| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.09.2012, 11:33
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11019
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\14001.016 [2012.08.21 18:57:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.06 20:42:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11019
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\14001.016 [2012.08.21 18:57:59 | 000,000,000 | ---D | M]
O4 - HKU\S-1-5-21-1220945662-1647877149-725345543-1004..\Run: [mxxhfszcgvnupip] C:\WINDOWS\mxxhfszc.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\DSL-Manager.lnk = File not found
O4 - Startup: C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1220945662-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1220945662-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1220945662-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.06 19:03:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001.02.18 11:40:00 | 001,003,896 | R--- | M] () - E:\Autorun.dat -- [ UDF ]
O32 - AutoRun File - [2001.02.18 11:40:00 | 000,192,512 | R--- | M] (Interplay Entertainment Corp.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2001.02.18 11:40:00 | 000,000,154 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
:Files
C:\WINDOWS\SYSTEM32\14001.*
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zkhbxtlwgouvcqm
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wovssktbebngrbw
C:\WINDOWS\System32\yhusp7mv.default.dat
C:\WINDOWS\system32\kock
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Axu
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache
C:\Dokumente und Einstellungen\Marc\Eigene Dateien\Setup_FreeFlvConverter.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.09.2012, 09:17
| #17 |
 | Bundespolizei Trojaner Ich glaube OTL hängt sich und XP immer auf.
__________________Nachdem ich auf Fix geklickt habe verschwindet alles vom Desktop und die Taskleiste. OTL bleibt geöffnet bleibt aber bei "Killing Processes DO NOT interrupt..." stehen. Hab da mal gute 8 minuten gewartet tut sich nichts. |
|
23.09.2012, 16:59
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________
__________________ |
|
23.09.2012, 18:21
| #19 |
| | Bundespolizei TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found.
File C:\WINDOWS\system32\11019 not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found.
C:\WINDOWS\system32\14001.016\components folder moved successfully.
C:\WINDOWS\system32\14001.016 folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components deleted successfully.
C:\Programme\Mozilla Firefox\components folder moved successfully.
Registry key HKEY_CURRENT_USER\software\mozilla\Firefox\extensions not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found.
File C:\WINDOWS\system32\11019 not found.
Registry key HKEY_CURRENT_USER\software\mozilla\Firefox\extensions not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found.
File C:\WINDOWS\system32\14001.016 not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1647877149-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run not found.
C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\DSL-Manager.lnk moved successfully.
C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart\DSL-Manager.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1220945662-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_USERS\S-1-5-21-1220945662-1647877149-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File E:\Autorun.dat not found.
File E:\Autorun.exe not found.
File E:\Autorun.inf not found.
========== FILES ==========
File\Folder C:\WINDOWS\SYSTEM32\14001.* not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zkhbxtlwgouvcqm folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\wovssktbebngrbw moved successfully.
C:\WINDOWS\System32\yhusp7mv.default.dat moved successfully.
C:\WINDOWS\system32\kock folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Axu folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23\41ddb8d7-434149b2-n folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19\70195553-5b19e95d-n folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
C:\Dokumente und Einstellungen\Marc\Eigene Dateien\Setup_FreeFlvConverter.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 14330238 bytes
->Temporary Internet Files folder emptied: 50891714 bytes
->FireFox cache emptied: 18667411 bytes
->Flash cache emptied: 690 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Marc
->Temp folder emptied: 303688909 bytes
->Temporary Internet Files folder emptied: 22792629 bytes
->FireFox cache emptied: 613203251 bytes
->Flash cache emptied: 36452716 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64172 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2129337 bytes
%systemroot%\System32 .tmp files removed: 264 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4620968 bytes
RecycleBin emptied: 81684 bytes
Total Files Cleaned = 1.018,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.66.0 log created on 09232012_185903
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
23.09.2012, 19:22
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 11:34
| #21 |
| | Bundespolizei TrojanerCode:
ATTFilter 12:30:04.0312 1328 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:30:04.0375 1328 ============================================================
12:30:04.0375 1328 Current date / time: 2012/09/24 12:30:04.0375
12:30:04.0375 1328 SystemInfo:
12:30:04.0375 1328
12:30:04.0375 1328 OS Version: 5.1.2600 ServicePack: 3.0
12:30:04.0375 1328 Product type: Workstation
12:30:04.0375 1328 ComputerName: MARC-OBEN
12:30:04.0375 1328 UserName: Marc
12:30:04.0375 1328 Windows directory: C:\WINDOWS
12:30:04.0375 1328 System windows directory: C:\WINDOWS
12:30:04.0375 1328 Processor architecture: Intel x86
12:30:04.0375 1328 Number of processors: 2
12:30:04.0375 1328 Page size: 0x1000
12:30:04.0375 1328 Boot type: Normal boot
12:30:04.0375 1328 ============================================================
12:30:05.0968 1328 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:30:05.0968 1328 ============================================================
12:30:05.0968 1328 \Device\Harddisk0\DR0:
12:30:05.0968 1328 MBR partitions:
12:30:05.0968 1328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752
12:30:05.0984 1328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAFC67D0, BlocksNum 0x121F9EF0
12:30:05.0984 1328 ============================================================
12:30:06.0046 1328 D: <-> \Device\Harddisk0\DR0\Partition2
12:30:06.0078 1328 C: <-> \Device\Harddisk0\DR0\Partition1
12:30:06.0078 1328 ============================================================
12:30:06.0078 1328 Initialize success
12:30:06.0078 1328 ============================================================
12:30:46.0921 2288 ============================================================
12:30:46.0921 2288 Scan started
12:30:46.0921 2288 Mode: Manual; SigCheck; TDLFS;
12:30:46.0921 2288 ============================================================
12:30:47.0718 2288 ================ Scan system memory ========================
12:30:47.0718 2288 System memory - ok
12:30:47.0718 2288 ================ Scan services =============================
12:30:47.0812 2288 Abiosdsk - ok
12:30:47.0812 2288 abp480n5 - ok
12:30:47.0828 2288 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:30:47.0968 2288 ACPI - ok
12:30:48.0000 2288 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:30:48.0078 2288 ACPIEC - ok
12:30:48.0140 2288 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:30:48.0156 2288 AdobeFlashPlayerUpdateSvc - ok
12:30:48.0156 2288 adpu160m - ok
12:30:48.0187 2288 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:30:48.0265 2288 aec - ok
12:30:48.0296 2288 [ 7618D5218F2A614672EC61A80D854A37 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:30:48.0343 2288 AFD - ok
12:30:48.0343 2288 Aha154x - ok
12:30:48.0359 2288 aic78u2 - ok
12:30:48.0359 2288 aic78xx - ok
12:30:48.0390 2288 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:30:48.0484 2288 Alerter - ok
12:30:48.0500 2288 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
12:30:48.0593 2288 ALG - ok
12:30:48.0593 2288 AliIde - ok
12:30:48.0656 2288 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
12:30:48.0750 2288 Ambfilt - ok
12:30:48.0750 2288 amsint - ok
12:30:48.0859 2288 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
12:30:48.0859 2288 AntiVirSchedulerService - ok
12:30:48.0890 2288 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
12:30:48.0890 2288 AntiVirService - ok
12:30:48.0906 2288 AppMgmt - ok
12:30:48.0906 2288 asc - ok
12:30:48.0906 2288 asc3350p - ok
12:30:48.0921 2288 asc3550 - ok
12:30:48.0984 2288 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:30:49.0000 2288 aspnet_state - ok
12:30:49.0031 2288 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:30:49.0125 2288 AsyncMac - ok
12:30:49.0125 2288 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:30:49.0203 2288 atapi - ok
12:30:49.0218 2288 Atdisk - ok
12:30:49.0265 2288 [ 86A76CAE252598FCC25BB728BAECDE27 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:30:49.0328 2288 Ati HotKey Poller - ok
12:30:49.0468 2288 [ CC26B3BDB00FB13F52BF0945FA3A5664 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:30:49.0609 2288 ati2mtag - ok
12:30:49.0656 2288 [ 9F7B431C11BDCB79FC1BBE9DE4F43B20 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
12:30:49.0671 2288 AtiHDAudioService - ok
12:30:49.0687 2288 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:30:49.0765 2288 Atmarpc - ok
12:30:49.0796 2288 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:30:49.0890 2288 AudioSrv - ok
12:30:49.0906 2288 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:30:49.0984 2288 audstub - ok
12:30:50.0000 2288 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
12:30:50.0015 2288 avgio - ok
12:30:50.0015 2288 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:30:50.0031 2288 avgntflt - ok
12:30:50.0046 2288 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:30:50.0062 2288 avipbb - ok
12:30:50.0078 2288 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:30:50.0171 2288 Beep - ok
12:30:50.0203 2288 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
12:30:50.0328 2288 BITS - ok
12:30:50.0343 2288 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
12:30:50.0421 2288 Browser - ok
12:30:50.0437 2288 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:30:50.0515 2288 cbidf2k - ok
12:30:50.0531 2288 cd20xrnt - ok
12:30:50.0546 2288 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:30:50.0640 2288 Cdaudio - ok
12:30:50.0656 2288 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:30:50.0750 2288 Cdfs - ok
12:30:50.0750 2288 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:30:50.0828 2288 Cdrom - ok
12:30:50.0828 2288 Changer - ok
12:30:50.0859 2288 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:30:50.0968 2288 CiSvc - ok
12:30:50.0984 2288 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:30:51.0062 2288 ClipSrv - ok
12:30:51.0109 2288 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:30:51.0140 2288 clr_optimization_v2.0.50727_32 - ok
12:30:51.0171 2288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:30:51.0187 2288 clr_optimization_v4.0.30319_32 - ok
12:30:51.0187 2288 CmdIde - ok
12:30:51.0203 2288 COMSysApp - ok
12:30:51.0218 2288 Cpqarray - ok
12:30:51.0296 2288 cpuz130 - ok
12:30:51.0312 2288 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:30:51.0390 2288 CryptSvc - ok
12:30:51.0390 2288 dac2w2k - ok
12:30:51.0406 2288 dac960nt - ok
12:30:51.0453 2288 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:30:51.0515 2288 DcomLaunch - ok
12:30:51.0546 2288 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:30:51.0625 2288 Dhcp - ok
12:30:51.0656 2288 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:30:51.0734 2288 Disk - ok
12:30:51.0734 2288 dmadmin - ok
12:30:51.0765 2288 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:30:51.0859 2288 dmboot - ok
12:30:51.0890 2288 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:30:51.0968 2288 dmio - ok
12:30:52.0000 2288 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:30:52.0093 2288 dmload - ok
12:30:52.0109 2288 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:30:52.0187 2288 dmserver - ok
12:30:52.0218 2288 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:30:52.0296 2288 DMusic - ok
12:30:52.0312 2288 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:30:52.0328 2288 Dnscache - ok
12:30:52.0375 2288 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:30:52.0453 2288 Dot3svc - ok
12:30:52.0453 2288 dpti2o - ok
12:30:52.0453 2288 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:30:52.0531 2288 drmkaud - ok
12:30:52.0546 2288 dsltestSp5 - ok
12:30:52.0593 2288 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:30:52.0671 2288 EapHost - ok
12:30:52.0687 2288 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:30:52.0781 2288 ERSvc - ok
12:30:52.0796 2288 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
12:30:52.0812 2288 Eventlog - ok
12:30:52.0843 2288 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
12:30:52.0890 2288 EventSystem - ok
12:30:52.0937 2288 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:30:53.0015 2288 Fastfat - ok
12:30:53.0062 2288 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:30:53.0109 2288 FastUserSwitchingCompatibility - ok
12:30:53.0140 2288 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:30:53.0203 2288 Fdc - ok
12:30:53.0218 2288 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:30:53.0296 2288 Fips - ok
12:30:53.0328 2288 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:30:53.0390 2288 Flpydisk - ok
12:30:53.0437 2288 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:30:53.0515 2288 FltMgr - ok
12:30:53.0609 2288 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:30:53.0609 2288 FontCache3.0.0.0 - ok
12:30:53.0640 2288 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:30:53.0718 2288 Fs_Rec - ok
12:30:53.0734 2288 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:30:53.0812 2288 Ftdisk - ok
12:30:53.0843 2288 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:30:53.0921 2288 Gpc - ok
12:30:53.0937 2288 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:30:54.0000 2288 HDAudBus - ok
12:30:54.0062 2288 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:30:54.0156 2288 helpsvc - ok
12:30:54.0171 2288 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
12:30:54.0250 2288 HidServ - ok
12:30:54.0265 2288 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:30:54.0328 2288 hidusb - ok
12:30:54.0359 2288 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:30:54.0421 2288 hkmsvc - ok
12:30:54.0421 2288 hpn - ok
12:30:54.0453 2288 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:30:54.0484 2288 HTTP - ok
12:30:54.0515 2288 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:30:54.0593 2288 HTTPFilter - ok
12:30:54.0593 2288 i2omgmt - ok
12:30:54.0593 2288 i2omp - ok
12:30:54.0625 2288 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:30:54.0718 2288 i8042prt - ok
12:30:54.0796 2288 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:30:54.0828 2288 idsvc - ok
12:30:54.0843 2288 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:30:54.0937 2288 Imapi - ok
12:30:54.0968 2288 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
12:30:55.0046 2288 ImapiService - ok
12:30:55.0046 2288 ini910u - ok
12:30:55.0187 2288 [ 4716F7EE8FB7FD02596ECE1EC70AFF53 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:30:55.0359 2288 IntcAzAudAddService - ok
12:30:55.0359 2288 IntelIde - ok
12:30:55.0390 2288 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:30:55.0468 2288 Ip6Fw - ok
12:30:55.0484 2288 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:30:55.0562 2288 IpFilterDriver - ok
12:30:55.0578 2288 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:30:55.0656 2288 IpInIp - ok
12:30:55.0656 2288 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:30:55.0734 2288 IpNat - ok
12:30:55.0750 2288 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:30:55.0828 2288 IPSec - ok
12:30:55.0828 2288 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:30:55.0906 2288 IRENUM - ok
12:30:55.0937 2288 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:30:56.0000 2288 isapnp - ok
12:30:56.0046 2288 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
12:30:56.0062 2288 JavaQuickStarterService - ok
12:30:56.0078 2288 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:30:56.0156 2288 Kbdclass - ok
12:30:56.0171 2288 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:30:56.0250 2288 kbdhid - ok
12:30:56.0281 2288 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:30:56.0343 2288 kmixer - ok
12:30:56.0390 2288 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:30:56.0421 2288 KSecDD - ok
12:30:56.0453 2288 [ F824476E660DD910E627615C700D2BEC ] LADF_CaptureOnly C:\WINDOWS\system32\DRIVERS\ladfGSCi386.sys
12:30:56.0468 2288 LADF_CaptureOnly - ok
12:30:56.0500 2288 [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2 C:\WINDOWS\system32\DRIVERS\ladfDHP2i386.sys
12:30:56.0500 2288 LADF_DHP2 - ok
12:30:56.0531 2288 [ 36A5647162101C3497B821FD368EF736 ] LADF_RenderOnly C:\WINDOWS\system32\DRIVERS\ladfGSRi386.sys
12:30:56.0546 2288 LADF_RenderOnly - ok
12:30:56.0546 2288 [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM C:\WINDOWS\system32\DRIVERS\ladfSBVMi386.sys
12:30:56.0562 2288 LADF_SBVM - ok
12:30:56.0609 2288 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:30:56.0640 2288 lanmanserver - ok
12:30:56.0671 2288 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:30:56.0718 2288 lanmanworkstation - ok
12:30:56.0718 2288 lbrtfdc - ok
12:30:56.0765 2288 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
12:30:56.0781 2288 LGBusEnum - ok
12:30:56.0812 2288 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
12:30:56.0812 2288 LGVirHid - ok
12:30:56.0843 2288 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:30:56.0921 2288 LmHosts - ok
12:30:56.0953 2288 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:30:56.0953 2288 MBAMProtector - ok
12:30:57.0015 2288 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:30:57.0031 2288 MBAMScheduler - ok
12:30:57.0093 2288 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
12:30:57.0140 2288 MBAMService - ok
12:30:57.0156 2288 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:30:57.0234 2288 Messenger - ok
12:30:57.0250 2288 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:30:57.0343 2288 mnmdd - ok
12:30:57.0375 2288 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:30:57.0437 2288 mnmsrvc - ok
12:30:57.0468 2288 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:30:57.0531 2288 Modem - ok
12:30:57.0578 2288 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
12:30:57.0625 2288 Monfilt - ok
12:30:57.0656 2288 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:30:57.0718 2288 Mouclass - ok
12:30:57.0734 2288 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:30:57.0828 2288 mouhid - ok
12:30:57.0843 2288 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:30:57.0921 2288 MountMgr - ok
12:30:57.0968 2288 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
12:30:57.0968 2288 MozillaMaintenance - ok
12:30:57.0968 2288 mraid35x - ok
12:30:57.0984 2288 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:30:58.0078 2288 MRxDAV - ok
12:30:58.0109 2288 [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:30:58.0156 2288 MRxSmb - ok
12:30:58.0281 2288 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:30:58.0359 2288 MSDTC - ok
12:30:58.0406 2288 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:30:58.0484 2288 Msfs - ok
12:30:58.0484 2288 MSICDSetup - ok
12:30:58.0500 2288 MSIServer - ok
12:30:58.0515 2288 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:30:58.0578 2288 MSKSSRV - ok
12:30:58.0609 2288 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:30:58.0703 2288 MSPCLOCK - ok
12:30:58.0718 2288 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:30:58.0796 2288 MSPQM - ok
12:30:58.0828 2288 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:30:58.0890 2288 mssmbios - ok
12:30:58.0906 2288 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:30:58.0968 2288 Mup - ok
12:30:59.0000 2288 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
12:30:59.0093 2288 napagent - ok
12:30:59.0109 2288 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:30:59.0203 2288 NDIS - ok
12:30:59.0234 2288 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:30:59.0312 2288 NdisTapi - ok
12:30:59.0328 2288 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:30:59.0406 2288 Ndisuio - ok
12:30:59.0421 2288 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:30:59.0484 2288 NdisWan - ok
12:30:59.0515 2288 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:30:59.0531 2288 NDProxy - ok
12:30:59.0562 2288 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:30:59.0625 2288 NetBIOS - ok
12:30:59.0656 2288 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:30:59.0734 2288 NetBT - ok
12:30:59.0765 2288 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
12:30:59.0843 2288 NetDDE - ok
12:30:59.0859 2288 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:30:59.0921 2288 NetDDEdsdm - ok
12:30:59.0937 2288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:31:00.0015 2288 Netlogon - ok
12:31:00.0046 2288 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
12:31:00.0125 2288 Netman - ok
12:31:00.0156 2288 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:31:00.0171 2288 NetTcpPortSharing - ok
12:31:00.0187 2288 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
12:31:00.0203 2288 Nla - ok
12:31:00.0265 2288 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess d:\Programme\CDBurnerXP\NMSAccessU.exe
12:31:00.0281 2288 NMSAccess - ok
12:31:00.0312 2288 [ B9730495E0CF674680121E34BD95A73B ] npf C:\WINDOWS\system32\drivers\npf.sys
12:31:00.0312 2288 npf - ok
12:31:00.0343 2288 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:31:00.0406 2288 Npfs - ok
12:31:00.0421 2288 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:31:00.0515 2288 Ntfs - ok
12:31:00.0531 2288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:31:00.0593 2288 NtLmSsp - ok
12:31:00.0656 2288 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:31:00.0750 2288 NtmsSvc - ok
12:31:00.0765 2288 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:31:00.0843 2288 Null - ok
12:31:01.0078 2288 [ F1DE35C89D98A883D1B4030DC9896855 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:31:01.0640 2288 nv - ok
12:31:01.0656 2288 [ D875346596BD48D74AC9B9BE791B8D69 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:31:01.0687 2288 NVENETFD - ok
12:31:01.0703 2288 [ F02C1C5E84C37667ECD3EEA5958449BC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:31:01.0734 2288 nvnetbus - ok
12:31:01.0765 2288 [ E13944917CFB081EBB9A9CF3B151C42F ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
12:31:01.0781 2288 nvsvc - ok
12:31:01.0796 2288 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:31:01.0875 2288 NwlnkFlt - ok
12:31:01.0890 2288 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:31:01.0984 2288 NwlnkFwd - ok
12:31:02.0250 2288 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:31:02.0312 2288 Parport - ok
12:31:02.0328 2288 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:31:02.0390 2288 PartMgr - ok
12:31:02.0421 2288 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:31:02.0500 2288 ParVdm - ok
12:31:02.0515 2288 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:31:02.0578 2288 PCI - ok
12:31:02.0593 2288 PCIDump - ok
12:31:02.0609 2288 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:31:02.0703 2288 PCIIde - ok
12:31:02.0750 2288 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:31:02.0812 2288 Pcmcia - ok
12:31:02.0812 2288 PDCOMP - ok
12:31:02.0812 2288 PDFRAME - ok
12:31:02.0828 2288 PDRELI - ok
12:31:02.0828 2288 PDRFRAME - ok
12:31:02.0843 2288 perc2 - ok
12:31:02.0843 2288 perc2hib - ok
12:31:02.0875 2288 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
12:31:02.0890 2288 PlugPlay - ok
12:31:02.0906 2288 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
12:31:02.0921 2288 PnkBstrA - ok
12:31:02.0921 2288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:31:02.0984 2288 PolicyAgent - ok
12:31:03.0015 2288 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:31:03.0093 2288 PptpMiniport - ok
12:31:03.0093 2288 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
12:31:03.0171 2288 Processor - ok
12:31:03.0171 2288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:31:03.0234 2288 ProtectedStorage - ok
12:31:03.0265 2288 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:31:03.0328 2288 PSched - ok
12:31:03.0343 2288 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:31:03.0421 2288 Ptilink - ok
12:31:03.0437 2288 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:31:03.0453 2288 PxHelp20 - ok
12:31:03.0453 2288 ql1080 - ok
12:31:03.0453 2288 Ql10wnt - ok
12:31:03.0453 2288 ql12160 - ok
12:31:03.0468 2288 ql1240 - ok
12:31:03.0468 2288 ql1280 - ok
12:31:03.0515 2288 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:31:03.0593 2288 RasAcd - ok
12:31:03.0625 2288 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:31:03.0703 2288 RasAuto - ok
12:31:03.0718 2288 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:31:03.0796 2288 Rasl2tp - ok
12:31:03.0828 2288 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:31:03.0906 2288 RasMan - ok
12:31:03.0921 2288 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:31:03.0984 2288 RasPppoe - ok
12:31:04.0000 2288 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:31:04.0078 2288 Raspti - ok
12:31:04.0093 2288 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:31:04.0156 2288 Rdbss - ok
12:31:04.0171 2288 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:31:04.0250 2288 RDPCDD - ok
12:31:04.0296 2288 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:31:04.0359 2288 RDPWD - ok
12:31:04.0390 2288 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:31:04.0468 2288 RDSessMgr - ok
12:31:04.0484 2288 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:31:04.0546 2288 redbook - ok
12:31:04.0578 2288 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:31:04.0671 2288 RemoteAccess - ok
12:31:04.0703 2288 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:31:04.0781 2288 RpcLocator - ok
12:31:04.0796 2288 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:31:04.0812 2288 RpcSs - ok
12:31:04.0859 2288 [ 31D003AF01A5AB25C16A9BFAE93EB272 ] RSShutdown C:\Programme\RichiStudios\Shutdown\service.exe
12:31:04.0875 2288 RSShutdown ( UnsignedFile.Multi.Generic ) - warning
12:31:04.0875 2288 RSShutdown - detected UnsignedFile.Multi.Generic (1)
12:31:04.0890 2288 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:31:04.0984 2288 RSVP - ok
12:31:05.0031 2288 [ 37E2DB92E8E25CD324E7D6FF0FE580FA ] RTCore32 C:\Programme\MSI Afterburner\RTCore32.sys
12:31:05.0031 2288 RTCore32 - ok
12:31:05.0046 2288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
12:31:05.0109 2288 SamSs - ok
12:31:05.0140 2288 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:31:05.0218 2288 SCardSvr - ok
12:31:05.0250 2288 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:31:05.0312 2288 Schedule - ok
12:31:05.0359 2288 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:31:05.0421 2288 Secdrv - ok
12:31:05.0453 2288 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
12:31:05.0515 2288 seclogon - ok
12:31:05.0531 2288 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
12:31:05.0609 2288 SENS - ok
12:31:05.0625 2288 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:31:05.0703 2288 serenum - ok
12:31:05.0718 2288 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:31:05.0781 2288 Serial - ok
12:31:05.0812 2288 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:31:05.0875 2288 Sfloppy - ok
12:31:05.0906 2288 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:31:05.0984 2288 SharedAccess - ok
12:31:06.0015 2288 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:31:06.0031 2288 ShellHWDetection - ok
12:31:06.0031 2288 Simbad - ok
12:31:06.0046 2288 Sparrow - ok
12:31:06.0062 2288 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:31:06.0125 2288 splitter - ok
12:31:06.0140 2288 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:31:06.0171 2288 Spooler - ok
12:31:06.0187 2288 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:31:06.0265 2288 sr - ok
12:31:06.0281 2288 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
12:31:06.0359 2288 srservice - ok
12:31:06.0421 2288 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:31:06.0468 2288 Srv - ok
12:31:06.0500 2288 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:31:06.0578 2288 SSDPSRV - ok
12:31:06.0625 2288 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:31:06.0625 2288 ssmdrv - ok
12:31:06.0656 2288 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
12:31:06.0671 2288 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:31:06.0671 2288 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:31:06.0718 2288 Steam Client Service - ok
12:31:06.0796 2288 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:31:06.0875 2288 stisvc - ok
12:31:06.0890 2288 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:31:06.0968 2288 swenum - ok
12:31:06.0984 2288 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:31:07.0062 2288 swmidi - ok
12:31:07.0062 2288 SwPrv - ok
12:31:07.0078 2288 symc810 - ok
12:31:07.0078 2288 symc8xx - ok
12:31:07.0078 2288 sym_hi - ok
12:31:07.0093 2288 sym_u3 - ok
12:31:07.0093 2288 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:31:07.0156 2288 sysaudio - ok
12:31:07.0203 2288 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:31:07.0281 2288 SysmonLog - ok
12:31:07.0312 2288 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:31:07.0406 2288 TapiSrv - ok
12:31:07.0421 2288 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:31:07.0468 2288 Tcpip - ok
12:31:07.0500 2288 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:31:07.0562 2288 TDPIPE - ok
12:31:07.0562 2288 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:31:07.0640 2288 TDTCP - ok
12:31:07.0687 2288 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:31:07.0750 2288 TermDD - ok
12:31:07.0796 2288 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
12:31:07.0875 2288 TermService - ok
12:31:07.0890 2288 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:31:07.0890 2288 Themes - ok
12:31:07.0890 2288 TosIde - ok
12:31:07.0921 2288 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:31:08.0000 2288 TrkWks - ok
12:31:08.0046 2288 [ 7C1367BFF5587CF49C0ED2E664F6EAC0 ] TSMPacket C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
12:31:08.0062 2288 TSMPacket ( UnsignedFile.Multi.Generic ) - warning
12:31:08.0062 2288 TSMPacket - detected UnsignedFile.Multi.Generic (1)
12:31:08.0078 2288 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:31:08.0156 2288 Udfs - ok
12:31:08.0156 2288 ultra - ok
12:31:08.0156 2288 ulxdoi - ok
12:31:08.0218 2288 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:31:08.0296 2288 Update - ok
12:31:08.0328 2288 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:31:08.0390 2288 upnphost - ok
12:31:08.0421 2288 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
12:31:08.0484 2288 UPS - ok
12:31:08.0500 2288 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:31:08.0578 2288 usbaudio - ok
12:31:08.0593 2288 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:31:08.0671 2288 usbccgp - ok
12:31:08.0687 2288 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:31:08.0750 2288 usbehci - ok
12:31:08.0765 2288 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:31:08.0843 2288 usbhub - ok
12:31:08.0843 2288 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:31:08.0921 2288 usbohci - ok
12:31:08.0953 2288 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:31:09.0031 2288 usbscan - ok
12:31:09.0062 2288 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:31:09.0140 2288 USBSTOR - ok
12:31:09.0156 2288 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:31:09.0250 2288 VgaSave - ok
12:31:09.0250 2288 ViaIde - ok
12:31:09.0265 2288 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:31:09.0343 2288 VolSnap - ok
12:31:09.0359 2288 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
12:31:09.0437 2288 VSS - ok
12:31:09.0453 2288 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
12:31:09.0531 2288 W32Time - ok
12:31:09.0546 2288 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:31:09.0609 2288 Wanarp - ok
12:31:09.0609 2288 WDICA - ok
12:31:09.0640 2288 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:31:09.0718 2288 wdmaud - ok
12:31:09.0750 2288 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:31:09.0828 2288 WebClient - ok
12:31:09.0875 2288 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:31:09.0953 2288 winmgmt - ok
12:31:10.0000 2288 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:31:10.0015 2288 WmdmPmSN - ok
12:31:10.0031 2288 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:31:10.0093 2288 WmiAcpi - ok
12:31:10.0125 2288 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:31:10.0203 2288 WmiApSrv - ok
12:31:10.0250 2288 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
12:31:10.0281 2288 WMPNetworkSvc - ok
12:31:10.0328 2288 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:31:10.0343 2288 WpdUsb - ok
12:31:10.0406 2288 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:31:10.0437 2288 WPFFontCache_v0400 - ok
12:31:10.0468 2288 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:31:10.0546 2288 wscsvc - ok
12:31:10.0578 2288 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:31:10.0656 2288 wuauserv - ok
12:31:10.0718 2288 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:31:10.0750 2288 WudfPf - ok
12:31:10.0765 2288 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:31:10.0781 2288 WudfRd - ok
12:31:10.0796 2288 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:31:10.0812 2288 WudfSvc - ok
12:31:10.0843 2288 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:31:10.0937 2288 WZCSVC - ok
12:31:10.0968 2288 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:31:11.0078 2288 xmlprov - ok
12:31:11.0078 2288 ================ Scan global ===============================
12:31:11.0109 2288 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
12:31:11.0156 2288 [ E9B93B97B1A2965144361F4FD8BD2BEF ] C:\WINDOWS\system32\winsrv.dll
12:31:11.0171 2288 [ E9B93B97B1A2965144361F4FD8BD2BEF ] C:\WINDOWS\system32\winsrv.dll
12:31:11.0187 2288 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
12:31:11.0187 2288 [Global] - ok
12:31:11.0187 2288 ================ Scan MBR ==================================
12:31:11.0203 2288 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
12:31:11.0265 2288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
12:31:11.0265 2288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
12:31:11.0328 2288 ================ Scan VBR ==================================
12:31:11.0343 2288 [ C8D7B99A2DC7262BB12A81DE1D8F36B4 ] \Device\Harddisk0\DR0\Partition1
12:31:11.0343 2288 \Device\Harddisk0\DR0\Partition1 - ok
12:31:11.0359 2288 [ 20536B127602997D5B66EAE209D289A1 ] \Device\Harddisk0\DR0\Partition2
12:31:11.0375 2288 \Device\Harddisk0\DR0\Partition2 - ok
12:31:11.0375 2288 ============================================================
12:31:11.0375 2288 Scan finished
12:31:11.0375 2288 ============================================================
12:31:11.0484 2276 Detected object count: 4
12:31:11.0484 2276 Actual detected object count: 4
12:31:43.0000 2276 RSShutdown ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:43.0000 2276 RSShutdown ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:43.0000 2276 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:43.0000 2276 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:43.0000 2276 TSMPacket ( UnsignedFile.Multi.Generic ) - skipped by user
12:31:43.0000 2276 TSMPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:31:43.0015 2276 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
12:31:43.0015 2276 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
|
|
24.09.2012, 18:13
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei TrojanerCode:
ATTFilter \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b )
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 18:22
| #23 |
| | Bundespolizei TrojanerCode:
ATTFilter 19:18:43.0406 2396 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:18:43.0812 2396 ============================================================
19:18:43.0812 2396 Current date / time: 2012/09/24 19:18:43.0812
19:18:43.0812 2396 SystemInfo:
19:18:43.0812 2396
19:18:43.0812 2396 OS Version: 5.1.2600 ServicePack: 3.0
19:18:43.0812 2396 Product type: Workstation
19:18:43.0812 2396 ComputerName: MARC-OBEN
19:18:43.0812 2396 UserName: Marc
19:18:43.0812 2396 Windows directory: C:\WINDOWS
19:18:43.0812 2396 System windows directory: C:\WINDOWS
19:18:43.0812 2396 Processor architecture: Intel x86
19:18:43.0812 2396 Number of processors: 2
19:18:43.0812 2396 Page size: 0x1000
19:18:43.0812 2396 Boot type: Normal boot
19:18:43.0812 2396 ============================================================
19:18:46.0359 2396 BG loaded
19:18:48.0109 2396 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:18:48.0109 2396 ============================================================
19:18:48.0109 2396 \Device\Harddisk0\DR0:
19:18:48.0109 2396 MBR partitions:
19:18:48.0109 2396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752
19:18:48.0125 2396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAFC67D0, BlocksNum 0x121F9EF0
19:18:48.0125 2396 ============================================================
19:18:48.0203 2396 D: <-> \Device\Harddisk0\DR0\Partition2
19:18:48.0421 2396 C: <-> \Device\Harddisk0\DR0\Partition1
19:18:48.0546 2396 ============================================================
19:18:48.0546 2396 Initialize success
19:18:48.0546 2396 ============================================================
19:19:35.0828 3376 ============================================================
19:19:35.0828 3376 Scan started
19:19:35.0828 3376 Mode: Manual; SigCheck; TDLFS;
19:19:35.0828 3376 ============================================================
19:19:36.0843 3376 ================ Scan system memory ========================
19:19:36.0843 3376 System memory - ok
19:19:36.0843 3376 ================ Scan services =============================
19:19:36.0953 3376 Abiosdsk - ok
19:19:36.0968 3376 abp480n5 - ok
19:19:36.0984 3376 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:19:37.0156 3376 ACPI - ok
19:19:37.0187 3376 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:19:37.0359 3376 ACPIEC - ok
19:19:37.0500 3376 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:19:37.0546 3376 AdobeFlashPlayerUpdateSvc - ok
19:19:37.0546 3376 adpu160m - ok
19:19:37.0593 3376 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:19:37.0687 3376 aec - ok
19:19:37.0781 3376 [ 7618D5218F2A614672EC61A80D854A37 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:19:37.0859 3376 AFD - ok
19:19:37.0859 3376 Aha154x - ok
19:19:37.0875 3376 aic78u2 - ok
19:19:37.0875 3376 aic78xx - ok
19:19:37.0906 3376 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:19:38.0031 3376 Alerter - ok
19:19:38.0078 3376 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
19:19:38.0187 3376 ALG - ok
19:19:38.0203 3376 AliIde - ok
19:19:38.0375 3376 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
19:19:38.0890 3376 Ambfilt - ok
19:19:38.0890 3376 amsint - ok
19:19:38.0968 3376 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
19:19:38.0984 3376 AntiVirSchedulerService - ok
19:19:39.0015 3376 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:19:39.0015 3376 AntiVirService - ok
19:19:39.0015 3376 AppMgmt - ok
19:19:39.0031 3376 asc - ok
19:19:39.0031 3376 asc3350p - ok
19:19:39.0046 3376 asc3550 - ok
19:19:39.0093 3376 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:19:39.0109 3376 aspnet_state - ok
19:19:39.0140 3376 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:19:39.0234 3376 AsyncMac - ok
19:19:39.0296 3376 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:19:39.0390 3376 atapi - ok
19:19:39.0406 3376 Atdisk - ok
19:19:39.0500 3376 [ 86A76CAE252598FCC25BB728BAECDE27 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:19:39.0671 3376 Ati HotKey Poller - ok
19:19:40.0046 3376 [ CC26B3BDB00FB13F52BF0945FA3A5664 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:19:40.0531 3376 ati2mtag - ok
19:19:40.0562 3376 [ 9F7B431C11BDCB79FC1BBE9DE4F43B20 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
19:19:40.0578 3376 AtiHDAudioService - ok
19:19:40.0640 3376 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:19:40.0734 3376 Atmarpc - ok
19:19:40.0781 3376 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:19:40.0875 3376 AudioSrv - ok
19:19:40.0906 3376 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:19:40.0968 3376 audstub - ok
19:19:41.0000 3376 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
19:19:41.0000 3376 avgio - ok
19:19:41.0015 3376 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:19:41.0031 3376 avgntflt - ok
19:19:41.0046 3376 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:19:41.0062 3376 avipbb - ok
19:19:41.0109 3376 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:19:41.0218 3376 Beep - ok
19:19:41.0296 3376 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
19:19:41.0640 3376 BITS - ok
19:19:41.0656 3376 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
19:19:41.0750 3376 Browser - ok
19:19:41.0765 3376 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:19:41.0859 3376 cbidf2k - ok
19:19:41.0859 3376 cd20xrnt - ok
19:19:41.0890 3376 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:19:41.0968 3376 Cdaudio - ok
19:19:42.0015 3376 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:19:42.0078 3376 Cdfs - ok
19:19:42.0093 3376 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:19:42.0171 3376 Cdrom - ok
19:19:42.0171 3376 Changer - ok
19:19:42.0203 3376 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:19:42.0281 3376 CiSvc - ok
19:19:42.0296 3376 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:19:42.0375 3376 ClipSrv - ok
19:19:42.0500 3376 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:19:42.0656 3376 clr_optimization_v2.0.50727_32 - ok
19:19:42.0703 3376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:19:42.0765 3376 clr_optimization_v4.0.30319_32 - ok
19:19:42.0765 3376 CmdIde - ok
19:19:42.0781 3376 COMSysApp - ok
19:19:42.0781 3376 Cpqarray - ok
19:19:42.0984 3376 cpuz130 - ok
19:19:43.0187 3376 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:19:43.0312 3376 CryptSvc - ok
19:19:43.0312 3376 dac2w2k - ok
19:19:43.0312 3376 dac960nt - ok
19:19:43.0453 3376 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:19:43.0578 3376 DcomLaunch - ok
19:19:43.0703 3376 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:19:43.0781 3376 Dhcp - ok
19:19:43.0843 3376 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:19:43.0984 3376 Disk - ok
19:19:43.0984 3376 dmadmin - ok
19:19:44.0140 3376 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:19:44.0671 3376 dmboot - ok
19:19:44.0718 3376 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:19:44.0812 3376 dmio - ok
19:19:44.0843 3376 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:19:44.0937 3376 dmload - ok
19:19:44.0968 3376 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:19:45.0046 3376 dmserver - ok
19:19:45.0062 3376 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:19:45.0171 3376 DMusic - ok
19:19:45.0187 3376 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:19:45.0203 3376 Dnscache - ok
19:19:45.0265 3376 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:19:45.0328 3376 Dot3svc - ok
19:19:45.0328 3376 dpti2o - ok
19:19:45.0343 3376 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:19:45.0421 3376 drmkaud - ok
19:19:45.0421 3376 dsltestSp5 - ok
19:19:45.0468 3376 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:19:45.0546 3376 EapHost - ok
19:19:45.0593 3376 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:19:45.0671 3376 ERSvc - ok
19:19:45.0703 3376 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
19:19:45.0718 3376 Eventlog - ok
19:19:45.0750 3376 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
19:19:45.0781 3376 EventSystem - ok
19:19:45.0812 3376 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:19:45.0906 3376 Fastfat - ok
19:19:45.0953 3376 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:19:46.0000 3376 FastUserSwitchingCompatibility - ok
19:19:46.0015 3376 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:19:46.0078 3376 Fdc - ok
19:19:46.0093 3376 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:19:46.0171 3376 Fips - ok
19:19:46.0203 3376 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:19:46.0281 3376 Flpydisk - ok
19:19:46.0312 3376 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:19:46.0390 3376 FltMgr - ok
19:19:46.0437 3376 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:19:46.0453 3376 FontCache3.0.0.0 - ok
19:19:46.0468 3376 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:19:46.0546 3376 Fs_Rec - ok
19:19:46.0562 3376 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:19:46.0656 3376 Ftdisk - ok
19:19:46.0671 3376 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:19:46.0781 3376 Gpc - ok
19:19:46.0796 3376 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:19:46.0859 3376 HDAudBus - ok
19:19:46.0921 3376 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:19:47.0000 3376 helpsvc - ok
19:19:47.0015 3376 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
19:19:47.0078 3376 HidServ - ok
19:19:47.0093 3376 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:19:47.0171 3376 hidusb - ok
19:19:47.0234 3376 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:19:47.0312 3376 hkmsvc - ok
19:19:47.0312 3376 hpn - ok
19:19:47.0343 3376 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:19:47.0375 3376 HTTP - ok
19:19:47.0390 3376 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:19:47.0468 3376 HTTPFilter - ok
19:19:47.0468 3376 i2omgmt - ok
19:19:47.0468 3376 i2omp - ok
19:19:47.0531 3376 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:19:47.0593 3376 i8042prt - ok
19:19:47.0671 3376 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:19:47.0703 3376 idsvc - ok
19:19:47.0703 3376 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:19:47.0796 3376 Imapi - ok
19:19:47.0828 3376 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
19:19:47.0906 3376 ImapiService - ok
19:19:47.0906 3376 ini910u - ok
19:19:48.0046 3376 [ 4716F7EE8FB7FD02596ECE1EC70AFF53 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:19:48.0234 3376 IntcAzAudAddService - ok
19:19:48.0234 3376 IntelIde - ok
19:19:48.0265 3376 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:19:48.0343 3376 Ip6Fw - ok
19:19:48.0359 3376 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:19:48.0453 3376 IpFilterDriver - ok
19:19:48.0453 3376 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:19:48.0515 3376 IpInIp - ok
19:19:48.0515 3376 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:19:48.0593 3376 IpNat - ok
19:19:48.0625 3376 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:19:48.0687 3376 IPSec - ok
19:19:48.0703 3376 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:19:48.0781 3376 IRENUM - ok
19:19:48.0796 3376 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:19:48.0859 3376 isapnp - ok
19:19:48.0906 3376 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
19:19:48.0921 3376 JavaQuickStarterService - ok
19:19:48.0937 3376 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:19:49.0000 3376 Kbdclass - ok
19:19:49.0031 3376 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:19:49.0093 3376 kbdhid - ok
19:19:49.0125 3376 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:19:49.0187 3376 kmixer - ok
19:19:49.0218 3376 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:19:49.0250 3376 KSecDD - ok
19:19:49.0281 3376 [ F824476E660DD910E627615C700D2BEC ] LADF_CaptureOnly C:\WINDOWS\system32\DRIVERS\ladfGSCi386.sys
19:19:49.0296 3376 LADF_CaptureOnly - ok
19:19:49.0328 3376 [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2 C:\WINDOWS\system32\DRIVERS\ladfDHP2i386.sys
19:19:49.0328 3376 LADF_DHP2 - ok
19:19:49.0359 3376 [ 36A5647162101C3497B821FD368EF736 ] LADF_RenderOnly C:\WINDOWS\system32\DRIVERS\ladfGSRi386.sys
19:19:49.0359 3376 LADF_RenderOnly - ok
19:19:49.0375 3376 [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM C:\WINDOWS\system32\DRIVERS\ladfSBVMi386.sys
19:19:49.0390 3376 LADF_SBVM - ok
19:19:49.0406 3376 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:19:49.0453 3376 lanmanserver - ok
19:19:49.0484 3376 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:19:49.0515 3376 lanmanworkstation - ok
19:19:49.0515 3376 lbrtfdc - ok
19:19:49.0531 3376 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys
19:19:49.0546 3376 LGBusEnum - ok
19:19:49.0578 3376 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys
19:19:49.0578 3376 LGVirHid - ok
19:19:49.0625 3376 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:19:49.0687 3376 LmHosts - ok
19:19:49.0718 3376 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:19:49.0718 3376 MBAMProtector - ok
19:19:49.0781 3376 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:19:49.0781 3376 MBAMScheduler - ok
19:19:49.0828 3376 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:19:49.0859 3376 MBAMService - ok
19:19:49.0890 3376 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:19:49.0968 3376 Messenger - ok
19:19:49.0984 3376 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:19:50.0078 3376 mnmdd - ok
19:19:50.0156 3376 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:19:50.0218 3376 mnmsrvc - ok
19:19:50.0250 3376 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:19:50.0312 3376 Modem - ok
19:19:50.0343 3376 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
19:19:50.0406 3376 Monfilt - ok
19:19:50.0437 3376 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:19:50.0515 3376 Mouclass - ok
19:19:50.0515 3376 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:19:50.0609 3376 mouhid - ok
19:19:50.0625 3376 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:19:50.0703 3376 MountMgr - ok
19:19:50.0781 3376 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:19:50.0796 3376 MozillaMaintenance - ok
19:19:50.0796 3376 mraid35x - ok
19:19:50.0812 3376 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:19:50.0890 3376 MRxDAV - ok
19:19:50.0921 3376 [ 0EA4D8ED179B75F8AFA7998BA22285CA ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:19:50.0968 3376 MRxSmb - ok
19:19:50.0984 3376 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:19:51.0046 3376 MSDTC - ok
19:19:51.0062 3376 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:19:51.0140 3376 Msfs - ok
19:19:51.0140 3376 MSICDSetup - ok
19:19:51.0140 3376 MSIServer - ok
19:19:51.0171 3376 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:19:51.0234 3376 MSKSSRV - ok
19:19:51.0265 3376 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:19:51.0328 3376 MSPCLOCK - ok
19:19:51.0343 3376 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:19:51.0421 3376 MSPQM - ok
19:19:51.0453 3376 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:19:51.0515 3376 mssmbios - ok
19:19:51.0546 3376 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:19:51.0609 3376 Mup - ok
19:19:51.0640 3376 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
19:19:51.0718 3376 napagent - ok
19:19:51.0734 3376 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:19:51.0828 3376 NDIS - ok
19:19:51.0859 3376 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:19:51.0968 3376 NdisTapi - ok
19:19:51.0984 3376 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:19:52.0046 3376 Ndisuio - ok
19:19:52.0062 3376 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:19:52.0125 3376 NdisWan - ok
19:19:52.0140 3376 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:19:52.0171 3376 NDProxy - ok
19:19:52.0187 3376 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:19:52.0265 3376 NetBIOS - ok
19:19:52.0265 3376 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:19:52.0328 3376 NetBT - ok
19:19:52.0375 3376 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
19:19:52.0453 3376 NetDDE - ok
19:19:52.0453 3376 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:19:52.0515 3376 NetDDEdsdm - ok
19:19:52.0546 3376 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:19:52.0640 3376 Netlogon - ok
19:19:52.0656 3376 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
19:19:52.0718 3376 Netman - ok
19:19:52.0750 3376 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:19:52.0765 3376 NetTcpPortSharing - ok
19:19:52.0781 3376 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
19:19:52.0796 3376 Nla - ok
19:19:52.0859 3376 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess d:\Programme\CDBurnerXP\NMSAccessU.exe
19:19:52.0875 3376 NMSAccess - ok
19:19:52.0906 3376 [ B9730495E0CF674680121E34BD95A73B ] npf C:\WINDOWS\system32\drivers\npf.sys
19:19:52.0906 3376 npf - ok
19:19:52.0937 3376 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:19:53.0000 3376 Npfs - ok
19:19:53.0015 3376 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:19:53.0109 3376 Ntfs - ok
19:19:53.0140 3376 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:19:53.0203 3376 NtLmSsp - ok
19:19:53.0281 3376 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:19:53.0375 3376 NtmsSvc - ok
19:19:53.0406 3376 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:19:53.0484 3376 Null - ok
19:19:53.0718 3376 [ F1DE35C89D98A883D1B4030DC9896855 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:19:54.0234 3376 nv - ok
19:19:54.0250 3376 [ D875346596BD48D74AC9B9BE791B8D69 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:19:54.0281 3376 NVENETFD - ok
19:19:54.0328 3376 [ F02C1C5E84C37667ECD3EEA5958449BC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:19:54.0343 3376 nvnetbus - ok
19:19:54.0375 3376 [ E13944917CFB081EBB9A9CF3B151C42F ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
19:19:54.0375 3376 nvsvc - ok
19:19:54.0406 3376 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:19:54.0484 3376 NwlnkFlt - ok
19:19:54.0500 3376 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:19:54.0578 3376 NwlnkFwd - ok
19:19:54.0609 3376 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:19:54.0671 3376 Parport - ok
19:19:54.0734 3376 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:19:54.0796 3376 PartMgr - ok
19:19:54.0828 3376 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:19:54.0906 3376 ParVdm - ok
19:19:54.0906 3376 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:19:54.0984 3376 PCI - ok
19:19:54.0984 3376 PCIDump - ok
19:19:54.0984 3376 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:19:55.0078 3376 PCIIde - ok
19:19:55.0109 3376 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:19:55.0171 3376 Pcmcia - ok
19:19:55.0171 3376 PDCOMP - ok
19:19:55.0187 3376 PDFRAME - ok
19:19:55.0187 3376 PDRELI - ok
19:19:55.0187 3376 PDRFRAME - ok
19:19:55.0203 3376 perc2 - ok
19:19:55.0203 3376 perc2hib - ok
19:19:55.0234 3376 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
19:19:55.0250 3376 PlugPlay - ok
19:19:55.0281 3376 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
19:19:55.0281 3376 PnkBstrA - ok
19:19:55.0281 3376 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:19:55.0343 3376 PolicyAgent - ok
19:19:55.0375 3376 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:19:55.0437 3376 PptpMiniport - ok
19:19:55.0453 3376 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:19:55.0515 3376 Processor - ok
19:19:55.0531 3376 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:19:55.0593 3376 ProtectedStorage - ok
19:19:55.0609 3376 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:19:55.0687 3376 PSched - ok
19:19:55.0703 3376 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:19:55.0781 3376 Ptilink - ok
19:19:55.0796 3376 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:19:55.0812 3376 PxHelp20 - ok
19:19:55.0812 3376 ql1080 - ok
19:19:55.0812 3376 Ql10wnt - ok
19:19:55.0828 3376 ql12160 - ok
19:19:55.0828 3376 ql1240 - ok
19:19:55.0828 3376 ql1280 - ok
19:19:55.0859 3376 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:19:55.0937 3376 RasAcd - ok
19:19:55.0968 3376 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:19:56.0046 3376 RasAuto - ok
19:19:56.0062 3376 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:19:56.0140 3376 Rasl2tp - ok
19:19:56.0171 3376 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:19:56.0234 3376 RasMan - ok
19:19:56.0250 3376 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:19:56.0312 3376 RasPppoe - ok
19:19:56.0328 3376 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:19:56.0406 3376 Raspti - ok
19:19:56.0406 3376 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:19:56.0484 3376 Rdbss - ok
19:19:56.0500 3376 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:19:56.0578 3376 RDPCDD - ok
19:19:56.0625 3376 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:19:56.0687 3376 RDPWD - ok
19:19:56.0734 3376 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:19:56.0796 3376 RDSessMgr - ok
19:19:56.0812 3376 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:19:56.0890 3376 redbook - ok
19:19:56.0921 3376 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:19:57.0015 3376 RemoteAccess - ok
19:19:57.0031 3376 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
19:19:57.0109 3376 RpcLocator - ok
19:19:57.0140 3376 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:19:57.0156 3376 RpcSs - ok
19:19:57.0203 3376 [ 31D003AF01A5AB25C16A9BFAE93EB272 ] RSShutdown C:\Programme\RichiStudios\Shutdown\service.exe
19:19:57.0203 3376 RSShutdown ( UnsignedFile.Multi.Generic ) - warning
19:19:57.0203 3376 RSShutdown - detected UnsignedFile.Multi.Generic (1)
19:19:57.0234 3376 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:19:57.0312 3376 RSVP - ok
19:19:57.0359 3376 [ 37E2DB92E8E25CD324E7D6FF0FE580FA ] RTCore32 C:\Programme\MSI Afterburner\RTCore32.sys
19:19:57.0359 3376 RTCore32 - ok
19:19:57.0375 3376 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
19:19:57.0437 3376 SamSs - ok
19:19:57.0468 3376 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:19:57.0546 3376 SCardSvr - ok
19:19:57.0593 3376 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:19:57.0656 3376 Schedule - ok
19:19:57.0687 3376 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:19:57.0750 3376 Secdrv - ok
19:19:57.0781 3376 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
19:19:57.0843 3376 seclogon - ok
19:19:57.0859 3376 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
19:19:57.0937 3376 SENS - ok
19:19:57.0953 3376 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:19:58.0015 3376 serenum - ok
19:19:58.0031 3376 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:19:58.0093 3376 Serial - ok
19:19:58.0125 3376 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:19:58.0203 3376 Sfloppy - ok
19:19:58.0234 3376 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:19:58.0312 3376 SharedAccess - ok
19:19:58.0328 3376 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:19:58.0343 3376 ShellHWDetection - ok
19:19:58.0343 3376 Simbad - ok
19:19:58.0359 3376 Sparrow - ok
19:19:58.0359 3376 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:19:58.0421 3376 splitter - ok
19:19:58.0453 3376 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:19:58.0468 3376 Spooler - ok
19:19:58.0515 3376 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:19:58.0578 3376 sr - ok
19:19:58.0609 3376 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
19:19:58.0671 3376 srservice - ok
19:19:58.0703 3376 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:19:58.0765 3376 Srv - ok
19:19:58.0796 3376 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:19:58.0875 3376 SSDPSRV - ok
19:19:58.0890 3376 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:19:58.0890 3376 ssmdrv - ok
19:19:58.0921 3376 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
19:19:58.0921 3376 StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:19:58.0921 3376 StarOpen - detected UnsignedFile.Multi.Generic (1)
19:19:58.0968 3376 Steam Client Service - ok
19:19:59.0000 3376 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:19:59.0062 3376 stisvc - ok
19:19:59.0078 3376 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:19:59.0156 3376 swenum - ok
19:19:59.0156 3376 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:19:59.0234 3376 swmidi - ok
19:19:59.0234 3376 SwPrv - ok
19:19:59.0250 3376 symc810 - ok
19:19:59.0250 3376 symc8xx - ok
19:19:59.0250 3376 sym_hi - ok
19:19:59.0265 3376 sym_u3 - ok
19:19:59.0265 3376 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:19:59.0328 3376 sysaudio - ok
19:19:59.0359 3376 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:19:59.0437 3376 SysmonLog - ok
19:19:59.0468 3376 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:19:59.0531 3376 TapiSrv - ok
19:19:59.0562 3376 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:19:59.0593 3376 Tcpip - ok
19:19:59.0625 3376 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:19:59.0687 3376 TDPIPE - ok
19:19:59.0703 3376 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:19:59.0781 3376 TDTCP - ok
19:19:59.0812 3376 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:19:59.0875 3376 TermDD - ok
19:19:59.0906 3376 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
19:19:59.0968 3376 TermService - ok
19:20:00.0000 3376 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
19:20:00.0000 3376 Themes - ok
19:20:00.0000 3376 TosIde - ok
19:20:00.0031 3376 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:20:00.0093 3376 TrkWks - ok
19:20:00.0125 3376 [ 7C1367BFF5587CF49C0ED2E664F6EAC0 ] TSMPacket C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
19:20:00.0140 3376 TSMPacket ( UnsignedFile.Multi.Generic ) - warning
19:20:00.0140 3376 TSMPacket - detected UnsignedFile.Multi.Generic (1)
19:20:00.0156 3376 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:20:00.0218 3376 Udfs - ok
19:20:00.0218 3376 ultra - ok
19:20:00.0234 3376 ulxdoi - ok
19:20:00.0265 3376 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:20:00.0343 3376 Update - ok
19:20:00.0375 3376 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:20:00.0453 3376 upnphost - ok
19:20:00.0468 3376 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
19:20:00.0531 3376 UPS - ok
19:20:00.0546 3376 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:20:00.0625 3376 usbaudio - ok
19:20:00.0625 3376 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:20:00.0703 3376 usbccgp - ok
19:20:00.0718 3376 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:20:00.0781 3376 usbehci - ok
19:20:00.0812 3376 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:20:00.0875 3376 usbhub - ok
19:20:00.0890 3376 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:20:00.0953 3376 usbohci - ok
19:20:01.0000 3376 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:20:01.0062 3376 usbscan - ok
19:20:01.0093 3376 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:20:01.0171 3376 USBSTOR - ok
19:20:01.0187 3376 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:20:01.0265 3376 VgaSave - ok
19:20:01.0265 3376 ViaIde - ok
19:20:01.0281 3376 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:20:01.0343 3376 VolSnap - ok
19:20:01.0375 3376 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
19:20:01.0437 3376 VSS - ok
19:20:01.0453 3376 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
19:20:01.0531 3376 W32Time - ok
19:20:01.0546 3376 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:20:01.0625 3376 Wanarp - ok
19:20:01.0625 3376 WDICA - ok
19:20:01.0656 3376 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:20:01.0718 3376 wdmaud - ok
19:20:01.0734 3376 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:20:01.0828 3376 WebClient - ok
19:20:01.0875 3376 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:20:01.0953 3376 winmgmt - ok
19:20:01.0984 3376 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:20:01.0984 3376 WmdmPmSN - ok
19:20:02.0015 3376 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:20:02.0078 3376 WmiAcpi - ok
19:20:02.0109 3376 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:20:02.0171 3376 WmiApSrv - ok
19:20:02.0218 3376 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
19:20:02.0250 3376 WMPNetworkSvc - ok
19:20:02.0296 3376 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:20:02.0312 3376 WpdUsb - ok
19:20:02.0375 3376 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:20:02.0406 3376 WPFFontCache_v0400 - ok
19:20:02.0468 3376 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:20:02.0546 3376 wscsvc - ok
19:20:02.0562 3376 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:20:02.0640 3376 wuauserv - ok
19:20:02.0687 3376 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:20:02.0703 3376 WudfPf - ok
19:20:02.0718 3376 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:20:02.0734 3376 WudfRd - ok
19:20:02.0750 3376 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:20:02.0765 3376 WudfSvc - ok
19:20:02.0812 3376 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:20:02.0890 3376 WZCSVC - ok
19:20:02.0937 3376 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:20:03.0046 3376 xmlprov - ok
19:20:03.0046 3376 ================ Scan global ===============================
19:20:03.0078 3376 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
19:20:03.0093 3376 [ E9B93B97B1A2965144361F4FD8BD2BEF ] C:\WINDOWS\system32\winsrv.dll
19:20:03.0109 3376 [ E9B93B97B1A2965144361F4FD8BD2BEF ] C:\WINDOWS\system32\winsrv.dll
19:20:03.0125 3376 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
19:20:03.0125 3376 [Global] - ok
19:20:03.0125 3376 ================ Scan MBR ==================================
19:20:03.0156 3376 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
19:20:03.0375 3376 \Device\Harddisk0\DR0 - ok
19:20:03.0375 3376 ================ Scan VBR ==================================
19:20:03.0390 3376 [ C8D7B99A2DC7262BB12A81DE1D8F36B4 ] \Device\Harddisk0\DR0\Partition1
19:20:03.0390 3376 \Device\Harddisk0\DR0\Partition1 - ok
19:20:03.0406 3376 [ 20536B127602997D5B66EAE209D289A1 ] \Device\Harddisk0\DR0\Partition2
19:20:03.0406 3376 \Device\Harddisk0\DR0\Partition2 - ok
19:20:03.0406 3376 ============================================================
19:20:03.0406 3376 Scan finished
19:20:03.0406 3376 ============================================================
19:20:03.0515 3372 Detected object count: 3
19:20:03.0515 3372 Actual detected object count: 3
19:20:17.0859 3372 RSShutdown ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:17.0859 3372 RSShutdown ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:20:17.0859 3372 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:17.0859 3372 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:20:17.0875 3372 TSMPacket ( UnsignedFile.Multi.Generic ) - skipped by user
19:20:17.0875 3372 TSMPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.09.2012, 20:36
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 15:27
| #25 |
| | Bundespolizei Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 12-09-24.03 - Marc 25.09.2012 16:20:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1341 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Marc\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\IsUn0407.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\ladfGSRCoinst_i386.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-25 bis 2012-09-25 ))))))))))))))))))))))))))))))
.
.
2012-09-24 17:17 . 2012-09-24 17:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 17:47 . 2012-09-23 17:47 -------- d--h--w- c:\windows\PIF
2012-09-23 07:52 . 2012-09-23 07:52 -------- d-----w- C:\_OTL
2012-09-18 17:09 . 2012-09-18 17:09 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2012-09-17 15:08 . 2012-09-17 15:08 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\VDownloader
2012-09-17 15:08 . 2012-09-17 15:08 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\VDownloader
2012-09-16 14:45 . 2012-09-16 14:45 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Avira
2012-09-16 14:44 . 2012-09-16 14:44 -------- d-----w- c:\programme\ESET
2012-09-14 17:22 . 2012-09-14 18:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-09-14 16:20 . 2012-09-14 16:20 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Winamp
2012-09-14 16:19 . 2012-09-14 16:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Temp
2012-09-14 16:19 . 2012-09-14 16:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-09-14 15:16 . 2012-09-23 16:58 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2012-08-31 15:35 . 2012-08-31 15:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 11:39 . 2012-04-01 10:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-09 11:39 . 2011-05-16 11:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-02-23 12:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 15:01 . 2012-08-25 15:01 249856 ------w- c:\windows\Setup1.exe
2012-08-25 15:01 . 2012-08-25 15:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-09-16 14:12 . 2011-11-29 18:04 3623592 ----a-w- c:\programme\Gemeinsame Dateien\ApnToolbarInstaller.exe
2011-09-16 14:12 . 2011-11-29 18:04 143240 ----a-w- c:\programme\Gemeinsame Dateien\ApnStub.exe
2010-01-26 09:11 . 2011-07-02 10:59 444283 ----a-w- c:\programme\Gemeinsame Dateien\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Launch LCore"="c:\programme\Logitech Gaming Software\LCore.exe" [2011-12-07 4375320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Marc\Startmenü\Programme\Autostart\
CurseClientStartup.ccip [2012-8-31 0]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Marc^Startmenü^Programme^Autostart^CurseClientStartup.ccip]
path=c:\dokumente und einstellungen\Marc\Startmenü\Programme\Autostart\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Marc^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk]
path=c:\dokumente und einstellungen\Marc\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSShutdown]
2004-06-24 15:16 20480 ----a-w- c:\programme\RichiStudios\Shutdown\Autostart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-06-11 10:27 98304 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-14 14:35 1353080 ----a-w- d:\programme\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader]
2012-04-26 15:19 879616 ----a-w- d:\programme\VDownloader\VDownloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 18:05 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Steam Client Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"ImapiService"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Dokumente und Einstellungen\\Marc\\Eigene Dateien\\Downloads\\teamspeak3-server_win32-3.0.0-rc1\\teamspeak3-server_win32\\ts3server_win32.exe"=
"d:\\Programme\\EA Games\\Command & Conquer Die ersten 10 Jahre\\Command & Conquer Red Alert(tm) II\\AR2\\gamemd.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\xcom ufo defense\\dosbox.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\x-com terror from the deep\\runme.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"d:\\Programme\\Atari\\Act of War - Direct Action\\ACTOFWAR.EXE"=
"d:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Dokumente und Einstellungen\\Marc\\Lokale Einstellungen\\Apps\\2.0\\3XY5LNJC.R7Z\\EZC3GQMY.JHX\\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\\CurseClient.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.07.2011 12:16 136360]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [14.09.2012 17:36 399432]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.01.2010 04:09 50704]
R2 RSShutdown;RichiStudios Shutdown;c:\programme\RichiStudios\Shutdown\Service.exe [20.06.2004 19:42 45056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [27.05.2011 16:44 101904]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\drivers\ladfGSCi386.sys [09.05.2012 13:14 378568]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\drivers\ladfGSRi386.sys [09.05.2012 13:14 317384]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [09.05.2012 13:14 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [09.05.2012 13:14 14856]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [23.02.2012 14:35 676936]
S2 ulxdoi;ulxdoi;\??\c:\windows\SYSTEM32\DRIVERS\ulxdoi.sys --> c:\windows\SYSTEM32\DRIVERS\ulxdoi.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01.04.2012 12:03 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.05.2011 11:07 1691480]
S3 cpuz130;cpuz130;\??\c:\dokume~1\Marc\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Marc\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [15.04.2012 11:44 53976]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [15.04.2012 11:44 335064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.02.2012 14:35 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [09.05.2012 15:25 113120]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 RTCore32;RTCore32;c:\programme\MSI Afterburner\RTCore32.sys [31.08.2010 05:04 12088]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys [23.08.2011 20:00 13824]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{991425D3-C670-4C5F-9A54-886648A24C0E}: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\yhusp7mv.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-mxxhfszcgvnupip - c:\windows\mxxhfszc.exe
SafeBoot-69690466.sys
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
AddRemove-UnityWebPlayer - c:\dokumente und einstellungen\Marc\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-25 16:23
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Zeit der Fertigstellung: 2012-09-25 16:24:15
ComboFix-quarantined-files.txt 2012-09-25 14:24
.
Vor Suchlauf: 9.346.695.168 Bytes frei
Nach Suchlauf: 9.307.934.720 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 56F7B8350632508768341E04764CF27F
|
|
25.09.2012, 18:24
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\SYSTEM32\DRIVERS\ulxdoi.sys
Driver::
ulxdoi
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 15:46
| #27 |
| | Bundespolizei Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 12-09-26.01 - Marc 26.09.2012 16:34:47.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1340 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Marc\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Marc\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\SYSTEM32\DRIVERS\ulxdoi.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ULXDOI
-------\Service_ulxdoi
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-26 bis 2012-09-26 ))))))))))))))))))))))))))))))
.
.
2012-09-26 14:27 . 2012-09-26 14:27 -------- d-----w- c:\windows\LastGood.Tmp
2012-09-24 17:17 . 2012-09-24 17:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 17:47 . 2012-09-23 17:47 -------- d--h--w- c:\windows\PIF
2012-09-23 07:52 . 2012-09-23 07:52 -------- d-----w- C:\_OTL
2012-09-18 17:09 . 2012-09-18 17:09 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2012-09-17 15:08 . 2012-09-17 15:08 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\VDownloader
2012-09-17 15:08 . 2012-09-17 15:08 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\VDownloader
2012-09-16 14:45 . 2012-09-16 14:45 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Avira
2012-09-16 14:44 . 2012-09-16 14:44 -------- d-----w- c:\programme\ESET
2012-09-14 17:22 . 2012-09-14 18:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-09-14 16:20 . 2012-09-14 16:20 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Winamp
2012-09-14 16:19 . 2012-09-14 16:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Temp
2012-09-14 16:19 . 2012-09-14 16:19 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
2012-09-14 15:16 . 2012-09-23 16:58 -------- d-----r- c:\dokumente und einstellungen\Administrator\Eigene Dateien
2012-08-31 15:35 . 2012-08-31 15:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 11:39 . 2012-04-01 10:03 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-09 11:39 . 2011-05-16 11:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-02-23 12:35 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 15:01 . 2012-08-25 15:01 249856 ------w- c:\windows\Setup1.exe
2012-08-25 15:01 . 2012-08-25 15:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-09-16 14:12 . 2011-11-29 18:04 3623592 ----a-w- c:\programme\Gemeinsame Dateien\ApnToolbarInstaller.exe
2011-09-16 14:12 . 2011-11-29 18:04 143240 ----a-w- c:\programme\Gemeinsame Dateien\ApnStub.exe
2010-01-26 09:11 . 2011-07-02 10:59 444283 ----a-w- c:\programme\Gemeinsame Dateien\WinPcapNmap.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-07 13891176]
"RTHDCPL"="RTHDCPL.EXE" [2011-04-14 20053608]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 106544]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Launch LCore"="c:\programme\Logitech Gaming Software\LCore.exe" [2011-12-07 4375320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Marc\Startmenü\Programme\Autostart\
CurseClientStartup.ccip [2012-8-31 0]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Marc^Startmenü^Programme^Autostart^CurseClientStartup.ccip]
path=c:\dokumente und einstellungen\Marc\Startmenü\Programme\Autostart\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Marc^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk]
path=c:\dokumente und einstellungen\Marc\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:52 1695232 ------w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSShutdown]
2004-06-24 15:16 20480 ----a-w- c:\programme\RichiStudios\Shutdown\Autostart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-06-11 10:27 98304 ----a-w- c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-14 14:35 1353080 ----a-w- d:\programme\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader]
2012-04-26 15:19 879616 ----a-w- d:\programme\VDownloader\VDownloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 18:05 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Steam Client Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"ImapiService"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"d:\\Programme\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Dokumente und Einstellungen\\Marc\\Eigene Dateien\\Downloads\\teamspeak3-server_win32-3.0.0-rc1\\teamspeak3-server_win32\\ts3server_win32.exe"=
"d:\\Programme\\EA Games\\Command & Conquer Die ersten 10 Jahre\\Command & Conquer Red Alert(tm) II\\AR2\\gamemd.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\xcom ufo defense\\dosbox.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\x-com terror from the deep\\runme.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=
"d:\\Programme\\Atari\\Act of War - Direct Action\\ACTOFWAR.EXE"=
"d:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\Programme\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.1040\\Agent.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
"d:\\Programme\\Steam\\SteamApps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Dokumente und Einstellungen\\Marc\\Lokale Einstellungen\\Apps\\2.0\\3XY5LNJC.R7Z\\EZC3GQMY.JHX\\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\\CurseClient.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.07.2011 12:16 136360]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [14.09.2012 17:36 399432]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [23.02.2012 14:35 676936]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.01.2010 04:09 50704]
R2 RSShutdown;RichiStudios Shutdown;c:\programme\RichiStudios\Shutdown\Service.exe [20.06.2004 19:42 45056]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [27.05.2011 16:44 101904]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [09.05.2012 13:14 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [09.05.2012 13:14 14856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.02.2012 14:35 22856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01.04.2012 12:03 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.05.2011 11:07 1691480]
S3 cpuz130;cpuz130;\??\c:\dokume~1\Marc\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Marc\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\drivers\ladfGSCi386.sys [09.05.2012 13:14 378568]
S3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [15.04.2012 11:44 53976]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\drivers\ladfGSRi386.sys [09.05.2012 13:14 317384]
S3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [15.04.2012 11:44 335064]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [09.05.2012 15:25 113120]
S3 MSICDSetup;MSICDSetup;\??\e:\cdriver.sys --> e:\CDriver.sys [?]
S3 RTCore32;RTCore32;c:\programme\MSI Afterburner\RTCore32.sys [31.08.2010 05:04 12088]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys [23.08.2011 20:00 13824]
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{991425D3-C670-4C5F-9A54-886648A24C0E}: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Marc\Anwendungsdaten\Mozilla\Firefox\Profiles\yhusp7mv.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-26 16:40
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
d:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\PnkBstrA.exe
c:\programme\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-26 16:42:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-26 14:42
ComboFix2.txt 2012-09-25 14:24
.
Vor Suchlauf: 9.590.235.136 Bytes frei
Nach Suchlauf: 9.537.224.704 Bytes frei
.
- - End Of File - - 7023F21D1C6877C85A84EF6B1EC121B8
|
|
26.09.2012, 16:35
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.09.2012, 19:32
| #29 |
| | Bundespolizei Trojaner OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:44:48 on 26.09.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\WINDOWS\system32\ac3filter.cpl "directx.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\directx.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "quicktime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\quicktime.cpl "startup.cpl" - ? - C:\WINDOWS\system32\startup.cpl (File found, but it contains no detailed information) "tweakui.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\tweakui.cpl "vp6dec_settings.cpl" - ? - C:\WINDOWS\system32\vp6dec_settings.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "cpuz130" (cpuz130) - ? - C:\DOKUME~1\Marc\LOKALE~1\Temp\cpuz130\cpuz_x32.sys (File not found) "DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys "dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - ? - C:\WINDOWS\System32\Drivers\dsltestSp5.sys (File not found) "G35 DHP2 Filter Driver" (LADF_DHP2) - "Logitech" - C:\WINDOWS\System32\DRIVERS\ladfDHP2i386.sys "G35 SBVM Filter Driver" (LADF_SBVM) - "Logitech" - C:\WINDOWS\System32\DRIVERS\ladfSBVMi386.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\DOKUME~1\Marc\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MSICDSetup" (MSICDSetup) - ? - E:\CDriver.sys (File not found) "NetGroup Packet Filter Driver" (npf) - "CACE Technologies, Inc." - C:\WINDOWS\System32\drivers\npf.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "RTCore32" (RTCore32) - ? - C:\Programme\MSI Afterburner\RTCore32.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {4380C993-0C43-4E02-9A7A-0D40B6EA7590} "DefragglerShellExtension Class" - "Piriform Ltd" - C:\Programme\Defraggler\DefragglerShell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - d:\Programme\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {FC11A119-C2F7-46F4-9E32-937ABA26816E} "AMI DicomDir TreeView Control 2.1" - "GE Medical Systems" - C:\WINDOWS\Downloaded Program Files\AmiDicomDirTreeView21.ocx / file://E:\MVIEWER\CdViewer.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "CurseClientStartup.ccip" - ? - C:\Dokumente und Einstellungen\Marc\Startmenü\Programme\Autostart\CurseClientStartup.ccip "desktop.ini" - ? - C:\Dokumente und Einstellungen\Marc\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "Launch LCore" - "Logitech Inc." - C:\Programme\Logitech Gaming Software\LCore.exe /minimized "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "Tweak UI" - "Microsoft Corporation" - RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "NMSAccess" (NMSAccess) - ? - d:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information) "RichiStudios Shutdown" (RSShutdown) - "RichiStudios" - C:\Programme\RichiStudios\Shutdown\service.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-26 19:48:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 MAXTOR_STM3250310AS rev.4.AAA
Running: u4yujykm.exe; Driver: C:\DOKUME~1\Marc\LOKALE~1\Temp\kxlcapob.sys
---- System - GMER 1.0.15 ----
SSDT F7B6DFDC ZwClose
SSDT F7B6DF96 ZwCreateKey
SSDT F7B6DFE6 ZwCreateSection
SSDT F7B6DF8C ZwCreateThread
SSDT F7B6DF9B ZwDeleteKey
SSDT F7B6DFA5 ZwDeleteValueKey
SSDT F7B6DFD7 ZwDuplicateObject
SSDT F7B6DFAA ZwLoadKey
SSDT F7B6DF78 ZwOpenProcess
SSDT F7B6DF7D ZwOpenThread
SSDT F7B6DFB4 ZwReplaceKey
SSDT F7B6DFAF ZwRestoreKey
SSDT F7B6DFEB ZwSetContextThread
SSDT F7B6DFA0 ZwSetValueKey
SSDT F7B6DF87 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF698F000, 0xE5CAE, 0xE8000020]
? C:\ComboFix\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 488376003
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-26 19:50:58
-----------------------------
19:50:58.703 OS Version: Windows 5.1.2600 Service Pack 3
19:50:58.703 Number of processors: 2 586 0x4303
19:50:58.703 ComputerName: MARC-OBEN UserName: Marc
19:50:59.031 Initialize success
19:52:49.140 AVAST engine defs: 12092600
19:53:26.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
19:53:26.218 Disk 0 Vendor: MAXTOR_STM3250310AS 4.AAA Size: 238475MB BusType: 3
19:53:26.234 Disk 0 MBR read successfully
19:53:26.234 Disk 0 MBR scan
19:53:26.265 Disk 0 Windows XP default MBR code
19:53:26.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 89996 MB offset 63
19:53:26.281 Disk 0 Partition - 00 0F Extended LBA 148467 MB offset 184313745
19:53:26.328 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 148467 MB offset 184313808
19:53:26.375 Disk 0 scanning sectors +488376000
19:53:26.406 Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
19:53:26.468 Disk 0 scanning C:\WINDOWS\system32\drivers
19:54:04.468 Service scanning
19:54:17.375 Modules scanning
19:55:15.062 Disk 0 trace - called modules:
19:55:15.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:55:15.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d4fab8]
19:55:15.109 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006d[0x89dd8400]
19:55:15.109 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x89d3d940]
19:55:15.390 AVAST engine scan C:\WINDOWS
19:56:15.500 AVAST engine scan C:\WINDOWS\system32
20:07:23.421 AVAST engine scan C:\WINDOWS\system32\drivers
20:08:45.546 AVAST engine scan C:\Dokumente und Einstellungen\Marc
20:25:31.656 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:28:51.171 Scan finished successfully
20:30:38.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Marc\Desktop\MBR.dat"
20:30:38.796 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Marc\Desktop\aswMBR.txt"
|
|
27.09.2012, 15:26
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei TrojanerCode:
ATTFilter Disk 0 malicious Win32:MBRoot code @ sector 488376003 !
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner |
| adobe, antivir, avira, bho, black, browser, cdburnerxp, down, dsl, explorer, firefox, flash player, fontcache, format, google, helper, home, kaspersky, launch, logfile, mozilla, nvidia, plug-in, realtek, registry, software, temp, tippen, trojaner, trojaner board, windows |
Linear-Darstellung
