| |
| |||||||
Log-Analyse und Auswertung: Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.10.2012, 21:25
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.10.2012, 22:22
| #17 |
 | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit erledigt:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1105802729-3695404880-2023453964-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted
successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
========== FILES ==========
C:\WINDOWS\FixCamera.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\*****\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\*****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: *****
->Temp folder emptied: 1605924 bytes
->Temporary Internet Files folder emptied: 6440033 bytes
->Java cache emptied: 4887967 bytes
->Flash cache emptied: 523 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12041378 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5077027 bytes
User: ****
->Temp folder emptied: 84002803 bytes
->Temporary Internet Files folder emptied: 450682897 bytes
->Java cache emptied: 691693 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4737411 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 544.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10072012_230941
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
08.10.2012, 10:43
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
08.10.2012, 21:04
| #19 |
| | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit erledigt: Code:
ATTFilter 21:58:48.0453 5968 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:58:48.0546 5968 ============================================================
21:58:48.0546 5968 Current date / time: 2012/10/08 21:58:48.0546
21:58:48.0546 5968 SystemInfo:
21:58:48.0546 5968
21:58:48.0546 5968 OS Version: 5.1.2600 ServicePack: 3.0
21:58:48.0546 5968 Product type: Workstation
21:58:48.0546 5968 ComputerName: ***
21:58:48.0546 5968 UserName: *****
21:58:48.0546 5968 Windows directory: C:\WINDOWS
21:58:48.0546 5968 System windows directory: C:\WINDOWS
21:58:48.0546 5968 Processor architecture: Intel x86
21:58:48.0546 5968 Number of processors: 2
21:58:48.0546 5968 Page size: 0x1000
21:58:48.0546 5968 Boot type: Normal boot
21:58:48.0546 5968 ============================================================
21:58:50.0062 5968 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:58:50.0062 5968 ============================================================
21:58:50.0062 5968 \Device\Harddisk0\DR0:
21:58:50.0062 5968 MBR partitions:
21:58:50.0062 5968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x11FE48A7
21:58:50.0093 5968 ============================================================
21:58:50.0140 5968 C: <-> \Device\Harddisk0\DR0\Partition1
21:58:50.0140 5968 ============================================================
21:58:50.0140 5968 Initialize success
21:58:50.0140 5968 ============================================================
22:00:18.0375 5880 ============================================================
22:00:18.0375 5880 Scan started
22:00:18.0375 5880 Mode: Manual; SigCheck; TDLFS;
22:00:18.0375 5880 ============================================================
22:00:19.0031 5880 ================ Scan system memory ========================
22:00:21.0515 5880 System memory - ok
22:00:21.0515 5880 ================ Scan services =============================
22:00:21.0640 5880 Abiosdsk - ok
22:00:21.0718 5880 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:00:23.0250 5880 abp480n5 - ok
22:00:23.0296 5880 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:00:23.0703 5880 ACPI - ok
22:00:23.0765 5880 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:00:23.0937 5880 ACPIEC - ok
22:00:23.0968 5880 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:00:24.0078 5880 adpu160m - ok
22:00:24.0109 5880 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:00:24.0203 5880 aec - ok
22:00:24.0234 5880 [ 375EB0B97E3950ADEF3633C27A82438B ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:00:24.0265 5880 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:00:24.0265 5880 AegisP - detected UnsignedFile.Multi.Generic (1)
22:00:24.0312 5880 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:00:24.0359 5880 AFD - ok
22:00:24.0390 5880 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:00:24.0500 5880 agp440 - ok
22:00:24.0546 5880 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:00:24.0671 5880 agpCPQ - ok
22:00:24.0718 5880 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:00:24.0765 5880 Aha154x - ok
22:00:24.0796 5880 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:00:24.0937 5880 aic78u2 - ok
22:00:24.0953 5880 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:00:25.0078 5880 aic78xx - ok
22:00:25.0125 5880 [ 3F9F42085AB5B6A55498A539C54575AB ] akshasp C:\WINDOWS\system32\DRIVERS\akshasp.sys
22:00:25.0218 5880 akshasp - ok
22:00:25.0250 5880 [ D2B95315CC47F9230006FDBCBA394D8D ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
22:00:25.0281 5880 aksusb - ok
22:00:25.0328 5880 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:00:25.0437 5880 Alerter - ok
22:00:25.0500 5880 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
22:00:25.0578 5880 ALG - ok
22:00:25.0593 5880 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:00:25.0750 5880 AliIde - ok
22:00:25.0859 5880 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:00:26.0046 5880 alim1541 - ok
22:00:26.0046 5880 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:00:26.0171 5880 amdagp - ok
22:00:26.0171 5880 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:00:26.0218 5880 amsint - ok
22:00:26.0281 5880 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
22:00:26.0312 5880 AntiVirSchedulerService - ok
22:00:26.0312 5880 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
22:00:26.0328 5880 AntiVirService - ok
22:00:26.0359 5880 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:00:26.0390 5880 AntiVirWebService - ok
22:00:26.0421 5880 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:00:26.0437 5880 APPDRV ( UnsignedFile.Multi.Generic ) - warning
22:00:26.0437 5880 APPDRV - detected UnsignedFile.Multi.Generic (1)
22:00:26.0515 5880 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:00:26.0531 5880 Apple Mobile Device - ok
22:00:26.0531 5880 AppMgmt - ok
22:00:26.0562 5880 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:00:26.0671 5880 Arp1394 - ok
22:00:26.0703 5880 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:00:26.0843 5880 asc - ok
22:00:26.0875 5880 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:00:26.0921 5880 asc3350p - ok
22:00:26.0953 5880 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:00:27.0046 5880 asc3550 - ok
22:00:27.0156 5880 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:00:27.0171 5880 aspnet_state - ok
22:00:27.0203 5880 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:00:27.0312 5880 AsyncMac - ok
22:00:27.0328 5880 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:00:27.0437 5880 atapi - ok
22:00:27.0437 5880 Atdisk - ok
22:00:27.0484 5880 [ 3B11BE07AF444314794372AF5D7C9A5A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
22:00:27.0546 5880 Ati HotKey Poller - ok
22:00:27.0625 5880 [ 2573C08729DD52B7B4F18DF1592E0B37 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:00:27.0750 5880 ati2mtag - ok
22:00:27.0781 5880 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:00:27.0937 5880 Atmarpc - ok
22:00:27.0968 5880 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:00:28.0078 5880 AudioSrv - ok
22:00:28.0093 5880 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:00:28.0203 5880 audstub - ok
22:00:28.0218 5880 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:00:28.0265 5880 avgntflt - ok
22:00:28.0296 5880 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:00:28.0312 5880 avipbb - ok
22:00:28.0328 5880 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:00:28.0343 5880 avkmgr - ok
22:00:28.0359 5880 [ 6489310D11971F6BA6C7F49BE0BAF6E0 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:00:28.0406 5880 bcm4sbxp - ok
22:00:28.0421 5880 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:00:28.0515 5880 Beep - ok
22:00:28.0562 5880 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
22:00:28.0796 5880 BITS - ok
22:00:28.0859 5880 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
22:00:28.0875 5880 Bonjour Service - ok
22:00:28.0906 5880 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
22:00:28.0968 5880 Browser - ok
22:00:29.0000 5880 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:00:29.0140 5880 cbidf - ok
22:00:29.0140 5880 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:00:29.0281 5880 cbidf2k - ok
22:00:29.0312 5880 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:00:29.0437 5880 CCDECODE - ok
22:00:29.0453 5880 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:00:29.0500 5880 cd20xrnt - ok
22:00:29.0531 5880 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:00:29.0625 5880 Cdaudio - ok
22:00:29.0656 5880 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:00:29.0765 5880 Cdfs - ok
22:00:29.0796 5880 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:00:29.0906 5880 Cdrom - ok
22:00:29.0921 5880 Changer - ok
22:00:29.0953 5880 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:00:30.0078 5880 CiSvc - ok
22:00:30.0109 5880 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:00:30.0234 5880 ClipSrv - ok
22:00:30.0250 5880 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:30.0265 5880 clr_optimization_v2.0.50727_32 - ok
22:00:30.0296 5880 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:00:30.0406 5880 CmBatt - ok
22:00:30.0437 5880 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:00:30.0546 5880 CmdIde - ok
22:00:30.0546 5880 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:00:30.0656 5880 Compbatt - ok
22:00:30.0656 5880 COMSysApp - ok
22:00:30.0687 5880 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:00:30.0796 5880 Cpqarray - ok
22:00:30.0828 5880 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:00:30.0921 5880 CryptSvc - ok
22:00:30.0968 5880 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:00:31.0062 5880 dac2w2k - ok
22:00:31.0093 5880 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:00:31.0203 5880 dac960nt - ok
22:00:31.0250 5880 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:00:31.0296 5880 DcomLaunch - ok
22:00:31.0328 5880 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:00:31.0437 5880 Dhcp - ok
22:00:31.0453 5880 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:00:31.0546 5880 Disk - ok
22:00:31.0546 5880 dmadmin - ok
22:00:31.0593 5880 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:00:31.0765 5880 dmboot - ok
22:00:31.0812 5880 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:00:31.0921 5880 dmio - ok
22:00:31.0937 5880 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:00:32.0031 5880 dmload - ok
22:00:32.0062 5880 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:00:32.0171 5880 dmserver - ok
22:00:32.0203 5880 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:00:32.0296 5880 DMusic - ok
22:00:32.0328 5880 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:00:32.0437 5880 Dnscache - ok
22:00:32.0484 5880 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:00:32.0593 5880 Dot3svc - ok
22:00:32.0609 5880 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:00:32.0718 5880 dpti2o - ok
22:00:32.0734 5880 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:00:32.0828 5880 drmkaud - ok
22:00:32.0859 5880 [ E814854E6B246CCF498874839AB64D77 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
22:00:32.0890 5880 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
22:00:32.0890 5880 drvmcdb - detected UnsignedFile.Multi.Generic (1)
22:00:32.0890 5880 [ EE83A4EBAE70BC93CF14879D062F548B ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
22:00:32.0906 5880 drvnddm ( UnsignedFile.Multi.Generic ) - warning
22:00:32.0906 5880 drvnddm - detected UnsignedFile.Multi.Generic (1)
22:00:32.0984 5880 [ 2AC2372FFAD9ADC85672CC8E8AE14BE9 ] DSproct C:\Programme\Dell Support\GTAction\triggers\DSproct.sys
22:00:32.0984 5880 DSproct ( UnsignedFile.Multi.Generic ) - warning
22:00:32.0984 5880 DSproct - detected UnsignedFile.Multi.Generic (1)
22:00:33.0015 5880 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:00:33.0140 5880 E100B - ok
22:00:33.0187 5880 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:00:33.0312 5880 EapHost - ok
22:00:33.0328 5880 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:00:33.0453 5880 ERSvc - ok
22:00:33.0500 5880 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
22:00:33.0531 5880 Eventlog - ok
22:00:33.0578 5880 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
22:00:33.0656 5880 EventSystem - ok
22:00:33.0718 5880 [ 788C72B145C75A7EE5F5D6A32542D912 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
22:00:33.0750 5880 EvtEng ( UnsignedFile.Multi.Generic ) - warning
22:00:33.0750 5880 EvtEng - detected UnsignedFile.Multi.Generic (1)
22:00:33.0796 5880 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:00:33.0921 5880 Fastfat - ok
22:00:33.0968 5880 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:00:34.0031 5880 FastUserSwitchingCompatibility - ok
22:00:34.0078 5880 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
22:00:34.0250 5880 Fax - ok
22:00:34.0312 5880 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:00:34.0406 5880 Fdc - ok
22:00:34.0437 5880 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:00:34.0531 5880 Fips - ok
22:00:34.0562 5880 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:00:34.0671 5880 Flpydisk - ok
22:00:34.0718 5880 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:00:34.0812 5880 FltMgr - ok
22:00:34.0875 5880 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:00:34.0890 5880 FontCache3.0.0.0 - ok
22:00:34.0921 5880 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:00:35.0281 5880 Fs_Rec - ok
22:00:35.0312 5880 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:00:35.0421 5880 Ftdisk - ok
22:00:35.0453 5880 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:00:35.0468 5880 GEARAspiWDM - ok
22:00:35.0484 5880 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:00:35.0609 5880 Gpc - ok
22:00:35.0671 5880 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
22:00:35.0687 5880 gupdate - ok
22:00:35.0703 5880 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
22:00:35.0718 5880 gupdatem - ok
22:00:35.0765 5880 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
22:00:35.0781 5880 gusvc - ok
22:00:35.0843 5880 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
22:00:35.0921 5880 Hardlock - ok
22:00:35.0937 5880 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:00:36.0046 5880 HDAudBus - ok
22:00:36.0093 5880 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:00:36.0203 5880 helpsvc - ok
22:00:36.0250 5880 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
22:00:36.0359 5880 HidServ - ok
22:00:36.0375 5880 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:00:36.0484 5880 HidUsb - ok
22:00:36.0531 5880 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:00:36.0625 5880 hkmsvc - ok
22:00:36.0671 5880 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:00:36.0765 5880 hpn - ok
22:00:36.0812 5880 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:00:36.0875 5880 HPZius12 - ok
22:00:36.0953 5880 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
22:00:37.0078 5880 HSF_DPV - ok
22:00:37.0093 5880 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
22:00:37.0140 5880 HSXHWAZL - ok
22:00:37.0171 5880 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:00:37.0218 5880 HTTP - ok
22:00:37.0265 5880 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:00:37.0375 5880 HTTPFilter - ok
22:00:37.0390 5880 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:00:37.0500 5880 i2omgmt - ok
22:00:37.0515 5880 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:00:37.0625 5880 i2omp - ok
22:00:37.0656 5880 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:00:37.0765 5880 i8042prt - ok
22:00:37.0859 5880 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:00:37.0953 5880 idsvc - ok
22:00:37.0968 5880 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:00:38.0078 5880 Imapi - ok
22:00:38.0109 5880 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
22:00:38.0203 5880 ImapiService - ok
22:00:38.0234 5880 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:00:38.0343 5880 ini910u - ok
22:00:38.0375 5880 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:00:38.0484 5880 IntelIde - ok
22:00:38.0500 5880 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:00:38.0625 5880 intelppm - ok
22:00:38.0671 5880 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:00:38.0765 5880 Ip6Fw - ok
22:00:38.0828 5880 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:00:38.0937 5880 IpFilterDriver - ok
22:00:38.0968 5880 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:00:39.0062 5880 IpInIp - ok
22:00:39.0093 5880 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:00:39.0203 5880 IpNat - ok
22:00:39.0250 5880 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
22:00:39.0281 5880 iPod Service - ok
22:00:39.0312 5880 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:00:39.0421 5880 IPSec - ok
22:00:39.0453 5880 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:00:39.0515 5880 IRENUM - ok
22:00:39.0531 5880 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:00:39.0640 5880 isapnp - ok
22:00:39.0734 5880 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
22:00:39.0750 5880 JavaQuickStarterService - ok
22:00:39.0765 5880 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:00:39.0875 5880 Kbdclass - ok
22:00:39.0890 5880 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:00:40.0031 5880 kbdhid - ok
22:00:40.0109 5880 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:00:40.0203 5880 kmixer - ok
22:00:40.0218 5880 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:00:40.0312 5880 KSecDD - ok
22:00:40.0343 5880 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:00:40.0390 5880 lanmanserver - ok
22:00:40.0437 5880 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:00:40.0484 5880 lanmanworkstation - ok
22:00:40.0500 5880 Lavasoft Kernexplorer - ok
22:00:40.0500 5880 Lbd - ok
22:00:40.0531 5880 [ E254E5B2C5227DDBB47D045940A0A559 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
22:00:40.0546 5880 LBeepKE - ok
22:00:40.0546 5880 lbrtfdc - ok
22:00:40.0609 5880 [ 47C12F1A54B5C1B51008D7629C1D4F7B ] LBTServ C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
22:00:40.0625 5880 LBTServ - ok
22:00:40.0656 5880 [ 8B30311241F97B35167AFE68D79E8530 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
22:00:40.0671 5880 LHidFilt - ok
22:00:40.0687 5880 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:00:40.0812 5880 LmHosts - ok
22:00:40.0859 5880 [ 48D7422A6C4EEC886B56AC534CFA3ACF ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
22:00:40.0890 5880 LMouFilt - ok
22:00:40.0953 5880 [ 0B808FF2F17C8396FB2AE202F75AED37 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
22:00:40.0984 5880 LUsbFilt - ok
22:00:41.0031 5880 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:00:41.0062 5880 MBAMProtector - ok
22:00:41.0140 5880 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:00:41.0171 5880 MBAMScheduler - ok
22:00:41.0218 5880 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
22:00:41.0281 5880 MBAMService - ok
22:00:41.0328 5880 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:00:41.0359 5880 mdmxsdk - ok
22:00:41.0390 5880 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:00:41.0562 5880 Messenger - ok
22:00:41.0578 5880 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:00:41.0687 5880 mnmdd - ok
22:00:41.0718 5880 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:00:41.0843 5880 mnmsrvc - ok
22:00:41.0859 5880 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:00:41.0968 5880 Modem - ok
22:00:41.0984 5880 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:00:42.0093 5880 Mouclass - ok
22:00:42.0125 5880 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:00:42.0218 5880 mouhid - ok
22:00:42.0250 5880 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:00:42.0375 5880 MountMgr - ok
22:00:42.0390 5880 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:00:42.0500 5880 mraid35x - ok
22:00:42.0515 5880 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:00:42.0625 5880 MRxDAV - ok
22:00:42.0671 5880 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:00:42.0750 5880 MRxSmb - ok
22:00:42.0781 5880 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:00:42.0890 5880 MSDTC - ok
22:00:42.0921 5880 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:00:43.0031 5880 Msfs - ok
22:00:43.0031 5880 MSIServer - ok
22:00:43.0062 5880 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:00:43.0156 5880 MSKSSRV - ok
22:00:43.0156 5880 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:00:43.0265 5880 MSPCLOCK - ok
22:00:43.0296 5880 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:00:43.0390 5880 MSPQM - ok
22:00:43.0421 5880 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:00:43.0500 5880 mssmbios - ok
22:00:43.0531 5880 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:00:43.0625 5880 MSTEE - ok
22:00:43.0656 5880 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:00:43.0687 5880 Mup - ok
22:00:43.0718 5880 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:00:43.0843 5880 NABTSFEC - ok
22:00:43.0906 5880 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
22:00:44.0031 5880 napagent - ok
22:00:44.0046 5880 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:00:44.0156 5880 NDIS - ok
22:00:44.0203 5880 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:00:44.0296 5880 NdisIP - ok
22:00:44.0343 5880 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:00:44.0390 5880 NdisTapi - ok
22:00:44.0421 5880 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:00:44.0531 5880 Ndisuio - ok
22:00:44.0546 5880 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:00:44.0656 5880 NdisWan - ok
22:00:44.0687 5880 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:00:44.0750 5880 NDProxy - ok
22:00:44.0750 5880 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:00:44.0890 5880 NetBIOS - ok
22:00:44.0906 5880 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:00:45.0031 5880 NetBT - ok
22:00:45.0078 5880 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
22:00:45.0171 5880 NetDDE - ok
22:00:45.0187 5880 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:00:45.0281 5880 NetDDEdsdm - ok
22:00:45.0312 5880 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:00:45.0421 5880 Netlogon - ok
22:00:45.0453 5880 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
22:00:45.0562 5880 Netman - ok
22:00:45.0609 5880 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:45.0625 5880 NetTcpPortSharing - ok
22:00:45.0703 5880 [ 71371ED9086A3D65F43967C89634E9A9 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
22:00:45.0859 5880 NETw3x32 - ok
22:00:45.0875 5880 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:00:45.0984 5880 NIC1394 - ok
22:00:46.0015 5880 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:00:46.0046 5880 Nla - ok
22:00:46.0062 5880 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:00:46.0171 5880 Npfs - ok
22:00:46.0218 5880 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:00:46.0359 5880 Ntfs - ok
22:00:46.0390 5880 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:00:46.0484 5880 NtLmSsp - ok
22:00:46.0515 5880 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:00:46.0640 5880 NtmsSvc - ok
22:00:46.0640 5880 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:00:46.0734 5880 Null - ok
22:00:46.0843 5880 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:00:47.0109 5880 nv - ok
22:00:47.0125 5880 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:00:47.0234 5880 NwlnkFlt - ok
22:00:47.0281 5880 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:00:47.0437 5880 NwlnkFwd - ok
22:00:47.0468 5880 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:00:47.0562 5880 ohci1394 - ok
22:00:47.0593 5880 [ B17228142CEC9B3C222239FD935A37CA ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
22:00:47.0625 5880 omci ( UnsignedFile.Multi.Generic ) - warning
22:00:47.0625 5880 omci - detected UnsignedFile.Multi.Generic (1)
22:00:47.0671 5880 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
22:00:47.0687 5880 ose - ok
22:00:47.0750 5880 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:00:47.0843 5880 Parport - ok
22:00:47.0859 5880 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:00:47.0953 5880 PartMgr - ok
22:00:47.0984 5880 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:00:48.0078 5880 ParVdm - ok
22:00:48.0093 5880 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:00:48.0203 5880 PCI - ok
22:00:48.0203 5880 PCIDump - ok
22:00:48.0218 5880 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:00:48.0312 5880 PCIIde - ok
22:00:48.0359 5880 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:00:48.0453 5880 Pcmcia - ok
22:00:48.0453 5880 PDCOMP - ok
22:00:48.0468 5880 PDFRAME - ok
22:00:48.0468 5880 PDRELI - ok
22:00:48.0468 5880 PDRFRAME - ok
22:00:48.0484 5880 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:00:48.0578 5880 perc2 - ok
22:00:48.0609 5880 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:00:48.0718 5880 perc2hib - ok
22:00:48.0750 5880 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
22:00:48.0765 5880 PlugPlay - ok
22:00:48.0796 5880 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:00:48.0890 5880 PolicyAgent - ok
22:00:48.0921 5880 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:00:49.0015 5880 PptpMiniport - ok
22:00:49.0015 5880 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:00:49.0109 5880 ProtectedStorage - ok
22:00:49.0125 5880 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:00:49.0218 5880 PSched - ok
22:00:49.0234 5880 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:00:49.0343 5880 Ptilink - ok
22:00:49.0375 5880 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:00:49.0390 5880 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:00:49.0390 5880 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:00:49.0421 5880 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:00:49.0515 5880 ql1080 - ok
22:00:49.0531 5880 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:00:49.0640 5880 Ql10wnt - ok
22:00:49.0656 5880 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:00:49.0750 5880 ql12160 - ok
22:00:49.0750 5880 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:00:49.0843 5880 ql1240 - ok
22:00:49.0859 5880 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:00:49.0968 5880 ql1280 - ok
22:00:49.0968 5880 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:00:50.0078 5880 RasAcd - ok
22:00:50.0125 5880 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:00:50.0250 5880 RasAuto - ok
22:00:50.0265 5880 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:00:50.0359 5880 Rasl2tp - ok
22:00:50.0406 5880 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:00:50.0500 5880 RasMan - ok
22:00:50.0515 5880 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:00:50.0609 5880 RasPppoe - ok
22:00:50.0625 5880 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:00:50.0734 5880 Raspti - ok
22:00:50.0750 5880 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:00:50.0843 5880 Rdbss - ok
22:00:50.0843 5880 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:00:50.0953 5880 RDPCDD - ok
22:00:51.0015 5880 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:00:51.0140 5880 rdpdr - ok
22:00:51.0187 5880 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:00:51.0250 5880 RDPWD - ok
22:00:51.0281 5880 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:00:51.0406 5880 RDSessMgr - ok
22:00:51.0421 5880 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:00:51.0515 5880 redbook - ok
22:00:51.0562 5880 [ D8894ACEFE1A607DE7D0E628285BFFF4 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
22:00:51.0578 5880 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
22:00:51.0578 5880 RegSrvc - detected UnsignedFile.Multi.Generic (1)
22:00:51.0609 5880 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:00:51.0734 5880 RemoteAccess - ok
22:00:51.0765 5880 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
22:00:51.0796 5880 rimmptsk - ok
22:00:51.0796 5880 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
22:00:51.0875 5880 rimsptsk - ok
22:00:51.0906 5880 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
22:00:51.0937 5880 rismxdp - ok
22:00:51.0984 5880 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
22:00:52.0093 5880 RpcLocator - ok
22:00:52.0140 5880 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:00:52.0156 5880 RpcSs - ok
22:00:52.0203 5880 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:00:52.0343 5880 RSVP - ok
22:00:52.0406 5880 [ C17C3A529CE14012F9731A6E264C1911 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
22:00:52.0468 5880 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
22:00:52.0468 5880 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
22:00:52.0500 5880 [ DAEF68FC328342D219DE928C8EE610B2 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:00:52.0531 5880 s24trans ( UnsignedFile.Multi.Generic ) - warning
22:00:52.0531 5880 s24trans - detected UnsignedFile.Multi.Generic (1)
22:00:52.0546 5880 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
22:00:52.0703 5880 SamSs - ok
22:00:52.0750 5880 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:00:52.0890 5880 SCardSvr - ok
22:00:52.0906 5880 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:00:53.0015 5880 Schedule - ok
22:00:53.0062 5880 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:00:53.0171 5880 sdbus - ok
22:00:53.0218 5880 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:00:53.0265 5880 Secdrv - ok
22:00:53.0281 5880 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
22:00:53.0390 5880 seclogon - ok
22:00:53.0406 5880 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
22:00:53.0515 5880 SENS - ok
22:00:53.0546 5880 [ 258A999B3C057D05C0CF943A70DD629C ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
22:00:53.0562 5880 Sentinel ( UnsignedFile.Multi.Generic ) - warning
22:00:53.0562 5880 Sentinel - detected UnsignedFile.Multi.Generic (1)
22:00:53.0593 5880 [ DA4FC3DB2CE664F6C74F5FCDF58D2275 ] SentinelProtectionServer C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
22:00:53.0609 5880 SentinelProtectionServer ( UnsignedFile.Multi.Generic ) - warning
22:00:53.0609 5880 SentinelProtectionServer - detected UnsignedFile.Multi.Generic (1)
22:00:53.0640 5880 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:00:53.0734 5880 serenum - ok
22:00:53.0765 5880 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:00:53.0859 5880 Serial - ok
22:00:53.0890 5880 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:00:54.0000 5880 sffdisk - ok
22:00:54.0015 5880 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:00:54.0109 5880 sffp_sd - ok
22:00:54.0140 5880 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:00:54.0250 5880 Sfloppy - ok
22:00:54.0296 5880 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:00:54.0406 5880 SharedAccess - ok
22:00:54.0421 5880 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:00:54.0453 5880 ShellHWDetection - ok
22:00:54.0468 5880 Simbad - ok
22:00:54.0500 5880 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:00:54.0625 5880 sisagp - ok
22:00:54.0656 5880 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
22:00:54.0671 5880 SkypeUpdate - ok
22:00:54.0718 5880 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:00:54.0828 5880 SLIP - ok
22:00:55.0000 5880 [ 704257CA76602E90AF8FC3ECAECEF24C ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
22:00:55.0828 5880 SNP2UVC ( UnsignedFile.Multi.Generic ) - warning
22:00:55.0828 5880 SNP2UVC - detected UnsignedFile.Multi.Generic (1)
22:00:55.0875 5880 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
22:00:56.0062 5880 SONYPVU1 - ok
22:00:56.0093 5880 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:00:56.0156 5880 Sparrow - ok
22:00:56.0171 5880 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:00:56.0281 5880 splitter - ok
22:00:56.0328 5880 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:00:56.0359 5880 Spooler - ok
22:00:56.0375 5880 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:00:56.0421 5880 sr - ok
22:00:56.0453 5880 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
22:00:56.0515 5880 srservice - ok
22:00:56.0562 5880 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:00:56.0593 5880 Srv - ok
22:00:56.0625 5880 [ D7968049BE0ADBB6A57CEE3960320911 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:00:56.0640 5880 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
22:00:56.0640 5880 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
22:00:56.0671 5880 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:00:56.0734 5880 SSDPSRV - ok
22:00:56.0765 5880 [ 6DB0676E502995C59053683817C94286 ] SSIPDDP C:\WINDOWS\system32\Drivers\SSIPDDP.SYS
22:00:56.0781 5880 SSIPDDP ( UnsignedFile.Multi.Generic ) - warning
22:00:56.0781 5880 SSIPDDP - detected UnsignedFile.Multi.Generic (1)
22:00:56.0812 5880 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:00:56.0828 5880 ssmdrv - ok
22:00:56.0875 5880 [ C3FFD65ABFB6441E7606CF74F1155273 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
22:00:56.0890 5880 ssrtln ( UnsignedFile.Multi.Generic ) - warning
22:00:56.0890 5880 ssrtln - detected UnsignedFile.Multi.Generic (1)
22:00:56.0953 5880 [ 3AD78E22210D3FBD9F76DE84A8DF19B5 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
22:00:57.0062 5880 STHDA - ok
22:00:57.0125 5880 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:00:57.0265 5880 stisvc - ok
22:00:57.0312 5880 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:00:57.0468 5880 streamip - ok
22:00:57.0500 5880 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:00:57.0593 5880 swenum - ok
22:00:57.0609 5880 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:00:57.0718 5880 swmidi - ok
22:00:57.0734 5880 SwPrv - ok
22:00:57.0765 5880 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:00:57.0875 5880 symc810 - ok
22:00:57.0906 5880 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:00:58.0031 5880 symc8xx - ok
22:00:58.0031 5880 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:00:58.0125 5880 sym_hi - ok
22:00:58.0125 5880 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:00:58.0234 5880 sym_u3 - ok
22:00:58.0265 5880 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:00:58.0312 5880 SynTP - ok
22:00:58.0328 5880 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:00:58.0437 5880 sysaudio - ok
22:00:58.0484 5880 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:00:58.0578 5880 SysmonLog - ok
22:00:58.0625 5880 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:00:58.0734 5880 TapiSrv - ok
22:00:58.0781 5880 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:00:58.0812 5880 Tcpip - ok
22:00:58.0843 5880 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:00:58.0953 5880 TDPIPE - ok
22:00:58.0984 5880 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:00:59.0078 5880 TDTCP - ok
22:00:59.0109 5880 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:00:59.0218 5880 TermDD - ok
22:00:59.0265 5880 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
22:00:59.0359 5880 TermService - ok
22:00:59.0406 5880 [ 30698355067D07DA5F9EB81132C9FDD6 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
22:00:59.0406 5880 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0406 5880 tfsnboio - detected UnsignedFile.Multi.Generic (1)
22:00:59.0421 5880 [ FB9D825BB4A2ABDF24600F7505050E2B ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
22:00:59.0421 5880 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0421 5880 tfsncofs - detected UnsignedFile.Multi.Generic (1)
22:00:59.0437 5880 [ CAFD8CCA11AA1E8B6D2EA1BA8F70EC33 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
22:00:59.0437 5880 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0437 5880 tfsndrct - detected UnsignedFile.Multi.Generic (1)
22:00:59.0453 5880 [ D4400188782AA797598958969C9657D4 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
22:00:59.0468 5880 tfsndres ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0468 5880 tfsndres - detected UnsignedFile.Multi.Generic (1)
22:00:59.0484 5880 [ B92F67A71CC8176F331B8AA8D9F555AD ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
22:00:59.0515 5880 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0515 5880 tfsnifs - detected UnsignedFile.Multi.Generic (1)
22:00:59.0531 5880 [ 85985FAA9A71E2358FCC2EDEFC2A3C5C ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
22:00:59.0531 5880 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0531 5880 tfsnopio - detected UnsignedFile.Multi.Generic (1)
22:00:59.0546 5880 [ BBA22094F0F7C210567EFDAF11F64495 ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
22:00:59.0562 5880 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0562 5880 tfsnpool - detected UnsignedFile.Multi.Generic (1)
22:00:59.0578 5880 [ 81340BEF80B9811E98CE64611E67E3FF ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
22:00:59.0593 5880 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0593 5880 tfsnudf - detected UnsignedFile.Multi.Generic (1)
22:00:59.0609 5880 [ C035FD116224CCC8325F384776B6A8BB ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
22:00:59.0609 5880 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
22:00:59.0609 5880 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
22:00:59.0625 5880 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:00:59.0640 5880 Themes - ok
22:00:59.0656 5880 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:00:59.0750 5880 TosIde - ok
22:00:59.0781 5880 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:00:59.0906 5880 TrkWks - ok
22:00:59.0937 5880 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:01:00.0093 5880 Udfs - ok
22:01:00.0125 5880 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:01:00.0218 5880 ultra - ok
22:01:00.0250 5880 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:01:00.0406 5880 Update - ok
22:01:00.0437 5880 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:01:00.0515 5880 upnphost - ok
22:01:00.0531 5880 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
22:01:00.0656 5880 UPS - ok
22:01:00.0703 5880 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
22:01:00.0750 5880 USBAAPL - ok
22:01:00.0765 5880 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:01:00.0890 5880 usbaudio - ok
22:01:00.0906 5880 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:01:01.0046 5880 usbccgp - ok
22:01:01.0062 5880 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:01.0203 5880 usbehci - ok
22:01:01.0218 5880 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:01.0328 5880 usbhub - ok
22:01:01.0328 5880 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:01:01.0421 5880 usbprint - ok
22:01:01.0453 5880 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:01.0546 5880 usbscan - ok
22:01:01.0562 5880 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:01.0656 5880 USBSTOR - ok
22:01:01.0671 5880 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:01:01.0781 5880 usbuhci - ok
22:01:01.0812 5880 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:01:01.0937 5880 usbvideo - ok
22:01:02.0000 5880 [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc C:\Programme\MSN Messenger\usnsvc.exe
22:01:02.0015 5880 usnjsvc - ok
22:01:02.0046 5880 [ 94A0CE966C671C74E903487099E818C8 ] VF0470Vid C:\WINDOWS\system32\DRIVERS\V0470Vid.sys
22:01:02.0093 5880 VF0470Vid - ok
22:01:02.0109 5880 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:01:02.0203 5880 VgaSave - ok
22:01:02.0218 5880 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:01:02.0328 5880 viaagp - ok
22:01:02.0343 5880 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:01:02.0453 5880 ViaIde - ok
22:01:02.0468 5880 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:02.0578 5880 VolSnap - ok
22:01:02.0609 5880 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
22:01:02.0671 5880 VSS - ok
22:01:02.0703 5880 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
22:01:02.0812 5880 w32time - ok
22:01:02.0828 5880 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:02.0921 5880 Wanarp - ok
22:01:02.0953 5880 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:01:02.0984 5880 Wdf01000 - ok
22:01:02.0984 5880 WDICA - ok
22:01:03.0015 5880 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:03.0125 5880 wdmaud - ok
22:01:03.0156 5880 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:01:03.0250 5880 WebClient - ok
22:01:03.0296 5880 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
22:01:03.0343 5880 winachsf - ok
22:01:03.0421 5880 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:01:03.0531 5880 winmgmt - ok
22:01:03.0562 5880 [ 22516ED8E0D89323D4E0D9CCC2848819 ] WLANKEEPER C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
22:01:03.0593 5880 WLANKEEPER ( UnsignedFile.Multi.Generic ) - warning
22:01:03.0593 5880 WLANKEEPER - detected UnsignedFile.Multi.Generic (1)
22:01:03.0625 5880 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:01:03.0734 5880 WmdmPmSN - ok
22:01:03.0750 5880 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:01:03.0906 5880 WmiAcpi - ok
22:01:03.0937 5880 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:01:04.0093 5880 WmiApSrv - ok
22:01:04.0203 5880 WPFFontCache_v0400 - ok
22:01:04.0234 5880 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:01:04.0343 5880 WS2IFSL - ok
22:01:04.0359 5880 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:01:04.0468 5880 wscsvc - ok
22:01:04.0500 5880 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:01:04.0609 5880 WSTCODEC - ok
22:01:04.0625 5880 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:01:04.0750 5880 wuauserv - ok
22:01:04.0812 5880 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:01:04.0953 5880 WZCSVC - ok
22:01:05.0015 5880 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:01:05.0312 5880 xmlprov - ok
22:01:05.0328 5880 ================ Scan global ===============================
22:01:05.0359 5880 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
22:01:05.0406 5880 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:01:05.0421 5880 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
22:01:05.0437 5880 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
22:01:05.0437 5880 [Global] - ok
22:01:05.0437 5880 ================ Scan MBR ==================================
22:01:05.0453 5880 [ 5CB90281D1A59B251F6603134774EEC3 ] \Device\Harddisk0\DR0
22:01:05.0843 5880 \Device\Harddisk0\DR0 - ok
22:01:05.0843 5880 ================ Scan VBR ==================================
22:01:05.0843 5880 [ 6C4F968262580C427722D8E8CF3C169B ] \Device\Harddisk0\DR0\Partition1
22:01:05.0843 5880 \Device\Harddisk0\DR0\Partition1 - ok
22:01:05.0843 5880 ============================================================
22:01:05.0843 5880 Scan finished
22:01:05.0843 5880 ============================================================
22:01:05.0953 3984 Detected object count: 27
22:01:05.0953 3984 Actual detected object count: 27
22:02:09.0250 3984 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0250 3984 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0250 3984 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0250 3984 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0250 3984 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0250 3984 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0250 3984 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0250 3984 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0250 3984 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0250 3984 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 omci ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0265 3984 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0265 3984 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 SentinelProtectionServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 SentinelProtectionServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 SNP2UVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 SNP2UVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 SSIPDDP ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 SSIPDDP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0281 3984 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0281 3984 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0296 3984 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0296 3984 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:09.0312 3984 WLANKEEPER ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:09.0312 3984 WLANKEEPER ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von BeniCH (08.10.2012 um 21:16 Uhr) Grund: Namen edtitieren |
|
09.10.2012, 11:41
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 20:00
| #21 |
| | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit erledigt: Code:
ATTFilter ComboFix 12-10-09.01 - ***** 09.10.2012 17:32:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2046.1377 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\*****\Anwendungsdaten\msconfig.ini
c:\dokumente und einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
c:\dokumente und einstellungen\****\Lokale Einstellungen\Anwendungsdaten\assembly\tmp
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\UNWISE.EXE
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-09 bis 2012-10-09 ))))))))))))))))))))))))))))))
.
.
2012-10-07 19:25 . 2012-10-07 19:25 -------- d-----w- C:\_OTL
2012-10-07 19:24 . 2012-10-07 19:24 -------- d-----w- c:\dokumente und einstellungen\*****\Anwendungsdaten\Malwarebytes
2012-10-04 21:22 . 2012-10-04 21:22 -------- d-----w- c:\programme\ESET
2012-10-04 19:46 . 2012-10-04 19:46 -------- d-----w- c:\dokumente und einstellungen\****\Anwendungsdaten\Malwarebytes
2012-10-04 19:45 . 2012-10-04 19:45 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-04 19:45 . 2012-10-04 19:45 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-10-04 19:45 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 15:05 . 2004-08-18 12:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-18 12:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-18 12:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-18 12:05 385024 ----a-w- c:\windows\system32\html.iec
2012-08-26 09:00 . 2012-04-08 07:24 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 09:00 . 2011-05-18 19:50 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\programme\NetWaiting\netwaiting.exe" [2003-09-10 20480]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"IntelZeroConfig"="c:\programme\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\programme\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"CTSVolFE.exe"="c:\programme\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"PCMService"="c:\programme\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-07-31 348664]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2007-6-4 24576]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-6-6 809488]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 22:30 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Programme\\cadwork.dir\\Ci_start.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17.10.2011 21:29 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2011 21:29 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [17.10.2011 21:29 465360]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [06.06.2009 18:31 10384]
R2 MBAMScheduler;MBAMScheduler;c:\programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [04.10.2012 21:45 399432]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [04.10.2012 21:45 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04.10.2012 21:45 22856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [21.06.2010 12:14 135664]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 13:28 160944]
S2 SSIPDDP;SSIPDDP: Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [02.07.2007 17:01 55296]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.06.2010 12:14 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [21.12.2009 17:10 146720]
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-10-09 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-21 10:14]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-21 10:14]
.
2012-10-09 c:\windows\Tasks\User_Feed_Synchronization-{26FF4742-0D5D-4233-B5E6-051569C798B4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: In neuer Registerkarte im Hintergrund öffnen - c:\programme\Windows Live Toolbar\Components\de-ch\msntabres.dll.mui/229?d443ef1ae1b04a84b7fabd1062d36d60
IE: In neuer Registerkarte im Vordergrund öffnen - c:\programme\Windows Live Toolbar\Components\de-ch\msntabres.dll.mui/230?d443ef1ae1b04a84b7fabd1062d36d60
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} - hxxp://order.ifolor.ch/GENERAL/LowRes/app_support/1/ActiveX/IfolorUploader_chkr.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-FixCamera - c:\windows\FixCamera.exe
HKLM-Run-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
Notify-WgaLogon - (no file)
AddRemove-Hardlock Gerätetreiber - c:\windows\system32\UNWISE.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-09 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(2344)
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\programme\Intel\Wireless\Bin\WLKeeper.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-09 17:55:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-09 15:55
.
Vor Suchlauf: 13 Verzeichnis(se), 92'104'085'504 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 92'109'795'328 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C4EA329370E232E6052892BE2981DAE0
|
|
09.10.2012, 20:20
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 06:19
| #23 |
| | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit erledigt: Gmer log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-10 06:39:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVS-75RST0 rev.04.01G04
Running: 4mnq1fnc.exe; Driver: C:\DOKUME~1\*****~1\LOKALE~1\Temp\agrdifob.sys
---- System - GMER 1.0.15 ----
SSDT BA76D20C ZwClose
SSDT BA76D1C6 ZwCreateKey
SSDT BA76D216 ZwCreateSection
SSDT BA76D1BC ZwCreateThread
SSDT BA76D1CB ZwDeleteKey
SSDT BA76D1D5 ZwDeleteValueKey
SSDT BA76D207 ZwDuplicateObject
SSDT BA76D1DA ZwLoadKey
SSDT BA76D1A8 ZwOpenProcess
SSDT BA76D1AD ZwOpenThread
SSDT BA76D22F ZwQueryValueKey
SSDT BA76D1E4 ZwReplaceKey
SSDT BA76D220 ZwRequestWaitReplyPort
SSDT BA76D1DF ZwRestoreKey
SSDT BA76D21B ZwSetContextThread
SSDT BA76D225 ZwSetSecurityObject
SSDT BA76D1D0 ZwSetValueKey
SSDT BA76D22A ZwSystemDebugControl
SSDT BA76D1B7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xADC79400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xADD1D620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xADD1D620]
.protectÿÿÿÿhardlockunknown last code section [0xADD1D400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xADD1D400, 0x5126, 0xE0000020]
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? System32\Drivers\hiber_WMILIB.SYS Das System kann den angegebenen Pfad nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 06:47:09 on 10.10.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Auf Updates für Windows Live Toolbar prüfen.job" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\MSNTBUP.EXE "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "stacgui.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\stacgui.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.6.0.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "agrdifob" (agrdifob) - ? - C:\DOKUME~1\*****~1\LOKALE~1\Temp\agrdifob.sys (Hidden registry entry, rootkit activity | File not found) "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys "drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys "DSproct" (DSproct) - "GTek Technologies Ltd." - C:\Programme\Dell Support\GTAction\triggers\DSproct.sys "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys (File not found) "LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\DOKUME~1\*****~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "OMCI WDM Device Driver" (omci) - "Dell Inc" - C:\WINDOWS\System32\DRIVERS\omci.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Sentinel" (Sentinel) - "SafeNet, Inc." - C:\WINDOWS\System32\Drivers\SENTINEL.SYS "sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys "SSIPDDP: Parallel port device driver" (SSIPDDP) - ? - C:\WINDOWS\system32\Drivers\SSIPDDP.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys "tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys "tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys "tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys "tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys "tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys "tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys "tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys "tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys "tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys "USB2.0 PC Camera (SNP2UVC)" (SNP2UVC) - ? - C:\WINDOWS\System32\DRIVERS\snp2uvc.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\msntb.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {48580E34-E37A-454A-8EC4-FC7598B01D77} "IfolorUploader Control" - "Ifolor AG" - C:\WINDOWS\DOWNLO~1\IFOLOR~1.OCX / hxxp://order.ifolor.ch/GENERAL/LowRes/app_support/1/ActiveX/IfolorUploader_chkr.cab {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} "Installation Support" - ? - C:\Programme\Yahoo!\Common\Yinsthelper.dll (File not found) / C:\Programme\Yahoo!\Common\Yinsthelper.dll {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll {77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\msntb.dll <binary data> "Yahoo! Toolbar" - ? - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - ? - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (File not found) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - ? - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (File not found) {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Programme\BAE\BAE.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live Toolbar\msntb.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" - ? - (File not found | COM-object registry key not found) {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Digital Line Detect.lnk" - "BVRP Software" - C:\Programme\Digital Line Detect\DLG.exe (Shortcut exists | File exists) "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ModemOnHold" - ? - C:\Programme\NetWaiting\netwaiting.exe (File found, but it contains no detailed information) "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe "swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "ATICCC" - "ATI Technologies Inc." - "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CTSVolFE.exe" - "Creative Technology Ltd" - "C:\Programme\Creative\Mixer\CTSVolFE.exe" /r "Dell QuickSet" - "Dell Inc" - C:\Programme\Dell\QuickSet\quickset.exe "dla" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswctrl.exe "IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless "IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "PCMService" - "CyberLink Corp." - "C:\Programme\Dell\MediaDirect\PCMService.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "SigmatelSysTrayApp" - "SigmaTel, Inc." - stsystra.exe "snp2uvc" - "Sonix" - C:\WINDOWS\vsnp2uvc.exe "tsnp2uvc" - ? - C:\WINDOWS\tsnp2uvc.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) - "Intel(R) Corporation" - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Sentinel Protection Server" (SentinelProtectionServer) - "SafeNet, Inc" - C:\Programme\Gemeinsame Dateien\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - ? - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (File not found) [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 06:48:00
-----------------------------
06:48:00.328 OS Version: Windows 5.1.2600 Service Pack 3
06:48:00.328 Number of processors: 2 586 0xF02
06:48:00.328 ComputerName: *** UserName:
06:48:00.984 Initialize success
06:50:03.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:50:03.781 Disk 0 Vendor: WDC_WD1600BEVS-75RST0 04.01G04 Size: 152627MB BusType: 3
06:50:03.875 Disk 0 MBR read successfully
06:50:03.875 Disk 0 MBR scan
06:50:03.875 Disk 0 unknown MBR code
06:50:03.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
06:50:03.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147401 MB offset 192780
06:50:03.984 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 302086260
06:50:04.015 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306279225
06:50:04.046 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 302086323
06:50:04.234 Disk 0 scanning sectors +312576705
06:50:04.437 Disk 0 scanning C:\WINDOWS\system32\drivers
06:50:39.468 Service scanning
06:50:51.343 Modules scanning
06:51:37.453 Disk 0 trace - called modules:
06:51:37.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
06:51:37.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6a6ab8]
06:51:37.515 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000070[0x8a6aed18]
06:51:37.515 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a654940]
06:51:37.515 Scan finished successfully
07:09:17.781 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\MBR.dat"
07:09:17.796 The log file has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\aswMBR.txt"
|
|
10.10.2012, 12:36
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 21:12
| #25 |
| | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Hallo. Erst mal ein dickes Dankeschön zwischendurch. Schweiss, Angst, Panik haben deutlich abgenommen, seit du mir hilfts. Ich habe zwei log-Dateien erstellt: eine direkt nach dem Fix, die zweite nach dem Neustart. nach Fix: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 21:45:58
-----------------------------
21:45:58.875 OS Version: Windows 5.1.2600 Service Pack 3
21:45:58.890 Number of processors: 2 586 0xF02
21:45:58.890 ComputerName: *** UserName:
21:45:59.515 Initialize success
21:49:38.906 Verifying
21:49:48.953 Disk 0 Windows 501 MBR fixed successfully
21:50:40.515 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\MBR.dat"
21:50:40.515 The log file has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\aswMBRfix.txt"
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 22:02:09
-----------------------------
22:02:09.546 OS Version: Windows 5.1.2600 Service Pack 3
22:02:09.546 Number of processors: 2 586 0xF02
22:02:09.546 ComputerName: *** UserName:
22:02:10.218 Initialize success
22:02:30.750 The log file has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\aswMBRfix2.txt"
|
|
11.10.2012, 13:34
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Log ist unvollständig oder falsch erstellt, der Fix war aber offensichtlich richtig gemacht worden Bitte mach ein neues Log mit aswMBR richtig
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.10.2012, 21:43
| #27 |
| | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Ich nehme an, das heisst neuer Scan und dann davon das log-File: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-11 22:06:37
-----------------------------
22:06:37.312 OS Version: Windows 5.1.2600 Service Pack 3
22:06:37.312 Number of processors: 2 586 0xF02
22:06:37.312 ComputerName: **** UserName:
22:06:38.062 Initialize success
22:08:36.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:08:36.156 Disk 0 Vendor: WDC_WD1600BEVS-75RST0 04.01G04 Size: 152627MB BusType: 3
22:08:36.187 Disk 0 MBR read successfully
22:08:36.187 Disk 0 MBR scan
22:08:36.187 Disk 0 Windows XP default MBR code
22:08:36.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
22:08:36.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147401 MB offset 192780
22:08:36.203 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 302086260
22:08:36.234 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 306279225
22:08:36.234 Disk 0 Partition 4 00 DD MSDOS5.0 2047 MB offset 302086323
22:08:36.250 Disk 0 scanning sectors +312576705
22:08:36.328 Disk 0 scanning C:\WINDOWS\system32\drivers
22:08:47.859 Service scanning
22:08:59.031 Modules scanning
22:09:05.578 Disk 0 trace - called modules:
22:09:05.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:09:05.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a612ab8]
22:09:05.640 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006f[0x8a69f270]
22:09:05.640 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a614940]
22:09:05.640 Scan finished successfully
22:10:54.140 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\MBR.dat"
22:10:54.156 The log file has been saved successfully to "C:\Dokumente und Einstellungen\*****\Desktop\aswMBR2.txt"
|
|
12.10.2012, 11:53
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 14:35
| #29 |
| | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit erledigt. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.12.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ***** :: *** [administrator] Protection: Enabled 12.10.2012 19:13:46 mbam-log-2012-10-12 (19-13-46).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 320403 Time elapsed: 51 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/12/2012 at 11:27 PM
Application Version : 5.6.1010
Core Rules Database Version : 9396
Trace Rules Database Version: 7208
Scan type : Complete Scan
Total Scan Time : 01:34:10
Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator
Memory items scanned : 778
Memory threats detected : 0
Registry items scanned : 37908
Registry threats detected : 0
File items scanned : 106270
File threats detected : 4
Adware.Tracking Cookie
C:\DOKUMENTE UND EINSTELLUNGEN\****\COOKIES\****@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\DOKUMENTE UND EINSTELLUNGEN\****\COOKIES\****@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\DOKUMENTE UND EINSTELLUNGEN\****\COOKIES\****@ADINTERAX[2].TXT [ /ADINTERAX ]
C:\DOKUMENTE UND EINSTELLUNGEN\****\COOKIES\****@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ]
|
|
13.10.2012, 17:12
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Interpol / Ukash sperrt Benutzerkonto - WindowsXP 32bit |
| anleitung, arbeiten, avira, benutzerkonto, bildschirm, dateien, desktop, einfach, eingefangen, einloggen, folge, folgen, gen, gesperrte benutzerprofile, gmer.log, guten, interpol, login, meldung, modus, nichts, rechner, sperrt, spybot, surfen, threads, ukash, windowsxp |
Linear-Darstellung
