| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2012, 13:24
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.09.2012, 18:11
| #17 |
 | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Hallo cosinus,
__________________hier das Log von Kaspersky (TDSS-Killer): Code:
ATTFilter 19:00:48.0546 0428 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:00:48.0671 0428 ============================================================
19:00:48.0671 0428 Current date / time: 2012/09/06 19:00:48.0671
19:00:48.0671 0428 SystemInfo:
19:00:48.0671 0428
19:00:48.0671 0428 OS Version: 5.1.2600 ServicePack: 3.0
19:00:48.0671 0428 Product type: Workstation
19:00:48.0671 0428 ComputerName: ESPRIMO
19:00:48.0671 0428 UserName: Administrator
19:00:48.0671 0428 Windows directory: C:\WINDOWS
19:00:48.0671 0428 System windows directory: C:\WINDOWS
19:00:48.0671 0428 Processor architecture: Intel x86
19:00:48.0671 0428 Number of processors: 4
19:00:48.0671 0428 Page size: 0x1000
19:00:48.0671 0428 Boot type: Normal boot
19:00:48.0671 0428 ============================================================
19:00:49.0843 0428 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:00:49.0843 0428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:00:49.0875 0428 ============================================================
19:00:49.0875 0428 \Device\Harddisk1\DR1:
19:00:49.0875 0428 MBR partitions:
19:00:49.0875 0428 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
19:00:49.0906 0428 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x10E713B5
19:00:49.0906 0428 \Device\Harddisk0\DR0:
19:00:49.0906 0428 MBR partitions:
19:00:49.0906 0428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74503CBF
19:00:49.0921 0428 ============================================================
19:00:49.0937 0428 D: <-> \Device\Harddisk1\DR1\Partition2
19:00:49.0968 0428 C: <-> \Device\Harddisk1\DR1\Partition1
19:00:50.0015 0428 K: <-> \Device\Harddisk0\DR0\Partition1
19:00:50.0031 0428 ============================================================
19:00:50.0031 0428 Initialize success
19:00:50.0031 0428 ============================================================
19:02:38.0921 1284 ============================================================
19:02:38.0921 1284 Scan started
19:02:38.0921 1284 Mode: Manual; SigCheck; TDLFS;
19:02:38.0921 1284 ============================================================
19:02:39.0671 1284 ================ Scan system memory ========================
19:02:39.0671 1284 System memory - ok
19:02:39.0671 1284 ================ Scan services =============================
19:02:39.0750 1284 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
19:02:40.0875 1284 61883 - ok
19:02:40.0968 1284 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
19:02:40.0968 1284 AAV UpdateService - ok
19:02:40.0984 1284 Abiosdsk - ok
19:02:40.0984 1284 abp480n5 - ok
19:02:41.0015 1284 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:02:41.0140 1284 ACPI - ok
19:02:41.0156 1284 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:02:41.0234 1284 ACPIEC - ok
19:02:41.0312 1284 [ 2841973308641ACC6236E583449B6357 ] AcrSch2Svc C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
19:02:41.0328 1284 AcrSch2Svc - ok
19:02:41.0468 1284 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:02:41.0734 1284 AdobeFlashPlayerUpdateSvc - ok
19:02:41.0734 1284 adpu160m - ok
19:02:41.0750 1284 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:02:41.0828 1284 aec - ok
19:02:41.0875 1284 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:02:41.0921 1284 AFD - ok
19:02:41.0921 1284 Aha154x - ok
19:02:41.0921 1284 aic78u2 - ok
19:02:41.0921 1284 aic78xx - ok
19:02:41.0953 1284 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:02:42.0046 1284 Alerter - ok
19:02:42.0062 1284 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:02:42.0093 1284 ALG - ok
19:02:42.0109 1284 AliIde - ok
19:02:42.0109 1284 amsint - ok
19:02:42.0171 1284 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:02:42.0187 1284 AntiVirSchedulerService - ok
19:02:42.0218 1284 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:02:42.0234 1284 AntiVirService - ok
19:02:42.0250 1284 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:02:42.0312 1284 AppMgmt - ok
19:02:42.0343 1284 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:02:42.0421 1284 Arp1394 - ok
19:02:42.0421 1284 asc - ok
19:02:42.0421 1284 asc3350p - ok
19:02:42.0421 1284 asc3550 - ok
19:02:42.0515 1284 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:02:42.0531 1284 aspnet_state - ok
19:02:42.0531 1284 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:02:42.0625 1284 AsyncMac - ok
19:02:42.0640 1284 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:02:42.0718 1284 atapi - ok
19:02:42.0781 1284 [ 1818E14EA07AAF6F5DC107F5EEE5F91F ] atchksrv C:\Programme\Intel\AMT\atchksrv.exe
19:02:42.0812 1284 atchksrv - ok
19:02:42.0812 1284 Atdisk - ok
19:02:42.0843 1284 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:02:42.0906 1284 Atmarpc - ok
19:02:42.0937 1284 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:02:43.0015 1284 AudioSrv - ok
19:02:43.0046 1284 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:02:43.0109 1284 audstub - ok
19:02:43.0140 1284 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
19:02:43.0234 1284 Avc - ok
19:02:43.0265 1284 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:02:43.0281 1284 avgntflt - ok
19:02:43.0328 1284 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:02:43.0328 1284 avipbb - ok
19:02:43.0359 1284 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:02:43.0375 1284 avkmgr - ok
19:02:43.0406 1284 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:02:43.0484 1284 Beep - ok
19:02:43.0515 1284 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
19:02:43.0531 1284 bgsvcgen - ok
19:02:43.0546 1284 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:02:43.0671 1284 BITS - ok
19:02:43.0703 1284 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
19:02:43.0734 1284 Browser - ok
19:02:43.0765 1284 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:02:43.0859 1284 cbidf2k - ok
19:02:43.0875 1284 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:02:43.0968 1284 CCDECODE - ok
19:02:43.0968 1284 cd20xrnt - ok
19:02:43.0984 1284 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:02:44.0062 1284 Cdaudio - ok
19:02:44.0093 1284 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:02:44.0171 1284 Cdfs - ok
19:02:44.0171 1284 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:02:44.0250 1284 Cdrom - ok
19:02:44.0265 1284 Changer - ok
19:02:44.0281 1284 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] cisvc C:\WINDOWS\system32\cisvc.exe
19:02:44.0359 1284 cisvc - ok
19:02:44.0375 1284 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:02:44.0453 1284 ClipSrv - ok
19:02:44.0484 1284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:44.0500 1284 clr_optimization_v2.0.50727_32 - ok
19:02:44.0500 1284 CmdIde - ok
19:02:44.0515 1284 COMSysApp - ok
19:02:44.0515 1284 Cpqarray - ok
19:02:44.0546 1284 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:02:44.0625 1284 CryptSvc - ok
19:02:44.0625 1284 dac2w2k - ok
19:02:44.0625 1284 dac960nt - ok
19:02:44.0671 1284 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:02:44.0703 1284 DcomLaunch - ok
19:02:44.0750 1284 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:02:44.0828 1284 Dhcp - ok
19:02:44.0859 1284 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:02:44.0921 1284 Disk - ok
19:02:44.0937 1284 dmadmin - ok
19:02:44.0968 1284 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:02:45.0078 1284 dmboot - ok
19:02:45.0093 1284 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:02:45.0171 1284 dmio - ok
19:02:45.0203 1284 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:02:45.0281 1284 dmload - ok
19:02:45.0328 1284 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:02:45.0406 1284 dmserver - ok
19:02:45.0406 1284 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:02:45.0484 1284 DMusic - ok
19:02:45.0515 1284 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:02:45.0593 1284 Dnscache - ok
19:02:45.0609 1284 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:02:45.0703 1284 Dot3svc - ok
19:02:45.0703 1284 dpti2o - ok
19:02:45.0734 1284 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:02:45.0812 1284 drmkaud - ok
19:02:45.0843 1284 [ 0CEDF29CFA2E1209456D98C2EE4AE6F5 ] DTSRVC C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
19:02:45.0843 1284 DTSRVC - ok
19:02:45.0890 1284 [ DA1D21BB7D9B06C64275564F8E86C94E ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:02:45.0890 1284 e1express - ok
19:02:45.0921 1284 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:02:46.0015 1284 EapHost - ok
19:02:46.0046 1284 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:02:46.0125 1284 ERSvc - ok
19:02:46.0156 1284 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:02:46.0171 1284 Eventlog - ok
19:02:46.0203 1284 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:02:46.0234 1284 EventSystem - ok
19:02:46.0265 1284 Fabs - ok
19:02:46.0281 1284 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:02:46.0359 1284 Fastfat - ok
19:02:46.0390 1284 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:02:46.0437 1284 FastUserSwitchingCompatibility - ok
19:02:46.0453 1284 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:02:46.0531 1284 Fdc - ok
19:02:46.0546 1284 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:02:46.0625 1284 Fips - ok
19:02:46.0718 1284 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
19:02:46.0859 1284 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:02:46.0859 1284 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:02:46.0875 1284 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:02:46.0937 1284 Flpydisk - ok
19:02:46.0968 1284 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:02:47.0031 1284 FltMgr - ok
19:02:47.0062 1284 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:02:47.0078 1284 FontCache3.0.0.0 - ok
19:02:47.0093 1284 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:02:47.0171 1284 Fs_Rec - ok
19:02:47.0187 1284 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:02:47.0265 1284 Ftdisk - ok
19:02:47.0296 1284 [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\WINDOWS\system32\DRIVERS\GigasetGenericUSB.sys
19:02:47.0343 1284 GigasetGenericUSB - ok
19:02:47.0375 1284 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:02:47.0453 1284 Gpc - ok
19:02:47.0484 1284 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:02:47.0546 1284 HDAudBus - ok
19:02:47.0593 1284 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
19:02:47.0625 1284 HECI - ok
19:02:47.0671 1284 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:02:47.0750 1284 helpsvc - ok
19:02:47.0765 1284 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
19:02:47.0859 1284 HidServ - ok
19:02:47.0906 1284 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:02:47.0968 1284 hidusb - ok
19:02:48.0000 1284 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:02:48.0078 1284 hkmsvc - ok
19:02:48.0078 1284 hpn - ok
19:02:48.0109 1284 [ 128EF741B2293C36810561092B566B1C ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:02:48.0140 1284 HSFHWBS2 - ok
19:02:48.0171 1284 [ 9A0D0C461EF2B3D80CB7875B4B995E47 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:02:48.0250 1284 HSF_DP - ok
19:02:48.0281 1284 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:02:48.0328 1284 HTTP - ok
19:02:48.0343 1284 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:02:48.0421 1284 HTTPFilter - ok
19:02:48.0421 1284 i2omgmt - ok
19:02:48.0437 1284 i2omp - ok
19:02:48.0437 1284 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:02:48.0515 1284 i8042prt - ok
19:02:48.0546 1284 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
19:02:48.0562 1284 iaStor - ok
19:02:48.0609 1284 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:02:48.0656 1284 idsvc - ok
19:02:48.0687 1284 [ 667CFDB801DF771F47B7C39373C2D850 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
19:02:48.0718 1284 IFXTPM - ok
19:02:48.0718 1284 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:02:48.0812 1284 Imapi - ok
19:02:48.0859 1284 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:02:48.0937 1284 ImapiService - ok
19:02:48.0937 1284 ini910u - ok
19:02:49.0062 1284 [ E3FEC5A562D1C5E1E1177D20A4E5BEBA ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:02:49.0203 1284 IntcAzAudAddService - ok
19:02:49.0218 1284 IntelIde - ok
19:02:49.0250 1284 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:02:49.0328 1284 intelppm - ok
19:02:49.0343 1284 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:02:49.0421 1284 Ip6Fw - ok
19:02:49.0453 1284 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:02:49.0531 1284 IpFilterDriver - ok
19:02:49.0546 1284 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:02:49.0625 1284 IpInIp - ok
19:02:49.0656 1284 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:02:49.0734 1284 IpNat - ok
19:02:49.0750 1284 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:02:49.0828 1284 IPSec - ok
19:02:49.0859 1284 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:02:49.0890 1284 IRENUM - ok
19:02:49.0906 1284 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:02:49.0984 1284 isapnp - ok
19:02:50.0046 1284 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:02:50.0062 1284 JavaQuickStarterService - ok
19:02:50.0093 1284 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:02:50.0156 1284 Kbdclass - ok
19:02:50.0171 1284 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:02:50.0250 1284 kbdhid - ok
19:02:50.0265 1284 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:02:50.0343 1284 kmixer - ok
19:02:50.0375 1284 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:02:50.0421 1284 KSecDD - ok
19:02:50.0453 1284 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:02:50.0500 1284 lanmanserver - ok
19:02:50.0531 1284 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:02:50.0578 1284 lanmanworkstation - ok
19:02:50.0578 1284 lbrtfdc - ok
19:02:50.0609 1284 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:02:50.0687 1284 LmHosts - ok
19:02:50.0687 1284 [ AE299DB6FCC6358CF6AD681054E3BA59 ] LMS C:\Programme\Intel\AMT\LMS.exe
19:02:50.0703 1284 LMS - ok
19:02:50.0734 1284 [ 7A1A532F14FDE28489DC349C6E404A67 ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
19:02:50.0828 1284 LPDSVC - ok
19:02:50.0859 1284 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:02:50.0859 1284 MBAMProtector - ok
19:02:50.0890 1284 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:02:50.0906 1284 MBAMService - ok
19:02:50.0953 1284 [ 5110EDD87E2508F02B922E83A2487DFC ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:02:50.0953 1284 mdmxsdk - ok
19:02:50.0984 1284 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:02:51.0078 1284 Messenger - ok
19:02:51.0109 1284 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:02:51.0187 1284 mnmdd - ok
19:02:51.0218 1284 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:02:51.0281 1284 mnmsrvc - ok
19:02:51.0312 1284 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:02:51.0390 1284 Modem - ok
19:02:51.0390 1284 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:02:51.0453 1284 Mouclass - ok
19:02:51.0484 1284 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:02:51.0562 1284 mouhid - ok
19:02:51.0593 1284 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:02:51.0671 1284 MountMgr - ok
19:02:51.0718 1284 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
19:02:51.0750 1284 MQAC - ok
19:02:51.0750 1284 mraid35x - ok
19:02:51.0781 1284 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:02:51.0875 1284 MRxDAV - ok
19:02:51.0921 1284 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:02:51.0953 1284 MRxSmb - ok
19:02:52.0000 1284 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:02:52.0078 1284 MSDTC - ok
19:02:52.0093 1284 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
19:02:52.0187 1284 MSDV - ok
19:02:52.0203 1284 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:02:52.0265 1284 Msfs - ok
19:02:52.0265 1284 MSIServer - ok
19:02:52.0281 1284 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:02:52.0375 1284 MSKSSRV - ok
19:02:52.0406 1284 [ 0DCA65CF0B5E016192DFC8D184544FB6 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
19:02:52.0437 1284 MSMQ - ok
19:02:52.0453 1284 [ 7E68E3D511CF98CCD613DE1253DA4247 ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
19:02:52.0500 1284 MSMQTriggers - ok
19:02:52.0515 1284 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:02:52.0578 1284 MSPCLOCK - ok
19:02:52.0593 1284 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:02:52.0671 1284 MSPQM - ok
19:02:52.0687 1284 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:02:52.0765 1284 mssmbios - ok
19:02:52.0796 1284 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:02:52.0875 1284 MSTEE - ok
19:02:52.0906 1284 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:02:52.0937 1284 Mup - ok
19:02:52.0968 1284 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:02:53.0062 1284 NABTSFEC - ok
19:02:53.0093 1284 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:02:53.0187 1284 napagent - ok
19:02:53.0234 1284 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:02:53.0312 1284 NDIS - ok
19:02:53.0328 1284 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:02:53.0421 1284 NdisIP - ok
19:02:53.0453 1284 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:02:53.0500 1284 NdisTapi - ok
19:02:53.0515 1284 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:02:53.0593 1284 Ndisuio - ok
19:02:53.0625 1284 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:02:53.0703 1284 NdisWan - ok
19:02:53.0734 1284 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:02:53.0781 1284 NDProxy - ok
19:02:53.0875 1284 [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
19:02:53.0906 1284 Nero BackItUp Scheduler 3 - ok
19:02:53.0953 1284 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:02:54.0031 1284 NetBIOS - ok
19:02:54.0046 1284 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:02:54.0109 1284 NetBT - ok
19:02:54.0140 1284 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:02:54.0234 1284 NetDDE - ok
19:02:54.0234 1284 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:02:54.0312 1284 NetDDEdsdm - ok
19:02:54.0328 1284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:02:54.0406 1284 Netlogon - ok
19:02:54.0437 1284 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:02:54.0515 1284 Netman - ok
19:02:54.0546 1284 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:02:54.0562 1284 NetTcpPortSharing - ok
19:02:54.0593 1284 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:02:54.0671 1284 NIC1394 - ok
19:02:54.0703 1284 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:02:54.0718 1284 Nla - ok
19:02:54.0796 1284 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
19:02:54.0812 1284 NMIndexingService - ok
19:02:54.0843 1284 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:02:54.0906 1284 Npfs - ok
19:02:54.0921 1284 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:02:55.0031 1284 Ntfs - ok
19:02:55.0046 1284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:02:55.0125 1284 NtLmSsp - ok
19:02:55.0156 1284 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:02:55.0281 1284 NtmsSvc - ok
19:02:55.0281 1284 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:02:55.0343 1284 Null - ok
19:02:55.0500 1284 [ 23B95A09677E62EC8D1641ECF39B9BFB ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:02:55.0734 1284 nv - ok
19:02:55.0765 1284 [ C501206816F35D20422B4C3F88D62860 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:02:55.0781 1284 NVSvc - ok
19:02:55.0812 1284 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:02:55.0890 1284 NwlnkFlt - ok
19:02:55.0921 1284 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:02:55.0984 1284 NwlnkFwd - ok
19:02:56.0015 1284 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:02:56.0093 1284 ohci1394 - ok
19:02:56.0093 1284 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:02:56.0171 1284 Parport - ok
19:02:56.0203 1284 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:02:56.0265 1284 PartMgr - ok
19:02:56.0296 1284 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:02:56.0375 1284 ParVdm - ok
19:02:56.0390 1284 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:02:56.0468 1284 PCI - ok
19:02:56.0468 1284 PCIDump - ok
19:02:56.0500 1284 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:02:56.0562 1284 PCIIde - ok
19:02:56.0593 1284 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:02:56.0671 1284 Pcmcia - ok
19:02:56.0671 1284 PDCOMP - ok
19:02:56.0671 1284 PDFRAME - ok
19:02:56.0703 1284 [ 089CA80CE0766B031164714B51DF99BB ] PdiPorts C:\WINDOWS\system32\Drivers\PdiPorts.sys
19:02:56.0718 1284 PdiPorts - ok
19:02:56.0734 1284 [ 0A098DF98EC8FACAA30BD7DB4C7AEA06 ] PdiService C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
19:02:56.0750 1284 PdiService - ok
19:02:56.0750 1284 PDRELI - ok
19:02:56.0750 1284 PDRFRAME - ok
19:02:56.0750 1284 perc2 - ok
19:02:56.0750 1284 perc2hib - ok
19:02:56.0812 1284 [ EC4F52692B5CF116CA6B0428D84A9ABA ] Pivot C:\WINDOWS\system32\drivers\pivot.sys
19:02:56.0828 1284 Pivot ( UnsignedFile.Multi.Generic ) - warning
19:02:56.0828 1284 Pivot - detected UnsignedFile.Multi.Generic (1)
19:02:56.0859 1284 [ 7D72AC1ABDA06FF42FD57345D0D75523 ] pivotmou C:\WINDOWS\System32\drivers\pivotmou.sys
19:02:56.0875 1284 pivotmou ( UnsignedFile.Multi.Generic ) - warning
19:02:56.0875 1284 pivotmou - detected UnsignedFile.Multi.Generic (1)
19:02:56.0906 1284 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
19:02:56.0906 1284 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
19:02:56.0906 1284 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
19:02:56.0921 1284 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:02:56.0937 1284 PlugPlay - ok
19:02:56.0937 1284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:02:57.0000 1284 PolicyAgent - ok
19:02:57.0046 1284 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:02:57.0125 1284 PptpMiniport - ok
19:02:57.0125 1284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:02:57.0203 1284 ProtectedStorage - ok
19:02:57.0203 1284 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:02:57.0281 1284 PSched - ok
19:02:57.0296 1284 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:02:57.0375 1284 Ptilink - ok
19:02:57.0375 1284 ql1080 - ok
19:02:57.0375 1284 Ql10wnt - ok
19:02:57.0390 1284 ql12160 - ok
19:02:57.0390 1284 ql1240 - ok
19:02:57.0390 1284 ql1280 - ok
19:02:57.0406 1284 [ 0087F01D35A65B32393CC8BBA46EE4A6 ] QV2KUX C:\WINDOWS\system32\DRIVERS\qv2kux.sys
19:02:57.0484 1284 QV2KUX - ok
19:02:57.0515 1284 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:02:57.0593 1284 RasAcd - ok
19:02:57.0625 1284 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:02:57.0687 1284 RasAuto - ok
19:02:57.0703 1284 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:02:57.0781 1284 Rasl2tp - ok
19:02:57.0812 1284 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:02:57.0890 1284 RasMan - ok
19:02:57.0890 1284 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:02:57.0968 1284 RasPppoe - ok
19:02:57.0968 1284 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:02:58.0031 1284 Raspti - ok
19:02:58.0046 1284 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:02:58.0125 1284 Rdbss - ok
19:02:58.0140 1284 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:02:58.0218 1284 RDPCDD - ok
19:02:58.0234 1284 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:02:58.0312 1284 rdpdr - ok
19:02:58.0343 1284 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:02:58.0375 1284 RDPWD - ok
19:02:58.0390 1284 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:02:58.0484 1284 RDSessMgr - ok
19:02:58.0500 1284 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:02:58.0562 1284 redbook - ok
19:02:58.0593 1284 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:02:58.0687 1284 RemoteAccess - ok
19:02:58.0718 1284 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:02:58.0796 1284 RemoteRegistry - ok
19:02:58.0828 1284 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
19:02:58.0859 1284 RMCAST - ok
19:02:58.0875 1284 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:02:58.0968 1284 RpcLocator - ok
19:02:58.0984 1284 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:02:59.0015 1284 RpcSs - ok
19:02:59.0046 1284 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:02:59.0140 1284 RSVP - ok
19:02:59.0140 1284 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:02:59.0218 1284 SamSs - ok
19:02:59.0234 1284 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:02:59.0328 1284 SCardSvr - ok
19:02:59.0359 1284 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:02:59.0437 1284 Schedule - ok
19:02:59.0453 1284 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:02:59.0484 1284 Secdrv - ok
19:02:59.0515 1284 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:02:59.0593 1284 seclogon - ok
19:02:59.0593 1284 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:02:59.0671 1284 SENS - ok
19:02:59.0687 1284 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:02:59.0765 1284 serenum - ok
19:02:59.0765 1284 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:02:59.0843 1284 Serial - ok
19:02:59.0875 1284 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:02:59.0937 1284 Sfloppy - ok
19:02:59.0953 1284 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:02:59.0968 1284 ShellHWDetection - ok
19:02:59.0968 1284 Simbad - ok
19:03:00.0000 1284 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:03:00.0078 1284 SLIP - ok
19:03:00.0125 1284 [ DECA2315713EDE05E47E4A4122EEC3E0 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
19:03:00.0140 1284 snapman - ok
19:03:00.0140 1284 Sparrow - ok
19:03:00.0156 1284 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:03:00.0218 1284 splitter - ok
19:03:00.0250 1284 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:03:00.0296 1284 Spooler - ok
19:03:00.0296 1284 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:03:00.0343 1284 sr - ok
19:03:00.0390 1284 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:03:00.0421 1284 srservice - ok
19:03:00.0453 1284 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:03:00.0515 1284 Srv - ok
19:03:00.0531 1284 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:03:00.0578 1284 SSDPSRV - ok
19:03:00.0625 1284 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:03:00.0625 1284 ssmdrv - ok
19:03:00.0640 1284 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:03:00.0718 1284 stisvc - ok
19:03:00.0750 1284 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:03:00.0843 1284 streamip - ok
19:03:00.0875 1284 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:03:00.0937 1284 swenum - ok
19:03:00.0953 1284 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:03:01.0015 1284 swmidi - ok
19:03:01.0031 1284 SwPrv - ok
19:03:01.0031 1284 symc810 - ok
19:03:01.0031 1284 symc8xx - ok
19:03:01.0031 1284 sym_hi - ok
19:03:01.0031 1284 sym_u3 - ok
19:03:01.0078 1284 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:03:01.0156 1284 sysaudio - ok
19:03:01.0171 1284 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:03:01.0265 1284 SysmonLog - ok
19:03:01.0281 1284 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:03:01.0359 1284 TapiSrv - ok
19:03:01.0390 1284 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:03:01.0437 1284 Tcpip - ok
19:03:01.0468 1284 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:03:01.0562 1284 TDPIPE - ok
19:03:01.0609 1284 [ 3630F5B8181554DEECFE2E4252BC4C4C ] tdrpman251 C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
19:03:01.0640 1284 tdrpman251 - ok
19:03:01.0656 1284 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:03:01.0734 1284 TDTCP - ok
19:03:01.0734 1284 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:03:01.0812 1284 TermDD - ok
19:03:01.0859 1284 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:03:01.0953 1284 TermService - ok
19:03:02.0000 1284 [ 8691929929F2EE71F0AD82B760C2A05E ] TestHandler C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe
19:03:02.0015 1284 TestHandler - ok
19:03:02.0046 1284 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:03:02.0046 1284 Themes - ok
19:03:02.0093 1284 [ 6DCB8DDB481CD3C40FA68593723B4D89 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:03:02.0093 1284 tifsfilter - ok
19:03:02.0140 1284 [ C820BFC70FEB25EC877C49E81CD477C1 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
19:03:02.0171 1284 timounter - ok
19:03:02.0203 1284 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:03:02.0250 1284 TlntSvr - ok
19:03:02.0250 1284 TosIde - ok
19:03:02.0281 1284 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:03:02.0359 1284 TrkWks - ok
19:03:02.0375 1284 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:03:02.0468 1284 Udfs - ok
19:03:02.0468 1284 ultra - ok
19:03:02.0546 1284 [ 57A8B36053910BC9608C2F789C6B6AB5 ] UNS C:\Programme\Intel\AMT\UNS.exe
19:03:02.0656 1284 UNS - ok
19:03:02.0703 1284 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:03:02.0781 1284 Update - ok
19:03:02.0812 1284 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:03:02.0859 1284 upnphost - ok
19:03:02.0875 1284 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:03:02.0968 1284 UPS - ok
19:03:03.0000 1284 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:03:03.0078 1284 usbaudio - ok
19:03:03.0125 1284 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:03:03.0187 1284 usbccgp - ok
19:03:03.0203 1284 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:03:03.0265 1284 usbehci - ok
19:03:03.0281 1284 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:03:03.0359 1284 usbhub - ok
19:03:03.0390 1284 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:03:03.0484 1284 usbprint - ok
19:03:03.0500 1284 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:03:03.0578 1284 usbscan - ok
19:03:03.0625 1284 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:03:03.0687 1284 usbstor - ok
19:03:03.0703 1284 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:03:03.0765 1284 usbuhci - ok
19:03:03.0796 1284 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:03:03.0875 1284 VgaSave - ok
19:03:03.0875 1284 ViaIde - ok
19:03:03.0921 1284 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:03:04.0000 1284 VolSnap - ok
19:03:04.0031 1284 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:03:04.0093 1284 VSS - ok
19:03:04.0109 1284 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:03:04.0171 1284 W32Time - ok
19:03:04.0187 1284 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:03:04.0265 1284 Wanarp - ok
19:03:04.0265 1284 WDICA - ok
19:03:04.0281 1284 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:03:04.0359 1284 wdmaud - ok
19:03:04.0390 1284 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:03:04.0453 1284 WebClient - ok
19:03:04.0468 1284 [ CE545A84BF3411E7516FA8DA51AD9D93 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:03:04.0500 1284 winachsf - ok
19:03:04.0562 1284 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:03:04.0656 1284 winmgmt - ok
19:03:04.0687 1284 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:03:04.0750 1284 WmdmPmSN - ok
19:03:04.0781 1284 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:03:04.0828 1284 Wmi - ok
19:03:04.0875 1284 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:03:04.0953 1284 WmiApSrv - ok
19:03:05.0031 1284 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
19:03:05.0062 1284 WMPNetworkSvc - ok
19:03:05.0109 1284 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:03:05.0171 1284 WSTCODEC - ok
19:03:05.0203 1284 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:03:05.0281 1284 wuauserv - ok
19:03:05.0328 1284 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:03:05.0343 1284 WudfPf - ok
19:03:05.0359 1284 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:03:05.0359 1284 WudfRd - ok
19:03:05.0390 1284 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:03:05.0406 1284 WudfSvc - ok
19:03:05.0453 1284 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:03:05.0546 1284 WZCSVC - ok
19:03:05.0578 1284 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:03:05.0656 1284 xmlprov - ok
19:03:05.0656 1284 ================ Scan global ===============================
19:03:05.0687 1284 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:03:05.0718 1284 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:03:05.0734 1284 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
19:03:05.0750 1284 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:03:05.0765 1284 [Global] - ok
19:03:05.0765 1284 ================ Scan MBR ==================================
19:03:05.0781 1284 [ EBA341AD91BD67E83FD5FC3592A6E89B ] \Device\Harddisk1\DR1
19:03:06.0125 1284 \Device\Harddisk1\DR1 - ok
19:03:06.0140 1284 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:03:06.0187 1284 \Device\Harddisk0\DR0 - ok
19:03:06.0187 1284 ================ Scan VBR ==================================
19:03:06.0187 1284 [ 7CAFF2822949E0D023D63744DCB4B703 ] \Device\Harddisk1\DR1\Partition1
19:03:06.0203 1284 \Device\Harddisk1\DR1\Partition1 - ok
19:03:06.0234 1284 [ E08C4AFE85CDC8B75479DB99B040F9CA ] \Device\Harddisk1\DR1\Partition2
19:03:06.0234 1284 \Device\Harddisk1\DR1\Partition2 - ok
19:03:06.0234 1284 [ 934795FE71F54E5A28BBBE9DC6134092 ] \Device\Harddisk0\DR0\Partition1
19:03:06.0234 1284 \Device\Harddisk0\DR0\Partition1 - ok
19:03:06.0234 1284 ============================================================
19:03:06.0234 1284 Scan finished
19:03:06.0234 1284 ============================================================
19:03:06.0343 2404 Detected object count: 4
19:03:06.0343 2404 Actual detected object count: 4
19:05:24.0703 2404 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0703 2404 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0703 2404 Pivot ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0703 2404 Pivot ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0703 2404 pivotmou ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0703 2404 pivotmou ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:05:24.0718 2404 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:05:24.0718 2404 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.09.2012, 21:01
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
07.09.2012, 04:52
| #19 |
| | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Hallo Cosinus, danke für Deine Antwort. Fahre jetzt in Kurzurlaub. Melde mich, sobald ich wieder zu Hause bin. Viele Grüße SFischer |
|
12.09.2012, 09:21
| #20 |
| | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Hallo cosinus, hier die Combofix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 12-09-11.02 - Administrator 12.09.2012 9:55.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2308 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\windows\Installer\$PatchCache$\Managed\3706342866B54DD48A51342744051302\15.1.0\distributor.ini2
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-12 bis 2012-09-12 ))))))))))))))))))))))))))))))
.
.
2012-08-31 18:28 . 2012-08-31 18:28 -------- d-----w- C:\_OTL
2012-08-17 04:22 . 2012-08-17 04:22 -------- d-----w- c:\programme\ESET
2012-08-16 18:48 . 2012-08-16 18:48 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2012-08-16 18:48 . 2012-08-16 18:48 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-08-16 18:48 . 2012-08-16 18:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-16 18:48 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2012-08-01 19:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-04-24 04:57 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 16:39 . 2012-08-01 19:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-16 19:38 . 2012-06-23 07:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 19:38 . 2012-06-23 07:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 13:59 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-04-27 13:54 139784 ----a-r- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:25 . 2006-02-28 12:00 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
1999-03-11 17:22 . 1999-03-11 17:22 99840 -c--a-w- c:\programme\Gemeinsame Dateien\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 -c--a-w- c:\programme\Gemeinsame Dateien\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 -c--a-w- c:\programme\Gemeinsame Dateien\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 -c--a-w- c:\programme\Gemeinsame Dateien\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 -c--a-w- c:\programme\Gemeinsame Dateien\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 -c--a-w- c:\programme\Gemeinsame Dateien\IRASRIAL.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"nwiz"="nwiz.exe" [2009-03-27 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-20 16858112]
"atchk"="c:\programme\Intel\AMT\atchk.exe" [2007-07-06 408088]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-06 4389592]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-11-06 962688]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2009-11-06 377712]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"DeskUpdateNotifier"="c:\programme\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe" [2011-11-10 100120]
"TrayServer"="c:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"PivotSoftware"="c:\programme\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Password Safe.lnk - c:\programme\Password Safe\pwsafe.exe [2011-3-17 3545600]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-15 67128]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-23 172544]
Symantec Fax Starter Edition-Anschluss.lnk - c:\programme\Microsoft Office\Office\1031\OLFSNT40.EXE [1999-3-11 46080]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ auto_reactivate c:\bootwiz\asrm.bin\0autocheck autochk *
.
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [22.08.2010 14:08 902432]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [16.10.2011 09:56 36000]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 17:35 128296]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.10.2011 09:56 86224]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 18:09 1253376]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [16.08.2012 20:48 655944]
R2 PdiService;Portrait Displays SDK Service;c:\programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe [09.10.2011 16:20 109168]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programme\Intel\AMT\UNS.exe [27.04.2009 16:42 2521624]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [04.04.2007 18:16 41216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.08.2012 20:48 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23.06.2012 09:34 250056]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 12:10 3276800]
S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [14.03.2010 14:01 44032]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 19:38]
.
2012-09-04 c:\windows\Tasks\DeskUpdate.job
- c:\programme\Fujitsu\DeskUpdate\ducmd.exe [2010-08-23 12:34]
.
2012-09-11 c:\windows\Tasks\User_Feed_Synchronization-{95F0716E-F69E-4AE7-83D0-08F827F5C9FD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.boersensignale.de/boersenprognoseaktuell.html
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-09-12 09:59
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1677128483-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a9,17,b5,da,4c,fe,45,80,85,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1d,a9,17,b5,da,4c,fe,45,80,85,2f,\
.
[HKEY_USERS\S-1-5-21-1960408961-1677128483-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c6,95,85,18,c3,69,23,5f,d7,4d,aa,a5,d7,c1,90,39,65,56,61,7a,76,76,3a,
e1,33,17,6c,ed,72,83,98,19,d7,6a,d8,cc,3c,08,9e,6c,4b,bd,65,2a,19,2f,92,02,\
"??"=hex:59,0e,32,af,6b,cd,57,59,62,49,ff,4e,f8,65,4e,b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1760)
c:\windows\system32\CLBCATQ.DLL
.
Zeit der Fertigstellung: 2012-09-12 10:00:52
ComboFix-quarantined-files.txt 2012-09-12 08:00
.
Vor Suchlauf: 13 Verzeichnis(se), 62.746.673.152 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 62.983.004.160 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2165FE927F259116724B1CCD012A2A48
|
|
12.09.2012, 14:09
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. |
|
12.09.2012, 17:19
| #22 |
| | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Hallo cosinus, vielen Dank für die schnelle Antwort! Zuerst das Log von GMER: [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-12 18:15:49
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f ST3250310AS rev.4.AAA
Running: k9kc2xss.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgrdapob.sys
---- System - GMER 1.0.15 ----
SSDT BA7F123E ZwCreateKey
SSDT BA7F1234 ZwCreateThread
SSDT BA7F1243 ZwDeleteKey
SSDT BA7F124D ZwDeleteValueKey
SSDT BA7F1252 ZwLoadKey
SSDT BA7F1220 ZwOpenProcess
SSDT BA7F1225 ZwOpenThread
SSDT BA7F125C ZwReplaceKey
SSDT BA7F1257 ZwRestoreKey
SSDT BA7F1248 ZwSetValueKey
Code \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys pIofCallDriver
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB849C380, 0x34C81F, 0xE8000020]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Hallo cosinus, hier noch die Logs von OSAM und aswMBR: Code:
ATTFilter OSAM Logfile: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-12 20:03:13
-----------------------------
20:03:13.625 OS Version: Windows 5.1.2600 Service Pack 3
20:03:13.625 Number of processors: 4 586 0xF0B
20:03:13.625 ComputerName: ESPRIMO UserName:
20:03:14.093 Initialize success
20:14:45.343 AVAST engine defs: 12091200
20:26:00.875 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-14
20:26:00.875 Disk 0 Vendor: SAMSUNG_HD103UI 1AA01113 Size: 953869MB BusType: 3
20:26:00.875 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f
20:26:00.875 Disk 1 Vendor: ST3250310AS 4.AAA Size: 238475MB BusType: 3
20:26:00.890 Disk 1 MBR read successfully
20:26:00.890 Disk 1 MBR scan
20:26:00.921 Disk 1 unknown MBR code
20:26:00.921 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
20:26:00.921 Disk 1 Partition - 00 0F Extended LBA 138466 MB offset 204796620
20:26:00.937 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 204796683
20:26:00.953 Disk 1 scanning sectors +488376000
20:26:01.015 Disk 1 scanning C:\WINDOWS\system32\drivers
20:26:09.046 Service scanning
20:26:21.640 Modules scanning
20:26:26.062 Disk 1 trace - called modules:
20:26:26.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:26:26.078 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b008ab8]
20:26:26.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000072[0x8b019f18]
20:26:26.078 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1f[0x8b00a940]
20:26:26.703 AVAST engine scan C:\WINDOWS
20:26:40.703 AVAST engine scan C:\WINDOWS\system32
20:28:31.609 AVAST engine scan C:\WINDOWS\system32\drivers
20:28:44.687 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
20:31:06.546 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:36:45.812 Scan finished successfully
20:54:04.015 Disk 1 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
20:54:04.015 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
|
|
12.09.2012, 20:23
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.Gen, TR/ATRAPS.Gen2, BDS/ZAccess.V u. a. |
| antivirus, avira, bds/zaccess.v, bho, converter, error, failed, firefox, flash player, homepage, iexplore.exe, logfile, mp3, object, plug-in, realtek, registry, remote control, rundll, scan, security, software, sparbuch, speicherplatz, symantec, system, tr/atraps.gen, tr/atraps.gen2, tr/kazy.83884.1, tr/sirefef.a., tr/sirefef.a.36, viren, warnung, windows internet, windows-firewall |
Linear-Darstellung
