 4128 Dhcp - ok
21:46:36.0843 4128 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:46:36.0953 4128 Disk - ok
21:46:37.0390 4128 [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
21:46:38.0015 4128 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0015 4128 Diskeeper - detected UnsignedFile.Multi.Generic (1)
21:46:38.0078 4128 [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:46:38.0156 4128 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0156 4128 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0156 4128 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:46:38.0187 4128 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0187 4128 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0218 4128 [ 2104649B0B79B9F30122C545CBA0C655 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
21:46:38.0234 4128 DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0234 4128 DLADResN - detected UnsignedFile.Multi.Generic (1)
21:46:38.0296 4128 [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:46:38.0421 4128 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0421 4128 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:46:38.0437 4128 [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:46:38.0453 4128 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0453 4128 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0468 4128 [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:46:38.0484 4128 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0484 4128 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0515 4128 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:46:38.0515 4128 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0515 4128 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:46:38.0578 4128 [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:46:38.0640 4128 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0640 4128 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:46:38.0703 4128 [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:46:38.0765 4128 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:46:38.0765 4128 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:46:38.0765 4128 dmadmin - ok
21:46:39.0250 4128 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:46:40.0171 4128 dmboot - ok
21:46:40.0296 4128 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:46:40.0484 4128 dmio - ok
21:46:40.0515 4128 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:46:40.0656 4128 dmload - ok
21:46:40.0718 4128 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:46:40.0875 4128 dmserver - ok
21:46:40.0921 4128 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:46:41.0109 4128 DMusic - ok
21:46:41.0171 4128 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:46:41.0421 4128 Dnscache - ok
21:46:41.0546 4128 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:46:41.0812 4128 Dot3svc - ok
21:46:41.0828 4128 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:46:41.0984 4128 dpti2o - ok
21:46:42.0000 4128 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:46:42.0125 4128 drmkaud - ok
21:46:42.0187 4128 [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:46:42.0203 4128 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:46:42.0203 4128 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:46:42.0250 4128 [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:46:42.0328 4128 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:46:42.0328 4128 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:46:42.0421 4128 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:46:42.0656 4128 E100B - ok
21:46:42.0734 4128 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:46:42.0921 4128 EapHost - ok
21:46:42.0968 4128 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:46:43.0125 4128 ERSvc - ok
21:46:43.0218 4128 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:46:43.0328 4128 Eventlog - ok
21:46:43.0500 4128 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:46:43.0703 4128 EventSystem - ok
21:46:44.0140 4128 [ 695E398E5858C10813E54FAFC933514F ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
21:46:44.0875 4128 EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:46:44.0875 4128 EvtEng - detected UnsignedFile.Multi.Generic (1)
21:46:45.0000 4128 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:46:45.0234 4128 Fastfat - ok
21:46:45.0343 4128 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:46:45.0421 4128 FastUserSwitchingCompatibility - ok
21:46:45.0453 4128 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:46:45.0578 4128 Fdc - ok
21:46:45.0625 4128 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:46:45.0781 4128 Fips - ok
21:46:45.0796 4128 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:46:45.0921 4128 Flpydisk - ok
21:46:46.0046 4128 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:46:46.0234 4128 FltMgr - ok
21:46:46.0328 4128 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:46:46.0375 4128 FontCache3.0.0.0 - ok
21:46:46.0421 4128 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:46:46.0578 4128 Fs_Rec - ok
21:46:46.0656 4128 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:46:46.0843 4128 Ftdisk - ok
21:46:47.0031 4128 [ 33D00F8CB70AC5F7A8101F79D5273615 ] G400 C:\WINDOWS\system32\DRIVERS\G400m.sys
21:46:47.0406 4128 G400 - ok
21:46:47.0468 4128 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:46:47.0625 4128 Gpc - ok
21:46:47.0781 4128 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:46:47.0859 4128 gupdate - ok
21:46:47.0937 4128 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:46:47.0953 4128 gupdatem - ok
21:46:48.0031 4128 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:46:48.0156 4128 gusvc - ok
21:46:48.0171 4128 HdAudAddService - ok
21:46:48.0281 4128 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:46:48.0484 4128 HDAudBus - ok
21:46:48.0609 4128 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:46:48.0750 4128 helpsvc - ok
21:46:48.0750 4128 HidServ - ok
21:46:48.0828 4128 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:46:48.0984 4128 hkmsvc - ok
21:46:49.0046 4128 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:46:49.0234 4128 hpn - ok
21:46:49.0281 4128 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:46:49.0453 4128 HPZid412 - ok
21:46:49.0484 4128 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:46:49.0625 4128 HPZipr12 - ok
21:46:49.0640 4128 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:46:49.0843 4128 HPZius12 - ok
21:46:50.0000 4128 [ 702A7E1B3C9263EFBD6AEDE3B6919761 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:46:50.0140 4128 HSFHWAZL - ok
21:46:50.0734 4128 [ 8D02CB68D53AA36189FAF86FED438884 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:46:51.0828 4128 HSF_DPV - ok
21:46:52.0000 4128 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:46:52.0171 4128 HTTP - ok
21:46:52.0218 4128 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:46:52.0437 4128 HTTPFilter - ok
21:46:52.0468 4128 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:46:52.0609 4128 i2omgmt - ok
21:46:52.0640 4128 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:46:52.0781 4128 i2omp - ok
21:46:52.0859 4128 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:46:53.0015 4128 i8042prt - ok
21:46:56.0562 4128 [ 06B71441957B48A4866DE2FE27CB79C8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:47:03.0125 4128 ialm - ok
21:47:03.0296 4128 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:47:03.0515 4128 iaStor - ok
21:47:03.0578 4128 [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:47:03.0609 4128 IBMPMDRV - ok
21:47:03.0640 4128 [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
21:47:03.0687 4128 IBMPMSVC - ok
21:47:03.0734 4128 [ 083D095FED4B01FFF9D501B98D50DB68 ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:47:03.0734 4128 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
21:47:03.0734 4128 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
21:47:03.0906 4128 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:47:03.0984 4128 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:47:03.0984 4128 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:47:04.0562 4128 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:47:05.0515 4128 idsvc - ok
21:47:05.0578 4128 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:47:05.0781 4128 Imapi - ok
21:47:05.0906 4128 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:47:06.0109 4128 ImapiService - ok
21:47:06.0156 4128 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:47:06.0296 4128 ini910u - ok
21:47:06.0312 4128 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:47:06.0468 4128 IntelIde - ok
21:47:06.0546 4128 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:47:06.0703 4128 intelppm - ok
21:47:06.0718 4128 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:47:06.0859 4128 Ip6Fw - ok
21:47:06.0890 4128 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:47:07.0031 4128 IpFilterDriver - ok
21:47:07.0078 4128 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:47:07.0218 4128 IpInIp - ok
21:47:07.0312 4128 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:47:07.0531 4128 IpNat - ok
21:47:07.0593 4128 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:47:07.0765 4128 IPSec - ok
21:47:07.0875 4128 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
21:47:07.0937 4128 IPSSVC - ok
21:47:07.0953 4128 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:47:08.0078 4128 IRENUM - ok
21:47:08.0156 4128 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:47:08.0281 4128 isapnp - ok
21:47:08.0328 4128 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
21:47:08.0343 4128 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:47:08.0343 4128 Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:47:08.0562 4128 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
21:47:08.0656 4128 IviRegMgr - ok
21:47:08.0765 4128 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:47:08.0875 4128 JavaQuickStarterService - ok
21:47:08.0921 4128 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:47:09.0109 4128 Kbdclass - ok
21:47:09.0218 4128 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:47:09.0437 4128 kmixer - ok
21:47:09.0515 4128 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:47:09.0593 4128 KSecDD - ok
21:47:09.0687 4128 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:47:09.0796 4128 lanmanserver - ok
21:47:09.0906 4128 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:47:10.0031 4128 lanmanworkstation - ok
21:47:10.0031 4128 lbrtfdc - ok
21:47:10.0156 4128 [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
21:47:10.0203 4128 LENOVO.MICMUTE - ok
21:47:10.0250 4128 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
21:47:10.0281 4128 lenovo.smi - ok
21:47:10.0343 4128 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:47:10.0562 4128 LmHosts - ok
21:47:10.0609 4128 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:47:10.0625 4128 MBAMProtector - ok
21:47:10.0890 4128 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:47:11.0281 4128 MBAMScheduler - ok
21:47:11.0703 4128 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:47:12.0453 4128 MBAMService - ok
21:47:12.0500 4128 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:47:12.0531 4128 mdmxsdk - ok
21:47:12.0578 4128 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:47:12.0765 4128 Messenger - ok
21:47:12.0812 4128 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:47:12.0953 4128 mnmdd - ok
21:47:13.0015 4128 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:47:13.0140 4128 mnmsrvc - ok
21:47:13.0203 4128 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:47:13.0343 4128 Modem - ok
21:47:13.0406 4128 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:47:13.0609 4128 Mouclass - ok
21:47:13.0671 4128 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:47:13.0828 4128 MountMgr - ok
21:47:13.0953 4128 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
21:47:14.0046 4128 MozillaMaintenance - ok
21:47:14.0093 4128 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:47:14.0281 4128 mraid35x - ok
21:47:14.0390 4128 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:47:14.0625 4128 MRxDAV - ok
21:47:14.0953 4128 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:47:15.0671 4128 MRxSmb - ok
21:47:15.0718 4128 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:47:15.0906 4128 MSDTC - ok
21:47:15.0937 4128 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:47:16.0046 4128 Msfs - ok
21:47:16.0062 4128 MSIServer - ok
21:47:16.0062 4128 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:47:16.0187 4128 MSKSSRV - ok
21:47:16.0203 4128 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:47:16.0312 4128 MSPCLOCK - ok
21:47:16.0328 4128 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:47:16.0453 4128 MSPQM - ok
21:47:16.0484 4128 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:47:16.0593 4128 mssmbios - ok
21:47:16.0703 4128 MSSQL$MSSMLBIZ - ok
21:47:16.0781 4128 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:47:16.0812 4128 MSSQLServerADHelper - ok
21:47:16.0859 4128 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:47:17.0000 4128 MSTEE - ok
21:47:17.0078 4128 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:47:17.0171 4128 Mup - ok
21:47:17.0234 4128 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:47:17.0484 4128 NABTSFEC - ok
21:47:17.0671 4128 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:47:17.0968 4128 napagent - ok
21:47:18.0109 4128 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:47:18.0312 4128 NDIS - ok
21:47:18.0343 4128 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:47:18.0515 4128 NdisIP - ok
21:47:18.0562 4128 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:47:18.0671 4128 NdisTapi - ok
21:47:18.0703 4128 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:47:18.0859 4128 Ndisuio - ok
21:47:18.0921 4128 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:47:19.0109 4128 NdisWan - ok
21:47:19.0187 4128 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:47:19.0265 4128 NDProxy - ok
21:47:19.0296 4128 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:47:19.0484 4128 NetBIOS - ok
21:47:19.0609 4128 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:47:19.0812 4128 NetBT - ok
21:47:19.0921 4128 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:47:20.0171 4128 NetDDE - ok
21:47:20.0234 4128 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:47:20.0343 4128 NetDDEdsdm - ok
21:47:20.0453 4128 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:47:20.0625 4128 Netlogon - ok
21:47:20.0750 4128 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:47:20.0984 4128 Netman - ok
21:47:21.0078 4128 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:47:21.0171 4128 NetTcpPortSharing - ok
21:47:22.0687 4128 [ 18B2D3E11ED7A3C898ADE6A6692B6929 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
21:47:24.0000 4128 NETw4x32 - ok
21:47:24.0093 4128 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:47:24.0250 4128 NIC1394 - ok
21:47:24.0406 4128 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:47:24.0562 4128 Nla - ok
21:47:24.0593 4128 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:47:24.0734 4128 Npfs - ok
21:47:25.0062 4128 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:47:25.0640 4128 Ntfs - ok
21:47:25.0671 4128 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:47:25.0843 4128 NtLmSsp - ok
21:47:26.0125 4128 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:47:26.0671 4128 NtmsSvc - ok
21:47:26.0718 4128 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:47:26.0859 4128 Null - ok
21:47:28.0000 4128 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:47:30.0203 4128 nv - ok
21:47:30.0234 4128 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:47:30.0359 4128 NwlnkFlt - ok
21:47:30.0390 4128 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:47:30.0593 4128 NwlnkFwd - ok
21:47:30.0671 4128 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:47:30.0781 4128 ohci1394 - ok
21:47:30.0937 4128 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
21:47:31.0031 4128 ose - ok
21:47:33.0843 4128 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:47:39.0031 4128 osppsvc - ok
21:47:39.0109 4128 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:47:39.0281 4128 Parport - ok
21:47:39.0328 4128 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:47:39.0468 4128 PartMgr - ok
21:47:39.0500 4128 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:47:39.0640 4128 ParVdm - ok
21:47:39.0687 4128 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:47:39.0796 4128 PCI - ok
21:47:39.0812 4128 PCIDump - ok
21:47:39.0843 4128 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:47:39.0968 4128 PCIIde - ok
21:47:40.0046 4128 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:47:40.0187 4128 Pcmcia - ok
21:47:40.0187 4128 PDCOMP - ok
21:47:40.0203 4128 PDFRAME - ok
21:47:40.0203 4128 PDRELI - ok
21:47:40.0203 4128 PDRFRAME - ok
21:47:40.0250 4128 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:47:40.0390 4128 perc2 - ok
21:47:40.0390 4128 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:47:40.0546 4128 perc2hib - ok
21:47:40.0640 4128 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:47:40.0671 4128 PlugPlay - ok
21:47:40.0718 4128 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
21:47:40.0734 4128 pmem ( UnsignedFile.Multi.Generic ) - warning
21:47:40.0734 4128 pmem - detected UnsignedFile.Multi.Generic (1)
21:47:40.0796 4128 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:47:40.0812 4128 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:47:40.0812 4128 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:47:40.0828 4128 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:47:40.0937 4128 PolicyAgent - ok
21:47:41.0000 4128 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:47:41.0140 4128 PptpMiniport - ok
21:47:41.0203 4128 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
21:47:41.0218 4128 PROCDD - ok
21:47:41.0265 4128 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:47:41.0515 4128 Processor - ok
21:47:41.0531 4128 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:47:41.0656 4128 ProtectedStorage - ok
21:47:41.0718 4128 [ AAC08DEFB15AAAB00B30341C716EFA35 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
21:47:41.0781 4128 psadd - ok
21:47:41.0812 4128 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:47:41.0984 4128 PSched - ok
21:47:42.0046 4128 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:47:42.0062 4128 PSI - ok
21:47:42.0093 4128 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:47:42.0265 4128 Ptilink - ok
21:47:42.0296 4128 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:47:42.0328 4128 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:47:42.0328 4128 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:47:42.0375 4128 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:47:42.0640 4128 ql1080 - ok
21:47:42.0656 4128 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:47:42.0812 4128 Ql10wnt - ok
21:47:42.0859 4128 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:47:43.0000 4128 ql12160 - ok
21:47:43.0031 4128 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:47:43.0171 4128 ql1240 - ok
21:47:43.0203 4128 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:47:43.0343 4128 ql1280 - ok
21:47:43.0375 4128 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:47:43.0531 4128 RasAcd - ok
21:47:43.0609 4128 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:47:43.0796 4128 RasAuto - ok
21:47:43.0828 4128 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:47:44.0000 4128 Rasl2tp - ok
21:47:44.0125 4128 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:47:44.0375 4128 RasMan - ok
21:47:44.0406 4128 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:47:44.0578 4128 RasPppoe - ok
21:47:44.0625 4128 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:47:44.0796 4128 Raspti - ok
21:47:44.0906 4128 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:47:45.0125 4128 Rdbss - ok
21:47:45.0140 4128 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:47:45.0281 4128 RDPCDD - ok
21:47:45.0406 4128 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:47:45.0640 4128 rdpdr - ok
21:47:45.0765 4128 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:47:45.0890 4128 RDPWD - ok
21:47:46.0031 4128 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:47:46.0281 4128 RDSessMgr - ok
21:47:46.0359 4128 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:47:46.0593 4128 redbook - ok
21:47:46.0781 4128 [ B3611F5CC7052FE52998984A4361880F ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
21:47:46.0984 4128 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
21:47:46.0984 4128 RegSrvc - detected UnsignedFile.Multi.Generic (1)
21:47:47.0046 4128 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:47:47.0265 4128 RemoteAccess - ok
21:47:47.0328 4128 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:47:47.0515 4128 RemoteRegistry - ok
21:47:47.0578 4128 [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:47:47.0656 4128 rimmptsk - ok
21:47:47.0718 4128 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:47:47.0796 4128 rimsptsk - ok
21:47:47.0828 4128 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:47:47.0906 4128 rismxdp - ok
21:47:47.0953 4128 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:47:48.0156 4128 ROOTMODEM - ok
21:47:48.0234 4128 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:47:48.0390 4128 RpcLocator - ok
21:47:48.0718 4128 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:47:48.0921 4128 RpcSs - ok
21:47:49.0046 4128 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:47:49.0281 4128 RSVP - ok
21:47:49.0906 4128 [ 2FD3B284ADE57CFAA70A6A9753E50572 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
21:47:50.0890 4128 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
21:47:50.0890 4128 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
21:47:50.0906 4128 [ 2220783B32A9F91DF87F3E8315F091E7 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:47:50.0921 4128 s24trans ( UnsignedFile.Multi.Generic ) - warning
21:47:50.0921 4128 s24trans - detected UnsignedFile.Multi.Generic (1)
21:47:50.0953 4128 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:47:51.0125 4128 SamSs - ok
21:47:51.0218 4128 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:47:51.0500 4128 SCardSvr - ok
21:47:51.0640 4128 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:47:51.0906 4128 Schedule - ok
21:47:51.0968 4128 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:47:52.0156 4128 sdbus - ok
21:47:52.0171 4128 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:47:52.0359 4128 Secdrv - ok
21:47:52.0390 4128 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:47:52.0546 4128 seclogon - ok
21:47:52.0578 4128 Secunia PSI Agent - ok
21:47:52.0593 4128 Secunia Update Agent - ok
21:47:52.0625 4128 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:47:52.0765 4128 SENS - ok
21:47:52.0796 4128 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:47:52.0906 4128 serenum - ok
21:47:52.0953 4128 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:47:53.0171 4128 Serial - ok
21:47:53.0203 4128 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:47:53.0359 4128 Sfloppy - ok
21:47:53.0500 4128 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:47:53.0531 4128 ShellHWDetection - ok
21:47:53.0640 4128 [ A3AEE791DB8C73882F4503BFAACD8C9E ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:47:53.0671 4128 Shockprf - ok
21:47:53.0687 4128 Simbad - ok
21:47:53.0750 4128 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:47:53.0921 4128 sisagp - ok
21:47:53.0953 4128 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:47:54.0125 4128 SLIP - ok
21:47:54.0171 4128 [ 350483C5A139F8A39ED3191AFF39BED0 ] smihlp C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
21:47:54.0187 4128 smihlp - ok
21:47:54.0281 4128 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe
21:47:54.0328 4128 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
21:47:54.0328 4128 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
21:47:54.0359 4128 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:47:54.0484 4128 Sparrow - ok
21:47:54.0515 4128 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:47:54.0640 4128 splitter - ok
21:47:54.0718 4128 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:47:54.0812 4128 Spooler - ok
21:47:54.0953 4128 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:47:55.0109 4128 SQLBrowser - ok
21:47:55.0187 4128 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:47:55.0250 4128 SQLWriter - ok
21:47:55.0312 4128 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:47:55.0468 4128 sr - ok
21:47:55.0593 4128 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:47:55.0828 4128 srservice - ok
21:47:56.0078 4128 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:47:56.0468 4128 Srv - ok
21:47:56.0531 4128 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:47:56.0718 4128 SSDPSRV - ok
21:47:56.0953 4128 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:47:57.0468 4128 stisvc - ok
21:47:57.0515 4128 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:47:57.0656 4128 streamip - ok
21:47:57.0765 4128 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService c:\programme\lenovo\system update\suservice.exe
21:47:57.0812 4128 SUService ( UnsignedFile.Multi.Generic ) - warning
21:47:57.0812 4128 SUService - detected UnsignedFile.Multi.Generic (1)
21:47:57.0859 4128 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:47:57.0984 4128 swenum - ok
21:47:58.0031 4128 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:47:58.0187 4128 swmidi - ok
21:47:58.0187 4128 SwPrv - ok
21:47:58.0218 4128 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:47:58.0359 4128 symc810 - ok
21:47:58.0375 4128 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:47:58.0593 4128 symc8xx - ok
21:47:58.0609 4128 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:47:58.0765 4128 sym_hi - ok
21:47:58.0781 4128 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:47:58.0921 4128 sym_u3 - ok
21:47:59.0125 4128 [ 1CDE0A5C0416187B9B89E03980C6E8DE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:47:59.0312 4128 SynTP - ok
21:47:59.0375 4128 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:47:59.0531 4128 sysaudio - ok
21:47:59.0609 4128 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:47:59.0812 4128 SysmonLog - ok
21:47:59.0968 4128 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:48:00.0265 4128 TapiSrv - ok
21:48:00.0578 4128 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:48:00.0953 4128 Tcpip - ok
21:48:01.0015 4128 [ 109D1F5CD9CC370A87901DB3DDD533F1 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
21:48:01.0062 4128 TcUsb - ok
21:48:01.0093 4128 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:48:01.0296 4128 TDPIPE - ok
21:48:01.0312 4128 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:48:01.0484 4128 TDTCP - ok
21:48:01.0546 4128 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:48:01.0687 4128 TermDD - ok
21:48:01.0890 4128 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:48:02.0203 4128 TermService - ok
21:48:02.0296 4128 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:48:02.0312 4128 Themes - ok
21:48:02.0828 4128 [ D04402CD654AF1058AD9A82B73AD67C8 ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
21:48:03.0500 4128 ThinkVantage Registry Monitor Service - ok
21:48:03.0578 4128 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:48:03.0812 4128 TlntSvr - ok
21:48:03.0859 4128 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:48:03.0984 4128 TosIde - ok
21:48:04.0015 4128 [ 639BA7B37F25054CF5E82604E736D250 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:48:04.0031 4128 TPDIGIMN - ok
21:48:04.0093 4128 [ 3663C0F611711DAC453636AF562F0831 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
21:48:04.0140 4128 TPHDEXLGSVC - ok
21:48:04.0250 4128 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:48:04.0359 4128 TPHKDRV - ok
21:48:04.0468 4128 [ 1DBF0267CEBF80F0BD24DFE895367DB5 ] TPHKLOAD C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
21:48:04.0593 4128 TPHKLOAD - ok
21:48:04.0656 4128 [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
21:48:04.0718 4128 TPHKSVC - ok
21:48:04.0765 4128 [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
21:48:04.0812 4128 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
21:48:04.0812 4128 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
21:48:04.0937 4128 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:48:05.0171 4128 TrkWks - ok
21:48:05.0203 4128 [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
21:48:05.0218 4128 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
21:48:05.0218 4128 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
21:48:05.0718 4128 [ 44D5BE1651390476C5EDB3B5DF28DE30 ] TSSCoreService C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
21:48:06.0515 4128 TSSCoreService - ok
21:48:06.0906 4128 [ C8DA890DF821DBE5CD5B9A10C6C82D51 ] TVT Backup Protection Service C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
21:48:07.0390 4128 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
21:48:07.0390 4128 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
21:48:07.0953 4128 [ 951675971BB6DE44284CCE95F33F7421 ] TVT Backup Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
21:48:08.0921 4128 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
21:48:08.0921 4128 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
21:48:09.0750 4128 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
21:48:11.0000 4128 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
21:48:11.0000 4128 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
21:48:11.0093 4128 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
21:48:11.0171 4128 tvtfilter - ok
21:48:11.0234 4128 [ 8AB24D4B7DA715C2C80455137910E792 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
21:48:11.0312 4128 TVTI2C - ok
21:48:11.0375 4128 [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
21:48:11.0421 4128 tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
21:48:11.0421 4128 tvtnetwk - detected UnsignedFile.Multi.Generic (1)
21:48:11.0421 4128 TVTPktFilter - ok
21:48:11.0500 4128 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:48:11.0734 4128 Udfs - ok
21:48:11.0765 4128 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:48:11.0875 4128 ultra - ok
21:48:11.0937 4128 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:48:12.0015 4128 UMWdf - ok
21:48:12.0250 4128 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:48:12.0875 4128 Update - ok
21:48:13.0015 4128 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:48:13.0265 4128 upnphost - ok
21:48:13.0296 4128 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:48:13.0484 4128 UPS - ok
21:48:13.0515 4128 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:48:13.0687 4128 usbccgp - ok
21:48:13.0734 4128 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:48:13.0890 4128 usbehci - ok
21:48:13.0968 4128 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:48:14.0140 4128 usbhub - ok
21:48:14.0156 4128 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:48:14.0375 4128 usbprint - ok
21:48:14.0390 4128 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:48:14.0546 4128 usbscan - ok
21:48:14.0578 4128 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:48:14.0953 4128 USBSTOR - ok
21:48:14.0984 4128 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:48:15.0109 4128 usbuhci - ok
21:48:15.0187 4128 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
21:48:15.0250 4128 VComm ( UnsignedFile.Multi.Generic ) - warning
21:48:15.0250 4128 VComm - detected UnsignedFile.Multi.Generic (1)
21:48:15.0312 4128 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
21:48:15.0375 4128 VcommMgr ( UnsignedFile.Multi.Generic ) - warning
21:48:15.0375 4128 VcommMgr - detected UnsignedFile.Multi.Generic (1)
21:48:15.0406 4128 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:48:15.0593 4128 VgaSave - ok
21:48:15.0671 4128 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:48:15.0796 4128 viaagp - ok
21:48:15.0828 4128 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:48:15.0953 4128 ViaIde - ok
21:48:16.0031 4128 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:48:16.0156 4128 VolSnap - ok
21:48:16.0343 4128 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:48:16.0625 4128 VSS - ok
21:48:16.0750 4128 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:48:17.0000 4128 W32Time - ok
21:48:17.0031 4128 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:48:17.0203 4128 Wanarp - ok
21:48:17.0515 4128 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:48:17.0953 4128 Wdf01000 - ok
21:48:17.0953 4128 WDICA - ok
21:48:18.0046 4128 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:48:18.0265 4128 wdmaud - ok
21:48:18.0328 4128 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:48:18.0593 4128 WebClient - ok
21:48:19.0062 4128 [ 115946A53B62A6B171FD0ED197C71D52 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:48:19.0796 4128 winachsf - ok
21:48:19.0968 4128 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:48:20.0234 4128 winmgmt - ok
21:48:20.0781 4128 [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS C:\Programme\Windows Media Connect 2\wmccds.exe
21:48:21.0687 4128 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
21:48:21.0687 4128 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
21:48:21.0765 4128 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:48:21.0828 4128 WmdmPmSN - ok
21:48:22.0234 4128 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:48:23.0015 4128 Wmi - ok
21:48:23.0156 4128 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:48:23.0421 4128 WmiApSrv - ok
21:48:23.0468 4128 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
21:48:23.0531 4128 WpdUsb - ok
21:48:23.0546 4128 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:48:23.0687 4128 WSTCODEC - ok
21:48:24.0000 4128 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:48:24.0609 4128 WZCSVC - ok
21:48:24.0718 4128 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:48:24.0921 4128 xmlprov - ok
21:48:24.0937 4128 ================ Scan global ===============================
21:48:25.0000 4128 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:48:25.0218 4128 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:48:25.0593 4128 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:48:25.0703 4128 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:48:25.0703 4128 [Global] - ok
21:48:25.0703 4128 ================ Scan MBR ==================================
21:48:25.0750 4128 [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk0\DR0
21:48:26.0265 4128 \Device\Harddisk0\DR0 - ok
21:48:26.0265 4128 ================ Scan VBR ==================================
21:48:26.0265 4128 [ 995B9A8A670CD5116423BC342FBF9090 ] \Device\Harddisk0\DR0\Partition1
21:48:26.0281 4128 \Device\Harddisk0\DR0\Partition1 - ok
21:48:26.0281 4128 ============================================================
21:48:26.0281 4128 Scan finished
21:48:26.0281 4128 ============================================================
21:48:26.0390 4196 Detected object count: 47
21:48:26.0390 4196 Actual detected object count: 47
21:49:26.0953 4196 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0953 4196 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0953 4196 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196 ADIHdAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0953 4196 AEAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0953 4196 AEAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 BlueletSCOAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 BlueSoleil Hid Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 BT ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0968 4196 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0968 4196 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196 BTNetFilter ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196 BTNetFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:26.0984 4196 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:26.0984 4196 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0000 4196 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0000 4196 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0015 4196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0015 4196 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0031 4196 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0031 4196 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 VComm ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0046 4196 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0046 4196 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:49:27.0062 4196 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
21:49:27.0062 4196 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.09.2012, 13:28
| #47 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
24.09.2012, 20:43
| #48 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Combofix Logfile:
__________________Code:
ATTFilter ComboFix 12-09-24.02 - Administrator 24.09.2012 20:43:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1014.325 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Eigene Dateien\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\Anwendungsdaten\system32
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\vrlogon.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-24 bis 2012-09-24 ))))))))))))))))))))))))))))))
.
.
2012-09-19 02:08 . 2012-09-19 02:08 -------- d-----w- c:\dokumente und einstellungen\Administrator\Client Security Solution
2012-09-17 19:37 . 2012-09-22 19:59 -------- d-----w- C:\_OTL
2012-09-15 20:31 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-15 20:31 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-15 20:31 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-15 20:31 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-15 20:31 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-15 20:31 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-09-15 20:31 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-09-15 20:31 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-09-15 20:28 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-15 20:27 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-15 20:24 . 2012-09-15 20:24 -------- d-----w- c:\programme\AVAST Software
2012-09-15 20:24 . 2012-09-15 20:24 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-08-10 12:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 20:03 . 2012-09-19 20:00 266720 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\programme\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2012-05-28 296056]
"Reader Application Helper"="c:\programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-9-20 1200128]
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Secunia PSI Tray.lnk - c:\programme\Secunia\PSI\psi_tray.exe [2012-5-3 562232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 20:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"Client Server Runtime Process"= c:\dokumente und einstellungen\Administrator\Anwendungsdaten\System32\csrss.exe
"Host-process Windows (Rundll32.exe)"= c:\dokumente und einstellungen\Administrator\Anwendungsdaten\csrss.exe
"Service Host Process for Windows"= c:\dokumente und einstellungen\Administrator\Anwendungsdaten\svchost.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.09.2012 22:31 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.09.2012 22:31 355632]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [22.09.2011 09:12 13680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.09.2012 22:31 21256]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [14.09.2012 22:22 399432]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [10.08.2012 14:52 676936]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 22:10 11152]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [22.09.2011 09:12 130920]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [09.07.2007 08:23 64952]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [08.02.2007 13:11 569344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.08.2012 14:52 22856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 15:59 30336]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [15.09.2012 22:31 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [22.09.2011 09:12 45496]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [15.09.2012 22:31 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [20.05.2012 13:42 114144]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 22:37 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [16.12.2011 16:19 15544]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\programme\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-15 09:12]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-15 20:31]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-09-15 20:31]
.
2012-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-05-29 16:22]
.
2012-09-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-04-30 16:21]
.
2012-09-24 c:\windows\Tasks\ReclaimerUpdateFiles_Administrator.job
- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 09:25]
.
2012-09-24 c:\windows\Tasks\ReclaimerUpdateXML_Administrator.job
- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 09:25]
.
2012-09-24 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Administrator.job
- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-24 09:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Citavi Picker... - file://c:\dokumente und einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t3g1o2zt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-24 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\system32\TPAPSLOG.LOG 384 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3654445409-3643727936-2709279435-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,76,ce,58,0e,10,3e,45,94,d7,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,76,ce,58,0e,10,3e,45,94,d7,c5,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1824)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
.
- - - - - - - > 'lsass.exe'(1880)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
.
- - - - - - - > 'explorer.exe'(5484)
c:\windows\system32\msi.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Secunia\PSI\PSIA.exe
c:\programme\Secunia\PSI\sua.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\wdfmgr.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programme\LENOVO\HOTKEY\tposdsvc.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\programme\Intel\Wireless\Bin\Dot1XCfg.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-24 21:29:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-24 19:29
.
Vor Suchlauf: 19 Verzeichnis(se), 36.289.810.432 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 36.318.629.888 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E5B10446D543F067F6B58C885F8B28DD
|
|
25.09.2012, 10:45
| #49 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.09.2012, 17:57
| #50 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben ... ja, alles erledigt. Soweit ok? |
|
25.09.2012, 19:45
| #51 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Wie denn jetzt im Anhang, erspar mir doch bitte diese ständige Klickerei und Entpackerei....die Logs sollten alle direkt gepostet werden in CODE-Tags umschlossen
__________________ --> Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben |
|
25.09.2012, 20:20
| #52 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben das habe ich versucht, aber ich bekam die Meldung das die Texte zu lang seien und ich bitte bie Beiträge las logs anhängen solle... also habe ich es mir einfach gemacht und die 3 dateien als Anhang versendet. GMER passt nicht... hier nun osam Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:41:01 on 25.09.2012 *OS*: Windows XP Professional Service Pack 3 (Build 2600) *Default Browser*: Mozilla Corporation Firefox 15.0.1 *Scanner Settings* Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures *Filters* Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Common %SystemRoot%\Tasks "avast! Emergency Update.job" "AVAST Software" C:\Programme\AVAST Software\Avast\AvastEmUpdate.exe File exists |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "PMTask.job" C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE File found, but it contains no detailed information "RealUpgradeLogonTaskS-1-5-21-3654445409-3643727936-2709279435-500.job" "RealNetworks, Inc." C:\Programme\Real\RealUpgrade\realupgrade.exe File exists "RealUpgradeScheduledTaskS-1-5-21-3654445409-3643727936-2709279435-500.job" "RealNetworks, Inc." C:\Programme\Real\RealUpgrade\realupgrade.exe File exists "ReclaimerUpdateFiles_Administrator.job" "RealNetworks, Inc." C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe File exists "ReclaimerUpdateXML_Administrator.job" "RealNetworks, Inc." C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe File exists "RNUpgradeHelperLogonPrompt_Administrator.job" "RealNetworks, Inc." C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe File exists Control Panel Objects %SystemRoot%\system32 |||||| "btcpl.cpl" "Broadcom Corporation." C:\WINDOWS\system32\btcpl.cpl File exists |||||| "FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\WINDOWS\system32\FlashPlayerCPLApp.cpl File exists |||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists |||||| "ISUSPM.cpl" "InstallShield Software Corporation" C:\WINDOWS\system32\ISUSPM.cpl File exists "javacpl.cpl" "Oracle Corporation" C:\WINDOWS\system32\javacpl.cpl File exists |||||| "TpShCPL.cpl" "Lenovo." C:\WINDOWS\system32\TpShCPL.cpl File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL File exists |||||| "ProtectorSuiteInfoPanel" "UPEK Inc." C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl File exists |||||| "Windows Media Connect" "Microsoft Corporation" C:\Programme\Windows Media Connect 2\wmccpl.dll File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "ADI UAA Function Driver for High Definition Audio Service" (ADIHdAudAddService) "Analog Devices, Inc." C:\WINDOWS\System32\drivers\ADIHdAud.sys File exists |||||| "AE Audio Service" (AEAudio) "Andrea Electronics Corporation" C:\WINDOWS\System32\drivers\AEAudio.sys File exists |||||| "ANC" (ANC) "IBM Corp." C:\WINDOWS\System32\drivers\ANC.SYS File exists |||||| "APS Digitizer Activity Monitor" (TPDIGIMN) "Lenovo." C:\WINDOWS\System32\DRIVERS\ApsHM86.sys File exists "aswFsBlk" (aswFsBlk) "AVAST Software" C:\WINDOWS\system32\drivers\aswFsBlk.sys File exists "aswMon2" (aswMon2) "AVAST Software" C:\WINDOWS\system32\drivers\aswMon2.sys File exists "aswRdr" (AswRdr) "AVAST Software" C:\WINDOWS\system32\drivers\AswRdr.sys File exists "aswSnx" (aswSnx) "AVAST Software" C:\WINDOWS\system32\drivers\aswSnx.sys File exists "aswSP" (aswSP) "AVAST Software" C:\WINDOWS\system32\drivers\aswSP.sys File exists "avast! Asynchronous Virus Monitor" (Aavmker4) "AVAST Software" C:\WINDOWS\system32\drivers\Aavmker4.sys File exists "avast! Network Shield Support" (aswTdi) "AVAST Software" C:\WINDOWS\system32\drivers\aswTdi.sys File exists |||||| "Bluetooth Audio Service" (BlueletAudio) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\blueletaudio.sys File exists |||||| "Bluetooth HID Enumerator" (BTHidEnum) C:\WINDOWS\System32\DRIVERS\vbtenum.sys File found, but it contains no detailed information |||||| "Bluetooth HID Manager Service" (BTHidMgr) "IVT Corporation" C:\WINDOWS\System32\Drivers\BTHidMgr.sys File exists |||||| "Bluetooth Network Filter" (BTNetFilter) C:\WINDOWS\system32\drivers\BTNetFilter.sys File found, but it contains no detailed information |||||| "Bluetooth PAN Network Adapter" (BT) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\btnetdrv.sys File exists |||||| "Bluetooth SCO Audio Service" (BlueletSCOAudio) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\BlueletSCOAudio.sys File exists |||||| "Bluetooth USB For Bluetooth Service" (Btcsrusb) "IVT Corporation" C:\WINDOWS\System32\Drivers\btcusb.sys File exists |||||| "Bluetooth VComm Manager Service" (VcommMgr) "IVT Corporation" C:\WINDOWS\System32\Drivers\VcommMgr.sys File exists "catchme" (catchme) C:\ComboFix\catchme.sys File not found "Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found |||||| "DLABOIOM" (DLABOIOM) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLABOIOM.SYS File exists |||||| "DLACDBHM" (DLACDBHM) "Sonic Solutions" C:\WINDOWS\System32\Drivers\DLACDBHM.SYS File exists |||||| "DLADResN" (DLADResN) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLADResN.SYS File exists |||||| "DLAIFS_M" (DLAIFS_M) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLAIFS_M.SYS File exists |||||| "DLAOPIOM" (DLAOPIOM) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLAOPIOM.SYS File exists |||||| "DLAPoolM" (DLAPoolM) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLAPoolM.SYS File exists |||||| "DLARTL_N" (DLARTL_N) "Sonic Solutions" C:\WINDOWS\System32\Drivers\DLARTL_N.SYS File exists |||||| "DLAUDFAM" (DLAUDFAM) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLAUDFAM.SYS File exists |||||| "DLAUDF_M" (DLAUDF_M) "Sonic Solutions" C:\WINDOWS\System32\DLA\DLAUDF_M.SYS File exists |||||| "DRVMCDB" (DRVMCDB) "Sonic Solutions" C:\WINDOWS\System32\Drivers\DRVMCDB.SYS File exists |||||| "DRVNDDM" (DRVNDDM) "Sonic Solutions" C:\WINDOWS\System32\Drivers\DRVNDDM.SYS File exists |||||| "IBMTPCHK" (IBMTPCHK) C:\WINDOWS\system32\Drivers\IBMBLDID.sys File found, but it contains no detailed information |||||| "IVI ASPI Shell" (Iviaspi) "InterVideo, Inc." C:\WINDOWS\System32\drivers\iviaspi.sys File exists "kwddqpoc" (kwddqpoc) C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwddqpoc.sys Hidden registry entry, rootkit activity | File not found "lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found |||||| "Lenovo System Interface Driver" (lenovo.smi) "Lenovo Group Limited" C:\WINDOWS\System32\DRIVERS\smiif32.sys File exists "MBAMProtector" (MBAMProtector) "Malwarebytes Corporation" C:\WINDOWS\system32\drivers\mbam.sys File exists "Microsoft UAA Function Driver for High Definition Audio Service" (HdAudAddService) C:\WINDOWS\System32\drivers\CHDAudN.sys File not found "PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found "PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found "PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found "PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found "PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found |||||| "pmem" (pmem) "Microsoft Corporation" C:\WINDOWS\System32\drivers\pmemnt.sys File exists |||||| "PSI" (PSI) "Secunia" C:\WINDOWS\System32\DRIVERS\psi_mf.sys File exists |||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists |||||| "Shockprf" (Shockprf) "Lenovo." C:\WINDOWS\System32\DRIVERS\Apsx86.sys File exists |||||| "SMI Helper Driver (smihlp)" (smihlp) "UPEK Inc." C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys File exists |||||| "TPPWRIF" (TPPWRIF) C:\WINDOWS\System32\drivers\Tppwrif.sys File found, but it contains no detailed information |||||| "TSMAPIP" (TSMAPIP) C:\WINDOWS\System32\drivers\TSMAPIP.SYS File found, but it contains no detailed information "TVT Packet Filter Service" (TVTPktFilter) C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys File not found |||||| "Virtual Serial port driver" (VComm) "IVT Corporation" C:\WINDOWS\System32\DRIVERS\VComm.sys File exists "WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found |||||| "WLAN-Transport" (s24trans) "Intel Corporation" C:\WINDOWS\System32\DRIVERS\s24trans.sys File exists Explorer HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components |||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Filter |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL File exists HKLM\Software\Classes\Protocols\Handler |||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Programme\7-Zip\7-zip.dll File exists |||||| {472083B0-C522-11CF-8763-00608CC02F24} "avast" "AVAST Software" C:\Programme\AVAST Software\Avast\ashShell.dll File exists |||||| {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" "Broadcom Corporation." C:\WINDOWS\system32\btneighborhood.dll File exists |||||| {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\VISSHE.DLL File exists {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" File not found | COM-object registry key not found |||||| {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" "Sonic Solutions" C:\WINDOWS\System32\DLA\DLASHX_W.DLL File exists |||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" c:\WINDOWS\system32\mscoree.dll File exists |||||| {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\VISSHE.DLL File exists {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\msohevi.dll File exists |||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll File exists |||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll File exists |||||| {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\ONFILTER.DLL File exists |||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL File exists |||||| {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" "Broadcom Corporation." C:\WINDOWS\system32\btncopy.dll File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\OLKFSTUB.DLL File exists {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." c:\programme\real\realplayer\rpshell.dll File exists {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" File not found | COM-object registry key not found |||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found |||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists |||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Programme\WinRAR\rarext.dll File exists Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser ITBar7Height "ITBar7Height" File not found | COM-object registry key not found "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units || {2DAD3559-2923-4935-AD49-B673D2539944} "IASRunner Class" hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect.cab C:\WINDOWS\Downloaded Program Files\acpir2.dll File exists |||| {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll File exists |||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_31.dll File exists |||| {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_31.dll File exists |||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_31.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\ONBttnIE.dll File exists |||||| {609D670F-B735-4da7-AC6D-F3BD358E325E} "Citavi Picker" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists |||||| {0FE81B52-73FA-425F-8F06-3F32451AC73F} "ClsidExtension" "Lenovo Group Limited" C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll File exists |||||| {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||||| "avast! WebRep" "AVAST Software" C:\Programme\AVAST Software\Avast\aswWebRepIE.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File exists |||||| {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" "AVAST Software" C:\Programme\AVAST Software\Avast\aswWebRepIE.dll File exists |||||| {F040E541-A427-4CF7-85D8-75E3E0F476C5} "CPwmIEBrowserHelper Object" "Lenovo Group Limited" C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll File exists |||||| {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" "Sonic Solutions" C:\WINDOWS\System32\DLA\DLASHX_W.DLL File exists {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Oracle Corporation" C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll File exists {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Oracle Corporation" C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll File exists |||||| {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL File exists {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer" C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File exists |||||| {609D670F-B735-4da7-AC6D-F3BD358E325E} "SwissAcademic.Citavi.Picker.IEPicker" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists LSA Providers HKLM\SYSTEM\CurrentControlSet\Control\Lsa |||||| "Notification packages" "UPEK Inc." C:\WINDOWS\system32\psqlpwd.dll File exists Logon %AllUsersProfile%\Startmenü\Programme\Autostart |||| "Adobe Reader Synchronizer.lnk" "Adobe Systems Incorporated" C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Shortcut exists | File exists |||| "BlueSoleil.lnk" "IVT Corporation" C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe Shortcut exists | File exists |||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists |||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists "Secunia PSI Tray.lnk" "Secunia" C:\Programme\Secunia\PSI\psi_tray.exe Shortcut exists | File exists |||| "BTTray.lnk" "Broadcom Corporation." C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe Shortcut exists | File exists %UserProfile%\Startmenü\Programme\Autostart |||| "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE Shortcut exists | File exists |||||| "desktop.ini" C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "ACTray" "Lenovo " C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe File exists |||| "ACWLIcon" "Lenovo " C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe File exists |||| "AMSG" "LENOVO" C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup File exists |||||| "avast" "AVAST Software" "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui File exists |||| "AwaySch" "Lenovo Group Limited" C:\Programme\Lenovo\AwayTask\AwaySch.EXE File exists |||| "BLOG" rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog File found, but it contains no detailed information |||||| "cssauth" "Lenovo Group Limited" "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent File exists |||| "DiskeeperSystray" "Diskeeper Corporation" "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" File exists |||| "DLA" "Sonic Solutions" C:\WINDOWS\System32\DLA\DLACTRLW.EXE File exists |||| "EZEJMNAP" "Lenovo Group Ltd." C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe File exists |||| "HP Software Update" "Hewlett-Packard" C:\Programme\HP\HP Software Update\HPWuSchd2.exe File exists |||| "ISUSPM Startup" "InstallShield Software Corporation" C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File exists |||| "ISUSScheduler" "InstallShield Software Corporation" "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start File exists |||| "LenovoAutoScrollUtility" "Lenovo Group Limited" C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe File exists |||| "LPManager" "Lenovo Group Limited" C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe File exists |||| "PWRMGRTR" "Lenovo Group Limited" rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor File exists "Reader Application Helper" "Sony Corporation" C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe File exists |||| "SoundMAXPnP" "Analog Devices, Inc." C:\Programme\Analog Devices\Core\smax4pnp.exe File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists "TkBellExe" "RealNetworks, Inc." "c:\programme\real\realplayer\update\realsched.exe" -osboot File exists |||| "TPFNF7" "Lenovo Group Limited" C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r File exists |||||| "TpShocks" "Lenovo." TpShocks.exe File exists |||| "TVT Scheduler Proxy" "Lenovo Group Limited" C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe File exists Print Monitors HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors |||||| "Bluetooth-Druckeranschluss" "Broadcom Corporation." C:\WINDOWS\system32\bthcrp.dll File exists |||||| "HP Standard TCP/IP Port" "Hewlett Packard" C:\WINDOWS\system32\HpTcpMon.dll File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists |||||| "Ac Profile Manager Service" (AcPrfMgrSvc) "Lenovo " C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe File exists |||||| "Access Connections Main Service" (AcSvc) "Lenovo " C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe File exists |||||| "Anzeige am Bildschirm" (TPHKSVC) "Lenovo Group Limited" C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe File exists |||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists |||||| "avast! Antivirus" (avast! Antivirus) "AVAST Software" C:\Programme\AVAST Software\Avast\AvastSvc.exe File exists |||||| "BlueSoleil Hid Service" (BlueSoleil Hid Service) C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe File found, but it contains no detailed information |||||| "Bluetooth Service" (btwdins) "Broadcom Corporation." C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe File exists |||||| "Diskeeper" (Diskeeper) "Diskeeper Corporation" C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe File exists |||| "Google Update-Dienst (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "Google Update-Dienst (gupdatem)" (gupdatem) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists |||| "Google Updater Service" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe File exists |||||| "Intel(R) PROSet/Wireless Event Log" (EvtEng) "Intel Corporation" C:\Programme\Intel\Wireless\Bin\EvtEng.exe File exists |||||| "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) "Intel Corporation" C:\Programme\Intel\Wireless\Bin\RegSrvc.exe File exists |||||| "Intel(R) PROSet/Wireless Service" (S24EventMonitor) "Intel Corporation " C:\Programme\Intel\Wireless\Bin\S24EvMon.exe File exists |||||| "IPS-Basisservice" (IPSSVC) "Lenovo Group Limited" C:\WINDOWS\system32\IPSSVC.EXE File exists |||||| "IviRegMgr" (IviRegMgr) "InterVideo" C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe File exists "Java Quick Starter" (JavaQuickStarterService) "Oracle Corporation" C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe File exists |||||| "Lenovo Hotkey Client Loader" (TPHKLOAD) "Lenovo Group Limited" C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe File exists |||||| "Lenovo Microphone Mute" (LENOVO.MICMUTE) "Lenovo Group Limited" C:\Programme\LENOVO\HOTKEY\MICMUTE.exe File exists "MBAMScheduler" (MBAMScheduler) "Malwarebytes Corporation" C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe File exists "MBAMService" (MBAMService) "Malwarebytes Corporation" C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe File exists "Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe File exists |||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists |||||| "Office Software Protection Platform" (osppsvc) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE File exists |||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "HP" C:\WINDOWS\system32\HPZipm12.exe File exists "Secunia PSI Agent" (Secunia PSI Agent) "Secunia" C:\Programme\Secunia\PSI\PSIA.exe File exists "Secunia Update Agent" (Secunia Update Agent) "Secunia" C:\Programme\Secunia\PSI\sua.exe File exists |||||| "Sony SCSI Helper Service" (Sony SCSI Helper Service) "Sony Corporation" C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe File exists |||||| "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) "Microsoft Corporation" c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe File exists |||||| "SQL Server VSS Writer" (SQLWriter) "Microsoft Corporation" c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe File exists |||||| "SQL Server-Browser" (SQLBrowser) "Microsoft Corporation" c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe File exists |||||| "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) "Microsoft Corporation" C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe File exists "System Update" (SUService) "Lenovo Group Limited" c:\programme\lenovo\system update\suservice.exe File exists |||||| "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) "Lenovo." C:\WINDOWS\System32\TPHDEXLG.exe File exists |||||| "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) "Lenovo Group Limited" C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe File exists |||||| "TSS Core Service" (TSSCoreService) "IBM" C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe File exists |||||| "TVT Backup Protection Service" (TVT Backup Protection Service) C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe File exists |||||| "TVT Backup Service" (TVT Backup Service) "Lenovo Group Limited" C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe File exists |||||| "TVT Scheduler" (TVT Scheduler) "Lenovo Group Limited" c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe File exists |||||| "tvtnetwk" (tvtnetwk) C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe File found, but it contains no detailed information |||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists |||| "Windows Media Connect-Dienst" (WMConnectCDS) "Microsoft Corporation" C:\Programme\Windows Media Connect 2\wmccds.exe File exists |||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists Winlogon HKCU\Control Panel\Desktop "SCRNSAVE.EXE" "Google Inc." C:\WINDOWS\system32\GPhotos.scr File exists HKCU\Control Panel\IOProcs "MVB" mvfs32.dll File not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify |||||| "psfus" "UPEK Inc." C:\WINDOWS\system32\psqlpwd.dll File exists |||| "WgaLogon" "Microsoft Corporation" C:\WINDOWS\system32\WgaLogon.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 17:46:08
-----------------------------
17:46:08.512 OS Version: Windows 5.1.2600 Service Pack 3
17:46:08.512 Number of processors: 2 586 0xE08
17:46:08.512 ComputerName: LENOVO-6E136213 UserName: Administrator
17:46:11.168 Initialize success
17:46:23.324 AVAST engine defs: 12092500
17:46:29.699 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:46:29.699 Disk 0 Vendor: TOSHIBA_MK8032GSX AS114E Size: 76319MB BusType: 3
17:46:29.746 Disk 0 MBR read successfully
17:46:29.746 Disk 0 MBR scan
17:46:29.996 Disk 0 unknown MBR code
17:46:30.012 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 69619 MB offset 63
17:46:30.090 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6696 MB offset 142581600
17:46:30.152 Disk 0 scanning sectors +156295440
17:46:30.418 Disk 0 scanning C:\WINDOWS\system32\drivers
17:47:53.543 Service scanning
17:49:25.496 Modules scanning
17:50:15.809 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
17:50:22.840 Disk 0 trace - called modules:
17:50:22.871 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
17:50:22.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b2bab8]
17:50:22.871 3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\000000a1[0x86b2f1b8]
17:50:22.871 5 ACPI.sys[f74d2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b5fd98]
17:50:26.293 AVAST engine scan C:\WINDOWS
17:51:06.637 AVAST engine scan C:\WINDOWS\system32
18:05:24.324 AVAST engine scan C:\WINDOWS\system32\drivers
18:06:40.902 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
18:16:36.949 AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:17:51.887 Scan finished successfully
18:33:18.871 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
18:33:18.918 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR 2012-09-25.txt"
|
|
26.09.2012, 11:37
| #53 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Ja das ist ok, bitte nur die nicht passenden als Anhang. Aber nur wenn sie sich übere viele Beiträge erstrecken, ansonsten das Log zB in drei Teile aufsplitten und auch dann über drei Postings jew. Teil für Teil in CODE-Tags posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.09.2012, 19:22
| #54 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Hallo Cosinus, geht es nun irgendwie weiter? Ist alles wieder ok? Danke für Info bzw. weitere Hilfe |
|
27.09.2012, 20:51
| #55 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Sry, ich dachte ich hätte die Anweisung gepostet, naja da hab ich mich geirrt Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.09.2012, 21:26
| #56 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben MBR fix war sehr schnell beendet. Kann das richtig sein? Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 20:26:20
-----------------------------
20:26:20.796 OS Version: Windows 5.1.2600 Service Pack 3
20:26:20.796 Number of processors: 2 586 0xE08
20:26:20.796 ComputerName: LENOVO-6E136213 UserName: Administrator
20:26:22.765 Initialize success
20:26:23.125 AVAST engine defs: 12092700
20:26:27.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:26:27.453 Disk 0 Vendor: TOSHIBA_MK8032GSX AS114E Size: 76319MB BusType: 3
20:26:27.484 Disk 0 MBR read successfully
20:26:27.484 Disk 0 MBR scan
20:26:27.500 Disk 0 Windows XP default MBR code
20:26:27.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 69619 MB offset 63
20:26:27.531 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6696 MB offset 142581600
20:26:27.546 Disk 0 scanning sectors +156295440
20:26:27.687 Disk 0 scanning C:\WINDOWS\system32\drivers
20:27:03.062 Service scanning
20:28:25.578 Modules scanning
20:28:53.578 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
20:28:59.656 Disk 0 trace - called modules:
20:28:59.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:28:59.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b05978]
20:28:59.687 3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\000000a1[0x86b3e9e8]
20:28:59.703 5 ACPI.sys[f74d2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b3fd98]
20:29:01.406 AVAST engine scan C:\WINDOWS
20:29:28.562 AVAST engine scan C:\WINDOWS\system32
20:40:16.265 AVAST engine scan C:\WINDOWS\system32\drivers
20:40:59.796 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
20:48:52.890 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:51:33.468 Scan finished successfully
20:57:59.437 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
20:57:59.734 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR 12-09-28.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-28 21:52:40
-----------------------------
21:52:40.609 OS Version: Windows 5.1.2600 Service Pack 3
21:52:40.609 Number of processors: 2 586 0xE08
21:52:40.609 ComputerName: LENOVO-6E136213 UserName: Administrator
21:52:42.390 Initialize success
21:52:42.578 AVAST engine defs: 12092800
21:52:45.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:52:45.515 Disk 0 Vendor: TOSHIBA_MK8032GSX AS114E Size: 76319MB BusType: 3
21:52:45.546 Disk 0 MBR read successfully
21:52:45.546 Disk 0 MBR scan
21:52:45.546 Disk 0 Windows XP default MBR code
21:52:45.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 69619 MB offset 63
21:52:45.625 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6696 MB offset 142581600
21:52:45.718 Disk 0 scanning sectors +156295440
21:52:45.984 Disk 0 scanning C:\WINDOWS\system32\drivers
21:53:21.187 Service scanning
21:54:41.671 Modules scanning
21:55:11.484 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
21:55:15.265 Disk 0 trace - called modules:
21:55:15.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
21:55:15.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b0eab8]
21:55:15.296 3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\000000a1[0x86b1c9e8]
21:55:15.296 5 ACPI.sys[f74d2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b3a940]
21:55:16.953 AVAST engine scan C:\WINDOWS
21:55:35.734 AVAST engine scan C:\WINDOWS\system32
22:05:19.953 AVAST engine scan C:\WINDOWS\system32\drivers
22:06:04.500 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
22:14:00.343 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:15:06.234 Scan finished successfully
22:19:52.390 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
22:19:52.406 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR 12-09-28.txt"
|
|
28.09.2012, 21:33
| #57 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2012, 20:14
| #58 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu behebenCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/29/2012 at 09:03 PM
Application Version : 5.5.1022
Core Rules Database Version : 9316
Trace Rules Database Version: 7128
Scan type : Quick Scan
Total Scan Time : 00:26:53
Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 734
Memory threats detected : 0
Registry items scanned : 29473
Registry threats detected : 0
File items scanned : 7185
File threats detected : 157
Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@adviva[1].txt [ /adviva ]
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@specificclick[1].txt [ /specificclick ]
C:\Dokumente und Einstellungen\Administrator\Cookies\U6BTNIDW.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\PDBAIZPR.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\MPTQTUX4.txt [ /ru4.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\3PNSGPI9.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\D80UFMFD.txt [ /clicks.coolsearchnow.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\RN9SFSAG.txt [ /ads4adult.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\Q0QO4LS4.txt [ /youporn.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\LJYOJMUJ.txt [ /ad1.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\0S442Y4F.txt [ /ads.creative-serving.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\GHYLT493.txt [ /ads.lzjl.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\N5J8PAOP.txt [ /ad3.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\PJAVIQX1.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\V35KKHHQ.txt [ /media.neodau.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\ODVE8FW6.txt [ /s2.trafficno.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\KL8KN89M.txt [ /ox-d.enveromedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\45E320SU.txt [ /myroitracking.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\UH45GI8S.txt [ /de.sitestat.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\QLO65I81.txt [ /media6degrees.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\FDLFDD4L.txt [ /ad.zanox.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\A401ZHY7.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\2NTETT0O.txt [ /revsci.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\H866WA86.txt [ /ad4.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\UBZ2UDB4.txt [ /goclicker.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\TKQTGTLQ.txt [ /eas.apm.emediate.eu ]
C:\Dokumente und Einstellungen\Administrator\Cookies\2MQGPCGO.txt [ /ad.zanox.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\LK7R9XWI.txt [ /tracking.quisma.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\XHVQRLJQ.txt [ /atdmt.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\N2L53XVS.txt [ /invitemedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\2TPA5NZ8.txt [ /2o7.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\M1D657MS.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\31RXPRVH.txt [ /ad.ad-srv.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\UT6716SS.txt [ /ads.pixfuture.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\I6VFZ4CV.txt [ /s4.mediaadserver.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\UAAK1HH5.txt [ /ad.adition.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\53PEHWEM.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\MZ0IDV5Y.txt [ /eclickz.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\X7WRXUC3.txt [ /avatraffic.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\TI2G4L5P.txt [ /lucidmedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\D9HTYI3L.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\6EH6TBMI.txt [ /bs.serving-sys.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\X8SH4SFD.txt [ /adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\9VX14NOC.txt [ /ads.ghettvocab.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\Q7GUVBIJ.txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\H9ANL5C0.txt [ /ad.jokeroo.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\UFL8K8QN.txt [ /ad.360yield.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\FS3HW6Q5.txt [ /ox-d.matchflowmedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\AW2WHMV2.txt [ /68378.findfastnow.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\3IY9C0XN.txt [ /ad.dyntracker.de ]
C:\Dokumente und Einstellungen\Administrator\Cookies\P0F9A5S1.txt [ /eas.apm.emediate.eu ]
C:\Dokumente und Einstellungen\Administrator\Cookies\IMMX3Z4S.txt [ /harrenmedianetwork.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\PDA2FGP4.txt [ /search.eclickz.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\103ZTPP5.txt [ /click.expandsearchanswers.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\YW8JEV8J.txt [ /at.atwola.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\AUP8A36A.txt [ /histats.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\I634L1R7.txt [ /doubleclick.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\0EV1E3W7.txt [ /adbrite.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\5Z5UW5H9.txt [ /s4.trafficno.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\P0SH0JU9.txt [ /adjuggler.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\93GKU3PU.txt [ /tradedoubler.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\02NWCPWV.txt [ /aim4media.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\I0XVH67H.txt [ /dyntracker.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\WR792IIK.txt [ /www.enveromedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\S1L4LRN7.txt [ /serving-sys.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\2KEGYFE2.txt [ /yieldmanager.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\AX39D3ND.txt [ /apmebf.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\AS471T92.txt [ /fastclick.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\TLDZ03I7.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\4R8ZWTO2.txt [ /ad2.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\306NV3YK.txt [ /ads2.247activemedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\2QNM2M73.txt [ /zanox-affiliate.de ]
C:\Dokumente und Einstellungen\Administrator\Cookies\IX9LBTRM.txt [ /mediaplex.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\M37DGLAW.txt [ /casalemedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\8SSFT9O3.txt [ /www.zanox-affiliate.de ]
C:\Dokumente und Einstellungen\Administrator\Cookies\S1SS6ZXZ.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\DFBY92R3.txt [ /adserver.adtechus.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\D0G2QK0R.txt [ /s3.trafficno.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\JBAOXKFN.txt [ /ad1.adfarm1.adition.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\GVHD2TFD.txt [ /tracking982.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\W1O8I02M.txt [ /ads.us.e-planning.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\JIJU1QB5.txt [ /statcounter.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\8NQU79M8.txt [ /tribalfusion.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\Q45KLI32.txt [ /zanox.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\BLXKTAHU.txt [ /ad.yieldmanager.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\00CNUUTZ.txt [ /s3.mediaadserver.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\SZHVMNR7.txt [ /ads.fulltraffic.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\XFXCE9NO.txt [ /adtech.de ]
C:\Dokumente und Einstellungen\Administrator\Cookies\CUML1EF1.txt [ /www.ads4adult.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\RJ571AXY.txt [ /unitymedia.de ]
C:\Dokumente und Einstellungen\Administrator\Cookies\3K8X0LXR.txt [ /clicksor.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\JK4LKU9Z.txt [ /ad.adc-serv.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\37VHFXOV.txt [ /histats.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\Y5KIMG2O.txt [ /webmasterplan.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\FJJ2B34Z.txt [ /track.adform.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\G4TZTUYT.txt [ /advertising.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\TN2GYU9H.txt [ /smartadserver.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\YO287UJT.txt [ /click.get-answers-fast.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\1LN93QIH.txt [ /server.adform.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\W22DZMKK.txt [ /track.right-ads.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\SIV3X15U.txt [ /adform.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\UQ6KSREI.txt [ /adform.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\5EC4YN2L.txt [ /imrworldwide.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\91TQW14U.txt [ /traffictrack.de ]
C:\Dokumente und Einstellungen\Administrator\Cookies\E2VX92HK.txt [ /ads.adoptimized.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\NGYVV3T6.txt [ /filter.vespymedia.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\CG7ZGKSN.txt [ /findfastnow.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\0AZ77MTE.txt [ /kontera.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\J8I4NDB8.txt [ /trafficengine.net ]
C:\Dokumente und Einstellungen\Administrator\Cookies\O6GS750W.txt [ /test.sem-tracking-analytics.com ]
C:\Dokumente und Einstellungen\Administrator\Cookies\7LX2FRJQ.txt [ /xml.trafficengine.net ]
.libri.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.sonyeurope.112.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.guj.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnmyggajeho.stats.esomniture.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
partners.webmasterplan.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.toplist.cz [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wjloqgcjghp.stats.esomniture.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.cheaptickets.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
www.counter.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.opodo.122.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T3G1O2ZT.DEFAULT\COOKIES.SQLITE ]
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.29.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: LENOVO-6E136213 [Administrator] 29.09.2012 19:38:20 mbam-log-2012-09-29 (19-38-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195290 Laufzeit: 28 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
01.10.2012, 12:10
| #59 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben Warum machst du nur Quickscan, ich hab doch extra mit roter Fettschrift Vollscans hervorgehoben 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 12:41
| #60 |
| | Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben zuviel rot ... Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: LENOVO-6E136213 [Administrator] 03.10.2012 09:08:41 mbam-log-2012-10-03 (09-08-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267207 Laufzeit: 3 Stunde(n), 31 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Fund: TR/ATRAPS.Gen2 BDS/ZAccess.T und .v über Avira nicht zu beheben |
| 800000cb.@, anti, anti-malware, autostart, avira, bds/zacces.v, bds/zaccess.t, bds/zaccess.v, dateien, ergebnis, explorer, folge, fund, gelöscht, löschen, malware, neu, problem, programme, quarantäne, rundll, rundll32.exe, service pack 3, speicher, svchost.exe, system, system neu, system32, test, tr/atraps.gen, tr/atraps.gen2, trojan.phex.thagen, trojan.phex.thagen3, wbemess.dll |
Linear-Darstellung
