| |
| |||||||
Log-Analyse und Auswertung: Werbung in allen BrowsernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.12.2012, 23:39
| #1 |
 |  Werbung in allen Browsern Auf allen Seiten wird Werbung angezeigt (auch doppelt unterstrichene wörter zeigen werbung an) und ich werde oft einfach auf andere Seiten mit Werbung weitergeleitet. Bei der Werbung steht auch: "ads not by this site". Im IE kann ich gar keine Seite mehr öffnen. Wenn ich in Chrome bei Google etwas suche läd die seite oft nur bis zur Hälfte. Habe schon bei Erweiterungen nach Toolbars oder sonstigem geschaut, aber ohne Erfolg. Cookies wurden auch schon gelöscht. Beim laden von Seiten steht oft "verbinde mit d.textsrv.com". defogger gab keine fehlermeldung OTL: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 03.12.2012 23:03:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Daniel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 510,48 Mb Total Physical Memory | 385,05 Mb Available Physical Memory | 75,43% Memory free 1,22 Gb Paging File | 1,05 Gb Available in Paging File | 85,80% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 29,22 Gb Free Space | 74,81% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 22:58:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe PRC - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2008.04.14 06:52:20 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 06:52:20 | 000,247,296 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Services (SafeList) ========== SRV - [2012.12.02 15:01:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.24 22:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cnnctfy2.sys -- (cnnctfy2MP) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.20 22:56:08 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.01.09 05:19:16 | 002,216,064 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2006.07.13 11:33:08 | 000,674,560 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2004.06.21 15:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004.02.24 09:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2004.01.01 23:52:34 | 001,646,720 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) DRV - [2001.08.18 04:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001.08.17 12:28:12 | 000,797,500 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSMT.sys -- (TOSHIBASoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VLC\npvlc.dll (VideoLAN) ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Programme\VLC\npvlc.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: Google Drive = C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2002.08.29 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85B9984C-B09A-4A24-8FFC-79769392A9BC}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Daniel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.09.20 21:06:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.03 22:58:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe [2012.12.03 22:16:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2012.12.03 18:10:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.12.03 18:10:47 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2012.12.02 14:53:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN6 [2012.12.02 14:53:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\MSN6 [2012.12.02 12:57:07 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2012.12.02 12:57:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2012.12.02 02:15:26 | 000,000,000 | ---D | C] -- C:\Programme\Google [2012.11.18 01:25:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\Malwarebytes [2012.11.18 01:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.18 01:25:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.03 23:03:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.03 23:00:44 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\defogger_reenable [2012.12.03 22:59:29 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\esnpgtqi.exe [2012.12.03 22:58:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Daniel\Desktop\OTL.exe [2012.12.03 22:58:25 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Defogger.exe [2012.12.03 22:16:19 | 000,001,769 | ---- | M] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Google Chrome.lnk [2012.12.03 22:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.12.03 16:37:20 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.12.03 16:37:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.03 16:37:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.03 23:00:44 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\defogger_reenable [2012.12.03 22:59:28 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\esnpgtqi.exe [2012.12.03 22:58:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Defogger.exe [2012.12.03 22:16:19 | 000,001,769 | ---- | C] () -- C:\Dokumente und Einstellungen\Daniel\Desktop\Google Chrome.lnk [2012.12.02 15:01:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.12.02 02:15:32 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.12.02 02:15:30 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 17:12:50 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.09.21 14:13:45 | 001,646,720 | R--- | C] () -- C:\WINDOWS\System32\drivers\w22n51.sys [2012.09.21 14:12:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2012.09.21 14:12:49 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2012.09.21 14:12:49 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat [2012.09.20 21:43:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.09.20 21:42:01 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.20 21:32:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.09.20 21:09:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.09.20 21:03:15 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.10.23 17:10:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2008.04.14 06:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.21 15:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net [2012.10.23 17:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Connectify [2012.12.02 12:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software [2012.09.20 21:35:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\toshiba [2012.09.21 00:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Daniel\Anwendungsdaten\WinBatch ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB27722$] -> Error: Cannot create file handle -> Unknown point type < End of report > Extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.12.2012 23:03:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Daniel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
510,48 Mb Total Physical Memory | 385,05 Mb Available Physical Memory | 75,43% Memory free
1,22 Gb Paging File | 1,05 Gb Available in Paging File | 85,80% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 29,22 Gb Free Space | 74,81% Space Free | Partition Type: NTFS
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url [@ = InternetShortcut] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
InternetShortcut [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2987:TCP" = 2987:TCP:*:Enabled:Connectify File Sharing
"67:UDP" = 67:UDP:*:Enabled:Internet Connection Sharing (DHCP Server-In)
"1317:UDP" = 1317:UDP:*:Enabled:Internet Connection Sharing (DHCP Server-In, DS-Shifted)
"68:UDP" = 68:UDP:*:Enabled:Internet Connection Sharing (DHCPv4-In)
"547:UDP" = 547:UDP:*:Enabled:Internet Connection Sharing (DHCPv6-In)
"53:UDP" = 53:UDP:*:Enabled:Internet Connection Sharing (DNS Server-In)
"1303:UDP" = 1303:UDP:*:Enabled:Internet Connection Sharing (DNS Server-In, DS-Shifted)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.524\Agent.exe:*:Enabled:Blizzard Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1267\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1267\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Connectify\Connectify.exe" = C:\Programme\Connectify\Connectify.exe:*:Enabled:Connectify
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Maxthon3\Bin\MxUp.exe" = C:\Programme\Maxthon3\Bin\MxUp.exe:*:Enabled:MxUp
"C:\Programme\Maxthon3\Bin\Maxthon.exe" = C:\Programme\Maxthon3\Bin\Maxthon.exe:*:Enabled:Maxthon
"C:\Programme\Google\Chrome\Application\chrome.exe" = C:\Programme\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Google Chrome" = Google Chrome
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Toshiba Soft Modem" = Toshiba Soft Modem AMR
"VLC media player" = VLC media player 2.0.3
"Windows XP Service Pack" = Windows XP Service Pack 3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.09.2012 16:58:25 | Computer Name = DANIEL-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2800.1106, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2800.1106, Fehleradresse 0x000a6eb5.
Error - 20.09.2012 19:36:51 | Computer Name = DANIEL-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 6.0.2900.2180, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.10.2012 07:06:58 | Computer Name = DANIEL-PC | Source = ConnectifySvc | ID = 0
Description =
[ System Events ]
Error - 03.12.2012 17:51:29 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 17:59:25 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:23 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:23 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:23 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:30 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:31 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:32 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:32 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 03.12.2012 18:02:35 | Computer Name = DANIEL-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
< End of report >
GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-03 23:26:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6025GAS rev.KA200K
Running: esnpgtqi.exe; Driver: C:\DOKUME~1\Daniel\LOKALE~1\Temp\uwlyrpod.sys
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7EC3900]
.Much C:\WINDOWS\System32\DRIVERS\ipsec.sys entry point in ".Much" section [0xB2F83B79]
.Gemsm C:\WINDOWS\System32\DRIVERS\ipsec.sys unknown last section [0xB2F8E000, 0x3126, 0x48000040]
? C:\WINDOWS\System32\DRIVERS\ipsec.sys suspicious PE modification
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) B2FCD000-B2FE0000 (77824 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\WINDOWS\system32\svchost.exe (*** hidden *** ) 2060
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB27722$\248922 0 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369 0 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\L 0 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\L\00000004.@ 804 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\L\201d3dde 187 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\L\4cce1f70 2044 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\L\qohawlks 75264 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\U 0 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\U\00000004.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\U\00000008.@ 232960 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\U\000000cb.@ 1632 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\U\80000000.@ 11776 bytes
File C:\WINDOWS\$NtUninstallKB27722$\2769537369\U\80000032.@ 96256 bytes
---- EOF - GMER 1.0.15 ----
Wäre dankbar für Hilfe. Geändert von hatecore01 (03.12.2012 um 23:57 Uhr) |
|
04.12.2012, 00:06
| #2 |
| /// Malware-holic   | Werbung in allen Browsern hi
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
04.12.2012, 00:12
| #3 |
| | Werbung in allen BrowsernCode:
ATTFilter 00:11:31.0937 0636 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:11:32.0062 0636 ============================================================
00:11:32.0062 0636 Current date / time: 2012/12/04 00:11:32.0062
00:11:32.0062 0636 SystemInfo:
00:11:32.0062 0636
00:11:32.0062 0636 OS Version: 5.1.2600 ServicePack: 3.0
00:11:32.0062 0636 Product type: Workstation
00:11:32.0062 0636 ComputerName: DANIEL-PC
00:11:32.0062 0636 UserName: Daniel
00:11:32.0062 0636 Windows directory: C:\WINDOWS
00:11:32.0062 0636 System windows directory: C:\WINDOWS
00:11:32.0062 0636 Processor architecture: Intel x86
00:11:32.0062 0636 Number of processors: 1
00:11:32.0062 0636 Page size: 0x1000
00:11:32.0062 0636 Boot type: Normal boot
00:11:32.0062 0636 ============================================================
00:11:34.0187 0636 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:11:34.0187 0636 ============================================================
00:11:34.0187 0636 \Device\Harddisk0\DR0:
00:11:34.0187 0636 MBR partitions:
00:11:34.0187 0636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
00:11:34.0203 0636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x4E1EE6A, BlocksNum 0x21A4F55
00:11:34.0203 0636 ============================================================
00:11:34.0250 0636 C: <-> \Device\Harddisk0\DR0\Partition1
00:11:34.0250 0636 ============================================================
00:11:34.0250 0636 Initialize success
00:11:34.0250 0636 ============================================================
00:11:51.0593 2856 ============================================================
00:11:51.0593 2856 Scan started
00:11:51.0593 2856 Mode: Manual; SigCheck; TDLFS;
00:11:51.0593 2856 ============================================================
00:11:52.0062 2856 ================ Scan system memory ========================
00:11:52.0078 2856 System memory - ok
00:11:52.0078 2856 ================ Scan services =============================
00:11:52.0187 2856 Abiosdsk - ok
00:11:52.0187 2856 abp480n5 - ok
00:11:52.0250 2856 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:11:53.0796 2856 ACPI - ok
00:11:53.0859 2856 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:11:54.0046 2856 ACPIEC - ok
00:11:54.0140 2856 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:11:54.0156 2856 AdobeFlashPlayerUpdateSvc - ok
00:11:54.0171 2856 adpu160m - ok
00:11:54.0218 2856 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:11:54.0390 2856 aec - ok
00:11:54.0421 2856 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:11:54.0562 2856 AFD - ok
00:11:54.0593 2856 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:11:54.0734 2856 agp440 - ok
00:11:54.0750 2856 Aha154x - ok
00:11:54.0750 2856 aic78u2 - ok
00:11:54.0765 2856 aic78xx - ok
00:11:54.0812 2856 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
00:11:54.0984 2856 ALCXSENS - ok
00:11:55.0031 2856 [ 5FF6F7E58C798F1474C0BBFFC23CB78D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
00:11:55.0156 2856 ALCXWDM - ok
00:11:55.0234 2856 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:11:55.0375 2856 Alerter - ok
00:11:55.0406 2856 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
00:11:55.0546 2856 ALG - ok
00:11:55.0546 2856 AliIde - ok
00:11:55.0578 2856 amsint - ok
00:11:55.0625 2856 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:11:55.0781 2856 AppMgmt - ok
00:11:55.0812 2856 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:11:55.0953 2856 Arp1394 - ok
00:11:55.0953 2856 asc - ok
00:11:55.0968 2856 asc3350p - ok
00:11:55.0968 2856 asc3550 - ok
00:11:56.0062 2856 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:11:56.0078 2856 aspnet_state - ok
00:11:56.0109 2856 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:11:56.0234 2856 AsyncMac - ok
00:11:56.0265 2856 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:11:56.0406 2856 atapi - ok
00:11:56.0406 2856 Atdisk - ok
00:11:56.0468 2856 [ 5CCA7DF290D82D1048F217E3C6272384 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
00:11:56.0562 2856 Ati HotKey Poller - ok
00:11:56.0640 2856 [ 5E3603E9FBA29E01F5FFC108276B3005 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:11:56.0718 2856 ati2mtag - ok
00:11:56.0765 2856 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:11:56.0906 2856 Atmarpc - ok
00:11:56.0953 2856 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:11:57.0093 2856 AudioSrv - ok
00:11:57.0156 2856 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:11:57.0296 2856 audstub - ok
00:11:57.0343 2856 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:11:57.0484 2856 Beep - ok
00:11:57.0515 2856 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
00:11:57.0656 2856 Browser - ok
00:11:57.0718 2856 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:11:57.0859 2856 cbidf2k - ok
00:11:57.0875 2856 cd20xrnt - ok
00:11:57.0875 2856 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:11:58.0015 2856 Cdaudio - ok
00:11:58.0078 2856 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:11:58.0250 2856 Cdfs - ok
00:11:58.0265 2856 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:11:58.0437 2856 Cdrom - ok
00:11:58.0437 2856 Changer - ok
00:11:58.0515 2856 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:11:58.0656 2856 CiSvc - ok
00:11:58.0671 2856 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:11:58.0781 2856 ClipSrv - ok
00:11:58.0875 2856 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:11:58.0921 2856 clr_optimization_v2.0.50727_32 - ok
00:11:58.0984 2856 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:11:59.0140 2856 CmBatt - ok
00:11:59.0156 2856 CmdIde - ok
00:11:59.0156 2856 cnnctfy2MP - ok
00:11:59.0218 2856 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:11:59.0375 2856 Compbatt - ok
00:11:59.0390 2856 COMSysApp - ok
00:11:59.0406 2856 Cpqarray - ok
00:11:59.0453 2856 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:11:59.0609 2856 CryptSvc - ok
00:11:59.0625 2856 dac2w2k - ok
00:11:59.0625 2856 dac960nt - ok
00:11:59.0828 2856 [ E970C2296916BF4A2F958680016FE312 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:12:00.0109 2856 DcomLaunch - ok
00:12:00.0203 2856 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:12:00.0343 2856 Dhcp - ok
00:12:00.0390 2856 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:12:00.0546 2856 Disk - ok
00:12:00.0546 2856 dmadmin - ok
00:12:00.0812 2856 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:12:01.0000 2856 dmboot - ok
00:12:01.0031 2856 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:12:01.0171 2856 dmio - ok
00:12:01.0203 2856 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:12:01.0343 2856 dmload - ok
00:12:01.0375 2856 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:12:01.0500 2856 dmserver - ok
00:12:01.0546 2856 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:12:01.0671 2856 DMusic - ok
00:12:01.0703 2856 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:12:01.0828 2856 Dnscache - ok
00:12:01.0890 2856 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:12:02.0015 2856 Dot3svc - ok
00:12:02.0031 2856 dpti2o - ok
00:12:02.0062 2856 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:12:02.0203 2856 drmkaud - ok
00:12:02.0218 2856 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:12:02.0359 2856 EapHost - ok
00:12:02.0359 2856 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:12:02.0500 2856 ERSvc - ok
00:12:02.0546 2856 [ 4BB6A83640F1D1792AD21CE767B621C6 ] Eventlog C:\WINDOWS\system32\services.exe
00:12:02.0687 2856 Eventlog - ok
00:12:02.0765 2856 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C ] EventSystem C:\WINDOWS\System32\es.dll
00:12:02.0906 2856 EventSystem - ok
00:12:02.0984 2856 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:12:03.0109 2856 Fastfat - ok
00:12:03.0156 2856 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:12:03.0281 2856 FastUserSwitchingCompatibility - ok
00:12:03.0312 2856 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:12:03.0437 2856 Fdc - ok
00:12:03.0468 2856 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:12:03.0593 2856 Fips - ok
00:12:03.0593 2856 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:12:03.0734 2856 Flpydisk - ok
00:12:03.0781 2856 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:12:03.0906 2856 FltMgr - ok
00:12:04.0000 2856 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:12:04.0015 2856 FontCache3.0.0.0 - ok
00:12:04.0015 2856 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:12:04.0156 2856 Fs_Rec - ok
00:12:04.0171 2856 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:12:04.0312 2856 Ftdisk - ok
00:12:04.0375 2856 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:12:04.0500 2856 Gpc - ok
00:12:04.0625 2856 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
00:12:04.0640 2856 gupdate - ok
00:12:04.0640 2856 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
00:12:04.0656 2856 gupdatem - ok
00:12:04.0750 2856 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:12:04.0875 2856 helpsvc - ok
00:12:04.0890 2856 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
00:12:05.0031 2856 HidServ - ok
00:12:05.0062 2856 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:12:05.0187 2856 HidUsb - ok
00:12:05.0234 2856 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:12:05.0359 2856 hkmsvc - ok
00:12:05.0375 2856 hpn - ok
00:12:05.0437 2856 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:12:05.0593 2856 HTTP - ok
00:12:05.0640 2856 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:12:05.0781 2856 HTTPFilter - ok
00:12:05.0781 2856 i2omgmt - ok
00:12:05.0796 2856 i2omp - ok
00:12:05.0828 2856 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:12:05.0968 2856 i8042prt - ok
00:12:06.0046 2856 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:12:06.0062 2856 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:12:06.0062 2856 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:12:06.0187 2856 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:12:06.0234 2856 idsvc - ok
00:12:06.0281 2856 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:12:06.0390 2856 Imapi - ok
00:12:06.0437 2856 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
00:12:06.0578 2856 ImapiService - ok
00:12:06.0593 2856 ini910u - ok
00:12:06.0625 2856 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:12:06.0765 2856 IntelIde - ok
00:12:06.0796 2856 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:12:06.0921 2856 intelppm - ok
00:12:06.0937 2856 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:12:07.0062 2856 ip6fw - ok
00:12:07.0109 2856 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:12:07.0234 2856 IpFilterDriver - ok
00:12:07.0265 2856 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:12:07.0390 2856 IpInIp - ok
00:12:07.0421 2856 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:12:07.0531 2856 IpNat - ok
00:12:07.0562 2856 [ F44C2C07F3E465F441F890EC104B8CA7 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:12:07.0562 2856 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: F44C2C07F3E465F441F890EC104B8CA7, Fake md5: 23C74D75E36E7158768DD63D92789A91
00:12:07.0562 2856 IPSec ( Virus.Win32.ZAccess.aml ) - infected
00:12:07.0562 2856 IPSec - detected Virus.Win32.ZAccess.aml (0)
00:12:07.0593 2856 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
00:12:07.0718 2856 irda - ok
00:12:07.0750 2856 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:12:07.0875 2856 IRENUM - ok
00:12:07.0906 2856 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
00:12:08.0046 2856 Irmon - ok
00:12:08.0062 2856 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:12:08.0203 2856 isapnp - ok
00:12:08.0281 2856 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
00:12:08.0296 2856 JavaQuickStarterService - ok
00:12:08.0343 2856 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:12:08.0468 2856 Kbdclass - ok
00:12:08.0484 2856 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:12:08.0609 2856 kbdhid - ok
00:12:08.0640 2856 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:12:08.0765 2856 kmixer - ok
00:12:08.0812 2856 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:12:08.0921 2856 KSecDD - ok
00:12:08.0953 2856 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:12:09.0093 2856 lanmanserver - ok
00:12:09.0125 2856 [ C0DB1E9367681ECD7ECCA9615C1D0F9B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:12:09.0265 2856 lanmanworkstation - ok
00:12:09.0265 2856 lbrtfdc - ok
00:12:09.0296 2856 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:12:09.0437 2856 LmHosts - ok
00:12:09.0453 2856 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:12:09.0562 2856 Messenger - ok
00:12:09.0609 2856 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:12:09.0734 2856 mnmdd - ok
00:12:09.0781 2856 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
00:12:09.0890 2856 mnmsrvc - ok
00:12:09.0906 2856 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:12:10.0031 2856 Modem - ok
00:12:10.0062 2856 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:12:10.0171 2856 Mouclass - ok
00:12:10.0203 2856 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:12:10.0359 2856 mouhid - ok
00:12:10.0390 2856 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:12:10.0531 2856 MountMgr - ok
00:12:10.0531 2856 mraid35x - ok
00:12:10.0562 2856 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:12:10.0687 2856 MRxDAV - ok
00:12:10.0750 2856 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:12:10.0921 2856 MRxSmb - ok
00:12:10.0937 2856 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
00:12:11.0062 2856 MSDTC - ok
00:12:11.0078 2856 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:12:11.0187 2856 Msfs - ok
00:12:11.0203 2856 MSIServer - ok
00:12:11.0218 2856 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:12:11.0343 2856 MSKSSRV - ok
00:12:11.0375 2856 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:12:11.0500 2856 MSPCLOCK - ok
00:12:11.0531 2856 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:12:11.0656 2856 MSPQM - ok
00:12:11.0671 2856 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:12:11.0812 2856 mssmbios - ok
00:12:11.0875 2856 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:12:11.0984 2856 Mup - ok
00:12:12.0031 2856 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
00:12:12.0156 2856 napagent - ok
00:12:12.0203 2856 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:12:12.0328 2856 NDIS - ok
00:12:12.0375 2856 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:12:12.0500 2856 NdisTapi - ok
00:12:12.0531 2856 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:12:12.0656 2856 Ndisuio - ok
00:12:12.0671 2856 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:12:12.0796 2856 NdisWan - ok
00:12:12.0796 2856 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:12:12.0937 2856 NDProxy - ok
00:12:12.0937 2856 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:12:13.0078 2856 NetBIOS - ok
00:12:13.0109 2856 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:12:13.0250 2856 NetBT - ok
00:12:13.0296 2856 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
00:12:13.0437 2856 NetDDE - ok
00:12:13.0437 2856 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:12:13.0546 2856 NetDDEdsdm - ok
00:12:13.0593 2856 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
00:12:13.0703 2856 Netlogon - ok
00:12:13.0718 2856 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
00:12:13.0859 2856 Netman - ok
00:12:13.0953 2856 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:12:13.0968 2856 NetTcpPortSharing - ok
00:12:14.0000 2856 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:12:14.0140 2856 NIC1394 - ok
00:12:14.0203 2856 [ F12B9D9A069331877D006CC81B4735F9 ] Nla C:\WINDOWS\System32\mswsock.dll
00:12:14.0375 2856 Nla - ok
00:12:14.0406 2856 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:12:14.0531 2856 Npfs - ok
00:12:14.0593 2856 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:12:14.0765 2856 Ntfs - ok
00:12:14.0796 2856 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
00:12:14.0906 2856 NtLmSsp - ok
00:12:14.0984 2856 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:12:15.0156 2856 NtmsSvc - ok
00:12:15.0171 2856 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:12:15.0296 2856 Null - ok
00:12:15.0312 2856 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:12:15.0468 2856 NwlnkFlt - ok
00:12:15.0468 2856 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:12:15.0593 2856 NwlnkFwd - ok
00:12:15.0625 2856 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:12:15.0750 2856 ohci1394 - ok
00:12:15.0765 2856 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
00:12:15.0890 2856 Parport - ok
00:12:15.0906 2856 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:12:16.0046 2856 PartMgr - ok
00:12:16.0093 2856 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:12:16.0218 2856 ParVdm - ok
00:12:16.0250 2856 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:12:16.0375 2856 PCI - ok
00:12:16.0390 2856 PCIDump - ok
00:12:16.0421 2856 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:12:16.0546 2856 PCIIde - ok
00:12:16.0562 2856 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:12:16.0671 2856 Pcmcia - ok
00:12:16.0671 2856 PDCOMP - ok
00:12:16.0687 2856 PDFRAME - ok
00:12:16.0687 2856 PDRELI - ok
00:12:16.0703 2856 PDRFRAME - ok
00:12:16.0703 2856 perc2 - ok
00:12:16.0718 2856 perc2hib - ok
00:12:16.0765 2856 [ 4BB6A83640F1D1792AD21CE767B621C6 ] PlugPlay C:\WINDOWS\system32\services.exe
00:12:16.0890 2856 PlugPlay - ok
00:12:16.0906 2856 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
00:12:17.0015 2856 PolicyAgent - ok
00:12:17.0046 2856 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:12:17.0171 2856 PptpMiniport - ok
00:12:17.0203 2856 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:12:17.0312 2856 Processor - ok
00:12:17.0328 2856 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:12:17.0437 2856 ProtectedStorage - ok
00:12:17.0453 2856 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:12:17.0593 2856 PSched - ok
00:12:17.0609 2856 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:12:17.0734 2856 Ptilink - ok
00:12:17.0734 2856 ql1080 - ok
00:12:17.0750 2856 Ql10wnt - ok
00:12:17.0750 2856 ql12160 - ok
00:12:17.0765 2856 ql1240 - ok
00:12:17.0765 2856 ql1280 - ok
00:12:17.0796 2856 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:12:17.0937 2856 RasAcd - ok
00:12:18.0000 2856 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:12:18.0125 2856 RasAuto - ok
00:12:18.0171 2856 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:12:18.0250 2856 Rasirda - ok
00:12:18.0265 2856 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:12:18.0390 2856 Rasl2tp - ok
00:12:18.0437 2856 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:12:18.0562 2856 RasMan - ok
00:12:18.0640 2856 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:12:18.0765 2856 RasPppoe - ok
00:12:18.0796 2856 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:12:18.0921 2856 Raspti - ok
00:12:18.0937 2856 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:12:19.0046 2856 Rdbss - ok
00:12:19.0062 2856 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:12:19.0203 2856 RDPCDD - ok
00:12:19.0218 2856 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:12:19.0359 2856 rdpdr - ok
00:12:19.0421 2856 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:12:19.0546 2856 RDPWD - ok
00:12:19.0578 2856 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:12:19.0718 2856 RDSessMgr - ok
00:12:19.0734 2856 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:12:19.0859 2856 redbook - ok
00:12:19.0906 2856 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:12:20.0031 2856 RemoteAccess - ok
00:12:20.0078 2856 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:12:20.0187 2856 RemoteRegistry - ok
00:12:20.0187 2856 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
00:12:20.0343 2856 RpcLocator - ok
00:12:20.0390 2856 [ E970C2296916BF4A2F958680016FE312 ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:12:20.0546 2856 RpcSs - ok
00:12:20.0593 2856 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
00:12:20.0750 2856 RSVP - ok
00:12:20.0781 2856 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:12:20.0890 2856 rtl8139 - ok
00:12:20.0921 2856 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
00:12:21.0031 2856 SamSs - ok
00:12:21.0046 2856 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:12:21.0187 2856 SCardSvr - ok
00:12:21.0234 2856 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:12:21.0359 2856 Schedule - ok
00:12:21.0421 2856 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:12:21.0546 2856 sdbus - ok
00:12:21.0578 2856 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:12:21.0703 2856 Secdrv - ok
00:12:21.0734 2856 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
00:12:21.0859 2856 seclogon - ok
00:12:21.0890 2856 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
00:12:22.0031 2856 SENS - ok
00:12:22.0046 2856 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:12:22.0187 2856 Serial - ok
00:12:22.0234 2856 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:12:22.0375 2856 Sfloppy - ok
00:12:22.0453 2856 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:12:22.0609 2856 SharedAccess - ok
00:12:22.0656 2856 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:12:22.0796 2856 ShellHWDetection - ok
00:12:22.0796 2856 Simbad - ok
00:12:22.0859 2856 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
00:12:22.0937 2856 SMCIRDA - ok
00:12:22.0937 2856 Sparrow - ok
00:12:22.0984 2856 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:12:23.0109 2856 splitter - ok
00:12:23.0156 2856 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:12:23.0296 2856 Spooler - ok
00:12:23.0328 2856 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:12:23.0453 2856 sr - ok
00:12:23.0500 2856 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
00:12:23.0625 2856 srservice - ok
00:12:23.0687 2856 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:12:23.0843 2856 Srv - ok
00:12:23.0875 2856 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:12:24.0015 2856 SSDPSRV - ok
00:12:24.0078 2856 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:12:24.0203 2856 stisvc - ok
00:12:24.0234 2856 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:12:24.0343 2856 swenum - ok
00:12:24.0375 2856 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:12:24.0515 2856 swmidi - ok
00:12:24.0515 2856 SwPrv - ok
00:12:24.0531 2856 symc810 - ok
00:12:24.0531 2856 symc8xx - ok
00:12:24.0546 2856 sym_hi - ok
00:12:24.0546 2856 sym_u3 - ok
00:12:24.0578 2856 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:12:24.0703 2856 sysaudio - ok
00:12:24.0734 2856 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:12:24.0875 2856 SysmonLog - ok
00:12:24.0921 2856 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:12:25.0046 2856 TapiSrv - ok
00:12:25.0093 2856 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:12:25.0218 2856 Tcpip - ok
00:12:25.0265 2856 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:12:25.0390 2856 TDPIPE - ok
00:12:25.0406 2856 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:12:25.0546 2856 TDTCP - ok
00:12:25.0562 2856 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:12:25.0703 2856 TermDD - ok
00:12:25.0765 2856 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
00:12:25.0890 2856 TermService - ok
00:12:25.0937 2856 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINDOWS\System32\shsvcs.dll
00:12:26.0046 2856 Themes - ok
00:12:26.0093 2856 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
00:12:26.0234 2856 TlntSvr - ok
00:12:26.0312 2856 [ E088EE80DD64A7106FBDDC5498CFED2F ] TOSHIBASoftModem C:\WINDOWS\system32\DRIVERS\LTSMT.sys
00:12:26.0531 2856 TOSHIBASoftModem - ok
00:12:26.0546 2856 TosIde - ok
00:12:26.0578 2856 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:12:26.0703 2856 TrkWks - ok
00:12:26.0750 2856 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:12:26.0875 2856 Udfs - ok
00:12:26.0875 2856 ultra - ok
00:12:26.0937 2856 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:12:27.0093 2856 Update - ok
00:12:27.0140 2856 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:12:27.0281 2856 upnphost - ok
00:12:27.0296 2856 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
00:12:27.0437 2856 UPS - ok
00:12:27.0453 2856 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:12:27.0562 2856 usbccgp - ok
00:12:27.0578 2856 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:12:27.0703 2856 usbehci - ok
00:12:27.0718 2856 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:12:27.0843 2856 usbhub - ok
00:12:27.0859 2856 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:12:28.0000 2856 usbohci - ok
00:12:28.0000 2856 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:12:28.0109 2856 usbscan - ok
00:12:28.0140 2856 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:12:28.0250 2856 USBSTOR - ok
00:12:28.0312 2856 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:12:28.0468 2856 usbuhci - ok
00:12:28.0484 2856 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:12:28.0609 2856 VgaSave - ok
00:12:28.0609 2856 ViaIde - ok
00:12:28.0640 2856 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:12:28.0781 2856 VolSnap - ok
00:12:28.0890 2856 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
00:12:29.0015 2856 VSS - ok
00:12:29.0125 2856 [ 4C009D4352849D79BF347846B6E03BFD ] w22n51 C:\WINDOWS\system32\DRIVERS\w22n51.sys
00:12:29.0140 2856 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\w22n51.sys. Real md5: 4C009D4352849D79BF347846B6E03BFD, Fake md5: 4B4FCF70C38A54049207F8A13C0DFE22
00:12:29.0156 2856 w22n51 ( ForgedFile.Multi.Generic ) - warning
00:12:29.0156 2856 w22n51 - detected ForgedFile.Multi.Generic (1)
00:12:29.0328 2856 [ EFFAB2168B92025BF9A028461E029687 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
00:12:29.0515 2856 w29n51 ( UnsignedFile.Multi.Generic ) - warning
00:12:29.0515 2856 w29n51 - detected UnsignedFile.Multi.Generic (1)
00:12:29.0578 2856 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
00:12:29.0718 2856 W32Time - ok
00:12:29.0796 2856 [ 8E5CF571C00C806ED7C08DBB74356646 ] w70n51 C:\WINDOWS\system32\DRIVERS\w70n51.sys
00:12:29.0890 2856 w70n51 - ok
00:12:29.0937 2856 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:12:30.0078 2856 Wanarp - ok
00:12:30.0078 2856 WDICA - ok
00:12:30.0109 2856 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:12:30.0234 2856 wdmaud - ok
00:12:30.0265 2856 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:12:30.0406 2856 WebClient - ok
00:12:30.0468 2856 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:12:30.0593 2856 winmgmt - ok
00:12:30.0656 2856 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
00:12:30.0781 2856 WmdmPmSN - ok
00:12:31.0031 2856 [ 53E1CCF332A2F40B5E08476921CD8B44 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:12:31.0296 2856 Wmi - ok
00:12:31.0375 2856 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:12:31.0531 2856 WmiApSrv - ok
00:12:31.0593 2856 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:12:31.0750 2856 wscsvc - ok
00:12:31.0937 2856 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:12:32.0125 2856 WZCSVC - ok
00:12:32.0218 2856 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:12:32.0375 2856 xmlprov - ok
00:12:32.0390 2856 ================ Scan global ===============================
00:12:32.0421 2856 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
00:12:32.0625 2856 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
00:12:32.0687 2856 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
00:12:32.0734 2856 [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINDOWS\system32\services.exe
00:12:32.0734 2856 [Global] - ok
00:12:32.0734 2856 ================ Scan MBR ==================================
00:12:32.0781 2856 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
00:12:33.0468 2856 \Device\Harddisk0\DR0 - ok
00:12:33.0468 2856 ================ Scan VBR ==================================
00:12:33.0484 2856 [ 72473036F14B8254E9C889753464D1DF ] \Device\Harddisk0\DR0\Partition1
00:12:33.0484 2856 \Device\Harddisk0\DR0\Partition1 - ok
00:12:33.0484 2856 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
00:12:33.0484 2856 \Device\Harddisk0\DR0\Partition2 - ok
00:12:33.0484 2856 ============================================================
00:12:33.0484 2856 Scan finished
00:12:33.0484 2856 ============================================================
00:12:33.0593 3836 Detected object count: 4
00:12:33.0593 3836 Actual detected object count: 4
00:12:44.0093 3836 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:12:44.0093 3836 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:12:44.0093 3836 IPSec ( Virus.Win32.ZAccess.aml ) - skipped by user
00:12:44.0093 3836 IPSec ( Virus.Win32.ZAccess.aml ) - User select action: Skip
00:12:44.0093 3836 w22n51 ( ForgedFile.Multi.Generic ) - skipped by user
00:12:44.0093 3836 w22n51 ( ForgedFile.Multi.Generic ) - User select action: Skip
00:12:44.0093 3836 w29n51 ( UnsignedFile.Multi.Generic ) - skipped by user
00:12:44.0093 3836 w29n51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.12.2012, 00:27
| #4 |
| /// Malware-holic | Werbung in allen Browsern Für diesen fund: ZAccess wähle repair, bzw die vom TDSS killer vorgeschlagene aktion. Konfigurieren, wie oben beschrieben
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 00:31
| #5 |
| | Werbung in allen Browsern Okay und weiter? |
|
04.12.2012, 00:34
| #6 |
| /// Malware-holic | Werbung in allen Browsern Nutzt du den PC für onlinebanking, zum Einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich Wcitigem, wie beruflichem?
__________________ --> Werbung in allen Browsern |
|
04.12.2012, 00:37
| #7 |
| | Werbung in allen Browsern Nein ausschließlich zum Musik hören oder Videos gucken. Facebook hab ich vorsichtshalber nicht mehr genutzt (Passwort war nicht gespeichert). |
|
04.12.2012, 00:46
| #8 |
| /// Malware-holic | Werbung in allen Browsern ok, neustart, neues TDSS killer log erstellen und posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 00:51
| #9 |
| | Werbung in allen BrowsernCode:
ATTFilter 00:49:51.0781 2500 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:49:52.0000 2500 ============================================================
00:49:52.0000 2500 Current date / time: 2012/12/04 00:49:52.0000
00:49:52.0000 2500 SystemInfo:
00:49:52.0000 2500
00:49:52.0000 2500 OS Version: 5.1.2600 ServicePack: 3.0
00:49:52.0000 2500 Product type: Workstation
00:49:52.0000 2500 ComputerName: DANIEL-PC
00:49:52.0000 2500 UserName: Daniel
00:49:52.0000 2500 Windows directory: C:\WINDOWS
00:49:52.0000 2500 System windows directory: C:\WINDOWS
00:49:52.0000 2500 Processor architecture: Intel x86
00:49:52.0000 2500 Number of processors: 1
00:49:52.0000 2500 Page size: 0x1000
00:49:52.0000 2500 Boot type: Normal boot
00:49:52.0000 2500 ============================================================
00:49:53.0343 2500 BG loaded
00:49:53.0625 2500 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:49:53.0625 2500 ============================================================
00:49:53.0625 2500 \Device\Harddisk0\DR0:
00:49:53.0625 2500 MBR partitions:
00:49:53.0625 2500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
00:49:53.0656 2500 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x4E1EE6A, BlocksNum 0x21A4F55
00:49:53.0656 2500 ============================================================
00:49:53.0687 2500 C: <-> \Device\Harddisk0\DR0\Partition1
00:49:53.0687 2500 ============================================================
00:49:53.0687 2500 Initialize success
00:49:53.0687 2500 ============================================================
00:49:57.0578 2524 ============================================================
00:49:57.0578 2524 Scan started
00:49:57.0578 2524 Mode: Manual; SigCheck; TDLFS;
00:49:57.0578 2524 ============================================================
00:49:59.0250 2524 ================ Scan system memory ========================
00:49:59.0250 2524 System memory - ok
00:49:59.0250 2524 ================ Scan services =============================
00:49:59.0390 2524 Abiosdsk - ok
00:49:59.0390 2524 abp480n5 - ok
00:49:59.0453 2524 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:50:01.0671 2524 ACPI - ok
00:50:01.0718 2524 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:50:01.0890 2524 ACPIEC - ok
00:50:01.0984 2524 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:50:02.0000 2524 AdobeFlashPlayerUpdateSvc - ok
00:50:02.0000 2524 adpu160m - ok
00:50:02.0046 2524 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:50:02.0187 2524 aec - ok
00:50:02.0234 2524 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:50:02.0375 2524 AFD - ok
00:50:02.0390 2524 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:50:02.0515 2524 agp440 - ok
00:50:02.0515 2524 Aha154x - ok
00:50:02.0531 2524 aic78u2 - ok
00:50:02.0531 2524 aic78xx - ok
00:50:02.0593 2524 [ BA88534A3CEB6161E7432438B9EA4F54 ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
00:50:02.0718 2524 ALCXSENS - ok
00:50:02.0781 2524 [ 5FF6F7E58C798F1474C0BBFFC23CB78D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
00:50:02.0921 2524 ALCXWDM - ok
00:50:02.0953 2524 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:50:03.0078 2524 Alerter - ok
00:50:03.0109 2524 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
00:50:03.0250 2524 ALG - ok
00:50:03.0265 2524 AliIde - ok
00:50:03.0265 2524 amsint - ok
00:50:03.0312 2524 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:50:03.0453 2524 AppMgmt - ok
00:50:03.0484 2524 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:50:03.0625 2524 Arp1394 - ok
00:50:03.0625 2524 asc - ok
00:50:03.0625 2524 asc3350p - ok
00:50:03.0640 2524 asc3550 - ok
00:50:03.0734 2524 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:50:03.0750 2524 aspnet_state - ok
00:50:03.0781 2524 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:50:03.0890 2524 AsyncMac - ok
00:50:03.0937 2524 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:50:04.0062 2524 atapi - ok
00:50:04.0062 2524 Atdisk - ok
00:50:04.0140 2524 [ 5CCA7DF290D82D1048F217E3C6272384 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
00:50:04.0218 2524 Ati HotKey Poller - ok
00:50:04.0281 2524 [ 5E3603E9FBA29E01F5FFC108276B3005 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:50:04.0359 2524 ati2mtag - ok
00:50:04.0390 2524 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:50:04.0515 2524 Atmarpc - ok
00:50:04.0578 2524 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:50:04.0734 2524 AudioSrv - ok
00:50:04.0765 2524 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:50:04.0906 2524 audstub - ok
00:50:04.0937 2524 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:50:05.0062 2524 Beep - ok
00:50:05.0093 2524 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
00:50:05.0234 2524 Browser - ok
00:50:05.0281 2524 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:50:05.0421 2524 cbidf2k - ok
00:50:05.0437 2524 cd20xrnt - ok
00:50:05.0437 2524 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:50:05.0578 2524 Cdaudio - ok
00:50:05.0625 2524 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:50:05.0781 2524 Cdfs - ok
00:50:05.0812 2524 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:50:05.0953 2524 Cdrom - ok
00:50:05.0953 2524 Changer - ok
00:50:06.0000 2524 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:50:06.0125 2524 CiSvc - ok
00:50:06.0140 2524 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:50:06.0250 2524 ClipSrv - ok
00:50:06.0312 2524 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:50:06.0328 2524 clr_optimization_v2.0.50727_32 - ok
00:50:06.0343 2524 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:50:06.0453 2524 CmBatt - ok
00:50:06.0453 2524 CmdIde - ok
00:50:06.0468 2524 cnnctfy2MP - ok
00:50:06.0468 2524 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:50:06.0609 2524 Compbatt - ok
00:50:06.0625 2524 COMSysApp - ok
00:50:06.0640 2524 Cpqarray - ok
00:50:06.0656 2524 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:50:06.0796 2524 CryptSvc - ok
00:50:06.0796 2524 dac2w2k - ok
00:50:06.0812 2524 dac960nt - ok
00:50:06.0875 2524 [ E970C2296916BF4A2F958680016FE312 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:50:07.0062 2524 DcomLaunch - ok
00:50:07.0125 2524 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:50:07.0265 2524 Dhcp - ok
00:50:07.0312 2524 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:50:07.0437 2524 Disk - ok
00:50:07.0453 2524 dmadmin - ok
00:50:07.0578 2524 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:50:07.0734 2524 dmboot - ok
00:50:07.0765 2524 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:50:07.0906 2524 dmio - ok
00:50:07.0937 2524 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:50:08.0062 2524 dmload - ok
00:50:08.0093 2524 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:50:08.0218 2524 dmserver - ok
00:50:08.0265 2524 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:50:08.0390 2524 DMusic - ok
00:50:08.0437 2524 [ 8C9ED3B2834AAE63081AB2DA831C6FE9 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:50:08.0546 2524 Dnscache - ok
00:50:08.0625 2524 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:50:08.0765 2524 Dot3svc - ok
00:50:08.0765 2524 dpti2o - ok
00:50:08.0796 2524 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:50:08.0937 2524 drmkaud - ok
00:50:08.0953 2524 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:50:09.0093 2524 EapHost - ok
00:50:09.0125 2524 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:50:09.0265 2524 ERSvc - ok
00:50:09.0312 2524 [ 4BB6A83640F1D1792AD21CE767B621C6 ] Eventlog C:\WINDOWS\system32\services.exe
00:50:09.0453 2524 Eventlog - ok
00:50:09.0500 2524 [ 0F3EDAEE1EF97CF3DB2BE23A7289B78C ] EventSystem C:\WINDOWS\System32\es.dll
00:50:09.0625 2524 EventSystem - ok
00:50:09.0703 2524 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:50:09.0828 2524 Fastfat - ok
00:50:09.0875 2524 [ 40602EBFBE06AA075C8E4560743F6883 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:50:10.0000 2524 FastUserSwitchingCompatibility - ok
00:50:10.0031 2524 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:50:10.0140 2524 Fdc - ok
00:50:10.0156 2524 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:50:10.0281 2524 Fips - ok
00:50:10.0296 2524 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:50:10.0421 2524 Flpydisk - ok
00:50:10.0468 2524 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:50:10.0593 2524 FltMgr - ok
00:50:10.0656 2524 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:50:10.0671 2524 FontCache3.0.0.0 - ok
00:50:10.0671 2524 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:50:10.0812 2524 Fs_Rec - ok
00:50:10.0828 2524 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:50:10.0968 2524 Ftdisk - ok
00:50:11.0015 2524 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:50:11.0156 2524 Gpc - ok
00:50:11.0265 2524 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
00:50:11.0281 2524 gupdate - ok
00:50:11.0296 2524 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
00:50:11.0296 2524 gupdatem - ok
00:50:11.0390 2524 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:50:11.0515 2524 helpsvc - ok
00:50:11.0562 2524 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
00:50:11.0703 2524 HidServ - ok
00:50:11.0718 2524 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:50:11.0859 2524 HidUsb - ok
00:50:11.0890 2524 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:50:12.0015 2524 hkmsvc - ok
00:50:12.0031 2524 hpn - ok
00:50:12.0078 2524 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:50:12.0218 2524 HTTP - ok
00:50:12.0234 2524 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:50:12.0359 2524 HTTPFilter - ok
00:50:12.0375 2524 i2omgmt - ok
00:50:12.0375 2524 i2omp - ok
00:50:12.0406 2524 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:50:12.0546 2524 i8042prt - ok
00:50:12.0640 2524 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:50:12.0640 2524 IDriverT ( UnsignedFile.Multi.Generic ) - warning
00:50:12.0640 2524 IDriverT - detected UnsignedFile.Multi.Generic (1)
00:50:12.0781 2524 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:50:12.0828 2524 idsvc - ok
00:50:12.0859 2524 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:50:12.0968 2524 Imapi - ok
00:50:13.0015 2524 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
00:50:13.0140 2524 ImapiService - ok
00:50:13.0156 2524 ini910u - ok
00:50:13.0187 2524 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:50:13.0312 2524 IntelIde - ok
00:50:13.0343 2524 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:50:13.0484 2524 intelppm - ok
00:50:13.0500 2524 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:50:13.0625 2524 ip6fw - ok
00:50:13.0671 2524 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:50:13.0796 2524 IpFilterDriver - ok
00:50:13.0812 2524 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:50:13.0953 2524 IpInIp - ok
00:50:13.0984 2524 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:50:14.0093 2524 IpNat - ok
00:50:14.0109 2524 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:50:14.0234 2524 IPSec - ok
00:50:14.0281 2524 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
00:50:14.0406 2524 irda - ok
00:50:14.0437 2524 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:50:14.0562 2524 IRENUM - ok
00:50:14.0593 2524 [ 2EFE1DB1EC58A26B0C14BFDA122E246F ] Irmon C:\WINDOWS\System32\irmon.dll
00:50:14.0703 2524 Irmon - ok
00:50:14.0750 2524 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:50:14.0875 2524 isapnp - ok
00:50:14.0953 2524 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
00:50:14.0968 2524 JavaQuickStarterService - ok
00:50:15.0015 2524 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:50:15.0156 2524 Kbdclass - ok
00:50:15.0171 2524 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:50:15.0296 2524 kbdhid - ok
00:50:15.0328 2524 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:50:15.0453 2524 kmixer - ok
00:50:15.0468 2524 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:50:15.0593 2524 KSecDD - ok
00:50:15.0640 2524 [ D6EB4916B203CBE525F8EFF5FD5AB16C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:50:15.0781 2524 lanmanserver - ok
00:50:15.0812 2524 [ C0DB1E9367681ECD7ECCA9615C1D0F9B ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:50:15.0953 2524 lanmanworkstation - ok
00:50:15.0953 2524 lbrtfdc - ok
00:50:16.0000 2524 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:50:16.0125 2524 LmHosts - ok
00:50:16.0156 2524 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:50:16.0265 2524 Messenger - ok
00:50:16.0281 2524 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:50:16.0406 2524 mnmdd - ok
00:50:16.0437 2524 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
00:50:16.0546 2524 mnmsrvc - ok
00:50:16.0578 2524 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:50:16.0703 2524 Modem - ok
00:50:16.0718 2524 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:50:16.0828 2524 Mouclass - ok
00:50:16.0859 2524 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:50:17.0015 2524 mouhid - ok
00:50:17.0062 2524 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:50:17.0203 2524 MountMgr - ok
00:50:17.0203 2524 mraid35x - ok
00:50:17.0218 2524 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:50:17.0359 2524 MRxDAV - ok
00:50:17.0421 2524 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:50:17.0593 2524 MRxSmb - ok
00:50:17.0625 2524 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
00:50:17.0734 2524 MSDTC - ok
00:50:17.0734 2524 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:50:17.0875 2524 Msfs - ok
00:50:17.0875 2524 MSIServer - ok
00:50:17.0906 2524 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:50:18.0015 2524 MSKSSRV - ok
00:50:18.0031 2524 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:50:18.0171 2524 MSPCLOCK - ok
00:50:18.0187 2524 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:50:18.0312 2524 MSPQM - ok
00:50:18.0343 2524 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:50:18.0453 2524 mssmbios - ok
00:50:18.0500 2524 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:50:18.0609 2524 Mup - ok
00:50:18.0656 2524 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
00:50:18.0765 2524 napagent - ok
00:50:18.0812 2524 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:50:18.0937 2524 NDIS - ok
00:50:18.0953 2524 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:50:19.0078 2524 NdisTapi - ok
00:50:19.0109 2524 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:50:19.0234 2524 Ndisuio - ok
00:50:19.0250 2524 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:50:19.0375 2524 NdisWan - ok
00:50:19.0390 2524 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:50:19.0500 2524 NDProxy - ok
00:50:19.0515 2524 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:50:19.0640 2524 NetBIOS - ok
00:50:19.0671 2524 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:50:19.0812 2524 NetBT - ok
00:50:19.0859 2524 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
00:50:19.0984 2524 NetDDE - ok
00:50:20.0000 2524 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:50:20.0109 2524 NetDDEdsdm - ok
00:50:20.0140 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
00:50:20.0250 2524 Netlogon - ok
00:50:20.0281 2524 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
00:50:20.0421 2524 Netman - ok
00:50:20.0515 2524 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:50:20.0515 2524 NetTcpPortSharing - ok
00:50:20.0578 2524 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:50:20.0703 2524 NIC1394 - ok
00:50:20.0781 2524 [ F12B9D9A069331877D006CC81B4735F9 ] Nla C:\WINDOWS\System32\mswsock.dll
00:50:20.0921 2524 Nla - ok
00:50:20.0953 2524 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:50:21.0093 2524 Npfs - ok
00:50:21.0140 2524 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:50:21.0312 2524 Ntfs - ok
00:50:21.0343 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
00:50:21.0453 2524 NtLmSsp - ok
00:50:21.0546 2524 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:50:21.0687 2524 NtmsSvc - ok
00:50:21.0718 2524 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:50:21.0828 2524 Null - ok
00:50:21.0875 2524 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:50:22.0000 2524 NwlnkFlt - ok
00:50:22.0015 2524 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:50:22.0125 2524 NwlnkFwd - ok
00:50:22.0156 2524 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:50:22.0265 2524 ohci1394 - ok
00:50:22.0312 2524 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
00:50:22.0437 2524 Parport - ok
00:50:22.0453 2524 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:50:22.0562 2524 PartMgr - ok
00:50:22.0625 2524 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:50:22.0750 2524 ParVdm - ok
00:50:22.0781 2524 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:50:22.0906 2524 PCI - ok
00:50:22.0921 2524 PCIDump - ok
00:50:22.0937 2524 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:50:23.0062 2524 PCIIde - ok
00:50:23.0078 2524 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:50:23.0187 2524 Pcmcia - ok
00:50:23.0187 2524 PDCOMP - ok
00:50:23.0203 2524 PDFRAME - ok
00:50:23.0203 2524 PDRELI - ok
00:50:23.0218 2524 PDRFRAME - ok
00:50:23.0218 2524 perc2 - ok
00:50:23.0234 2524 perc2hib - ok
00:50:23.0281 2524 [ 4BB6A83640F1D1792AD21CE767B621C6 ] PlugPlay C:\WINDOWS\system32\services.exe
00:50:23.0406 2524 PlugPlay - ok
00:50:23.0421 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
00:50:23.0531 2524 PolicyAgent - ok
00:50:23.0562 2524 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:50:23.0687 2524 PptpMiniport - ok
00:50:23.0718 2524 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
00:50:23.0828 2524 Processor - ok
00:50:23.0843 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:50:23.0953 2524 ProtectedStorage - ok
00:50:23.0953 2524 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:50:24.0078 2524 PSched - ok
00:50:24.0093 2524 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:50:24.0203 2524 Ptilink - ok
00:50:24.0218 2524 ql1080 - ok
00:50:24.0218 2524 Ql10wnt - ok
00:50:24.0234 2524 ql12160 - ok
00:50:24.0234 2524 ql1240 - ok
00:50:24.0250 2524 ql1280 - ok
00:50:24.0265 2524 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:50:24.0406 2524 RasAcd - ok
00:50:24.0468 2524 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:50:24.0609 2524 RasAuto - ok
00:50:24.0640 2524 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:50:24.0718 2524 Rasirda - ok
00:50:24.0734 2524 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:50:24.0859 2524 Rasl2tp - ok
00:50:24.0906 2524 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:50:25.0015 2524 RasMan - ok
00:50:25.0031 2524 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:50:25.0140 2524 RasPppoe - ok
00:50:25.0156 2524 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:50:25.0265 2524 Raspti - ok
00:50:25.0296 2524 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:50:25.0406 2524 Rdbss - ok
00:50:25.0421 2524 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:50:25.0562 2524 RDPCDD - ok
00:50:25.0578 2524 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:50:25.0687 2524 rdpdr - ok
00:50:25.0750 2524 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:50:25.0875 2524 RDPWD - ok
00:50:25.0906 2524 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:50:26.0031 2524 RDSessMgr - ok
00:50:26.0062 2524 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:50:26.0203 2524 redbook - ok
00:50:26.0250 2524 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:50:26.0375 2524 RemoteAccess - ok
00:50:26.0421 2524 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:50:26.0531 2524 RemoteRegistry - ok
00:50:26.0546 2524 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
00:50:26.0687 2524 RpcLocator - ok
00:50:26.0734 2524 [ E970C2296916BF4A2F958680016FE312 ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:50:26.0890 2524 RpcSs - ok
00:50:26.0937 2524 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
00:50:27.0078 2524 RSVP - ok
00:50:27.0125 2524 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:50:27.0234 2524 rtl8139 - ok
00:50:27.0265 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
00:50:27.0375 2524 SamSs - ok
00:50:27.0375 2524 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:50:27.0515 2524 SCardSvr - ok
00:50:27.0562 2524 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:50:27.0703 2524 Schedule - ok
00:50:27.0750 2524 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:50:27.0875 2524 sdbus - ok
00:50:27.0906 2524 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:50:28.0015 2524 Secdrv - ok
00:50:28.0046 2524 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
00:50:28.0156 2524 seclogon - ok
00:50:28.0171 2524 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
00:50:28.0296 2524 SENS - ok
00:50:28.0328 2524 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:50:28.0468 2524 Serial - ok
00:50:28.0500 2524 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:50:28.0640 2524 Sfloppy - ok
00:50:28.0703 2524 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:50:28.0859 2524 SharedAccess - ok
00:50:28.0890 2524 [ 40602EBFBE06AA075C8E4560743F6883 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:50:29.0015 2524 ShellHWDetection - ok
00:50:29.0031 2524 Simbad - ok
00:50:29.0078 2524 [ D03A4CDB1B089E3F6C23501339506E5E ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
00:50:29.0156 2524 SMCIRDA - ok
00:50:29.0156 2524 Sparrow - ok
00:50:29.0187 2524 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:50:29.0312 2524 splitter - ok
00:50:29.0359 2524 [ 39356A9CDB6753A6D13A4072A9F5A4BB ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:50:29.0484 2524 Spooler - ok
00:50:29.0515 2524 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:50:29.0625 2524 sr - ok
00:50:29.0656 2524 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
00:50:29.0765 2524 srservice - ok
00:50:29.0828 2524 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:50:29.0968 2524 Srv - ok
00:50:30.0000 2524 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:50:30.0140 2524 SSDPSRV - ok
00:50:30.0203 2524 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:50:30.0328 2524 stisvc - ok
00:50:30.0343 2524 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:50:30.0468 2524 swenum - ok
00:50:30.0484 2524 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:50:30.0625 2524 swmidi - ok
00:50:30.0625 2524 SwPrv - ok
00:50:30.0640 2524 symc810 - ok
00:50:30.0640 2524 symc8xx - ok
00:50:30.0656 2524 sym_hi - ok
00:50:30.0656 2524 sym_u3 - ok
00:50:30.0687 2524 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:50:30.0812 2524 sysaudio - ok
00:50:30.0843 2524 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:50:30.0984 2524 SysmonLog - ok
00:50:31.0015 2524 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:50:31.0140 2524 TapiSrv - ok
00:50:31.0187 2524 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:50:31.0312 2524 Tcpip - ok
00:50:31.0359 2524 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:50:31.0453 2524 TDPIPE - ok
00:50:31.0484 2524 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:50:31.0609 2524 TDTCP - ok
00:50:31.0640 2524 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:50:31.0781 2524 TermDD - ok
00:50:31.0859 2524 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
00:50:31.0984 2524 TermService - ok
00:50:32.0015 2524 [ 40602EBFBE06AA075C8E4560743F6883 ] Themes C:\WINDOWS\System32\shsvcs.dll
00:50:32.0125 2524 Themes - ok
00:50:32.0156 2524 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
00:50:32.0296 2524 TlntSvr - ok
00:50:32.0390 2524 [ E088EE80DD64A7106FBDDC5498CFED2F ] TOSHIBASoftModem C:\WINDOWS\system32\DRIVERS\LTSMT.sys
00:50:32.0625 2524 TOSHIBASoftModem - ok
00:50:32.0625 2524 TosIde - ok
00:50:32.0656 2524 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:50:32.0765 2524 TrkWks - ok
00:50:32.0812 2524 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:50:32.0937 2524 Udfs - ok
00:50:32.0953 2524 ultra - ok
00:50:33.0000 2524 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:50:33.0171 2524 Update - ok
00:50:33.0218 2524 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:50:33.0359 2524 upnphost - ok
00:50:33.0375 2524 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
00:50:33.0500 2524 UPS - ok
00:50:33.0531 2524 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:50:33.0640 2524 usbccgp - ok
00:50:33.0671 2524 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:50:33.0796 2524 usbehci - ok
00:50:33.0796 2524 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:50:33.0937 2524 usbhub - ok
00:50:33.0968 2524 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:50:34.0093 2524 usbohci - ok
00:50:34.0109 2524 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:50:34.0218 2524 usbscan - ok
00:50:34.0250 2524 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:50:34.0359 2524 USBSTOR - ok
00:50:34.0390 2524 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:50:34.0515 2524 usbuhci - ok
00:50:34.0562 2524 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:50:34.0687 2524 VgaSave - ok
00:50:34.0687 2524 ViaIde - ok
00:50:34.0734 2524 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:50:34.0859 2524 VolSnap - ok
00:50:34.0968 2524 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
00:50:35.0078 2524 VSS - ok
00:50:35.0203 2524 [ 4C009D4352849D79BF347846B6E03BFD ] w22n51 C:\WINDOWS\system32\DRIVERS\w22n51.sys
00:50:35.0218 2524 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\w22n51.sys. Real md5: 4C009D4352849D79BF347846B6E03BFD, Fake md5: 4B4FCF70C38A54049207F8A13C0DFE22
00:50:35.0234 2524 w22n51 ( ForgedFile.Multi.Generic ) - warning
00:50:35.0234 2524 w22n51 - detected ForgedFile.Multi.Generic (1)
00:50:35.0406 2524 [ EFFAB2168B92025BF9A028461E029687 ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
00:50:35.0531 2524 w29n51 ( UnsignedFile.Multi.Generic ) - warning
00:50:35.0531 2524 w29n51 - detected UnsignedFile.Multi.Generic (1)
00:50:35.0671 2524 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
00:50:35.0828 2524 W32Time - ok
00:50:35.0890 2524 [ 8E5CF571C00C806ED7C08DBB74356646 ] w70n51 C:\WINDOWS\system32\DRIVERS\w70n51.sys
00:50:36.0000 2524 w70n51 - ok
00:50:36.0046 2524 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:50:36.0171 2524 Wanarp - ok
00:50:36.0187 2524 WDICA - ok
00:50:36.0203 2524 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:50:36.0328 2524 wdmaud - ok
00:50:36.0359 2524 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:50:36.0484 2524 WebClient - ok
00:50:36.0578 2524 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:50:36.0703 2524 winmgmt - ok
00:50:36.0750 2524 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
00:50:36.0875 2524 WmdmPmSN - ok
00:50:36.0953 2524 [ 53E1CCF332A2F40B5E08476921CD8B44 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:50:37.0125 2524 Wmi - ok
00:50:37.0156 2524 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
00:50:37.0296 2524 WmiApSrv - ok
00:50:37.0328 2524 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:50:37.0484 2524 wscsvc - ok
00:50:37.0546 2524 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:50:37.0718 2524 WZCSVC - ok
00:50:37.0765 2524 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:50:37.0890 2524 xmlprov - ok
00:50:37.0906 2524 ================ Scan global ===============================
00:50:37.0937 2524 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
00:50:38.0000 2524 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
00:50:38.0015 2524 [ 4CD408F799D4A72B0DE1F1116A77A48E ] C:\WINDOWS\system32\winsrv.dll
00:50:38.0046 2524 [ 4BB6A83640F1D1792AD21CE767B621C6 ] C:\WINDOWS\system32\services.exe
00:50:38.0046 2524 [Global] - ok
00:50:38.0046 2524 ================ Scan MBR ==================================
00:50:38.0078 2524 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
00:50:38.0375 2524 \Device\Harddisk0\DR0 - ok
00:50:38.0375 2524 ================ Scan VBR ==================================
00:50:38.0390 2524 [ 72473036F14B8254E9C889753464D1DF ] \Device\Harddisk0\DR0\Partition1
00:50:38.0390 2524 \Device\Harddisk0\DR0\Partition1 - ok
00:50:38.0390 2524 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
00:50:38.0390 2524 \Device\Harddisk0\DR0\Partition2 - ok
00:50:38.0390 2524 ============================================================
00:50:38.0390 2524 Scan finished
00:50:38.0390 2524 ============================================================
00:50:38.0500 2516 Detected object count: 3
00:50:38.0500 2516 Actual detected object count: 3
00:50:45.0437 2516 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:45.0437 2516 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:45.0437 2516 w22n51 ( ForgedFile.Multi.Generic ) - skipped by user
00:50:45.0437 2516 w22n51 ( ForgedFile.Multi.Generic ) - User select action: Skip
00:50:45.0453 2516 w29n51 ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:45.0453 2516 w29n51 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
04.12.2012, 00:53
| #10 |
| /// Malware-holic | Werbung in allen Browsern combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 01:17
| #11 |
| | Werbung in allen BrowsernCode:
ATTFilter ComboFix 12-12-02.01 - Daniel 04.12.2012 1:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.510.350 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Daniel\Eigene Dateien\Downloads\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-04 bis 2012-12-04 ))))))))))))))))))))))))))))))
.
.
2012-12-03 23:31 . 2012-12-03 23:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-03 17:10 . 2012-12-03 17:10 -------- d-----w- c:\programme\7-Zip
2012-12-02 13:53 . 2012-12-02 13:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MSN6
2012-12-02 13:53 . 2012-12-02 13:53 -------- d-----w- c:\dokumente und einstellungen\Daniel\Anwendungsdaten\MSN6
2012-12-02 13:49 . 2012-12-02 13:49 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-02 11:57 . 2012-12-02 13:46 -------- d-----w- c:\programme\Trojan Remover
2012-12-02 11:57 . 2012-12-02 11:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Simply Super Software
2012-12-02 01:15 . 2012-12-03 21:15 -------- d-----w- c:\programme\Google
2012-11-18 16:08 . 2012-12-02 14:01 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 16:08 . 2012-12-02 14:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-18 00:25 . 2012-11-18 00:25 -------- d-----w- c:\dokumente und einstellungen\Daniel\Anwendungsdaten\Malwarebytes
2012-11-18 00:25 . 2012-11-18 00:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-11-18 00:25 . 2012-12-02 13:48 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 23:32 . 2002-08-29 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-09-24 21:16 . 2012-10-22 17:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-20 23:10 . 2012-09-20 23:10 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-20 23:10 . 2012-09-20 23:10 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-20 21:56 . 2012-09-20 21:21 746496 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-09-20 21:56 . 2012-09-20 21:21 2155680 ----a-w- c:\windows\system32\ati3duag.dll
2012-09-20 21:56 . 2012-09-20 21:21 207360 ----a-w- c:\windows\system32\ati2dvag.dll
2012-09-20 21:56 . 2012-09-20 21:21 518240 ----a-w- c:\windows\system32\ativvaxx.dll
2012-09-20 21:56 . 2004-08-30 13:55 6524928 ----a-w- c:\windows\system32\atioglxx.dll
2012-09-20 21:56 . 2004-08-30 13:55 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2012-09-20 21:56 . 2004-08-30 13:55 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-09-20 21:56 . 2004-08-30 13:55 118784 ----a-w- c:\windows\system32\atipdlxx.dll
2012-09-20 21:56 . 2004-08-30 13:55 81920 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-09-20 21:56 . 2004-08-30 13:55 65536 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-09-20 21:56 . 2004-08-30 13:55 294912 ----a-w- c:\windows\system32\atiiiexx.dll
2012-09-20 21:56 . 2004-08-30 13:55 131072 ----a-w- c:\windows\system32\ATIDEMGR.dll
2012-09-20 21:56 . 2004-08-30 13:55 86016 ----a-w- c:\windows\system32\ati2evxx.dll
2012-09-20 21:56 . 2004-08-30 13:55 376832 ----a-w- c:\windows\system32\ati2evxx.exe
2012-09-20 21:56 . 2004-08-30 13:55 30720 ----a-w- c:\windows\system32\ati2edxx.dll
2012-09-20 21:56 . 2012-09-20 21:21 229376 ----a-w- c:\windows\system32\ati2cqag.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.524\\Agent.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2987:TCP"= 2987:TCP:Connectify File Sharing
"67:UDP"= 67:UDP:Internet Connection Sharing (DHCP Server-In)
"1317:UDP"= 1317:UDP:Internet Connection Sharing (DHCP Server-In, DS-Shifted)
"68:UDP"= 68:UDP:Internet Connection Sharing (DHCPv4-In)
"547:UDP"= 547:UDP:Internet Connection Sharing (DHCPv6-In)
"53:UDP"= 53:UDP:Internet Connection Sharing (DNS Server-In)
"1303:UDP"= 1303:UDP:Internet Connection Sharing (DNS Server-In, DS-Shifted)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\DRIVERS\cnnctfy2.sys --> c:\windows\system32\DRIVERS\cnnctfy2.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18 14:01]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-12-02 13:58]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-12-02 13:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>
TCP: DhcpNameServer = 192.168.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-32463407.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-04 01:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Zeit der Fertigstellung: 2012-12-04 01:16:26
ComboFix-quarantined-files.txt 2012-12-04 00:16
.
Vor Suchlauf: 7 Verzeichnis(se), 31.252.152.320 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 31.736.197.120 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 66EC423C5A93F61404D623C4420600C0
|
|
04.12.2012, 14:04
| #12 |
| /// Malware-holic | Werbung in allen Browsern malwarebytes: Downloade Dir bitte Malwarebytes
poste alle Malwarebytes logs, älteren Datums, mit Funden. http://www.trojaner-board.de/125889-...en-posten.html Das Selbe gilt für Trojan Hunter.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 16:07
| #13 |
| | Werbung in allen BrowsernCode:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.04.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Daniel :: DANIEL-PC [Administrator] 04.12.2012 15:26:33 mbam-log-2012-12-04 (16-05-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222517 Laufzeit: 28 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 25 C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP46\A0023832.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP47\A0023871.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP48\A0023885.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP49\A0024885.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP50\A0024908.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP51\A0024923.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP51\A0024936.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP52\A0024945.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP52\A0025267.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP53\A0025445.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP54\A0025490.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP54\A0025504.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP54\A0025524.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP55\A0025554.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP55\A0025582.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP55\A0025609.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP56\A0026609.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP56\A0026630.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP58\A0027179.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP58\A0027504.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\svc0000\tsk0000.dta (Trojan.Agent) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0001.dta (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0006.dta (Rootkit.Zaccess) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0007.dta (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0008.dta (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende)  wird grade nachgeholt |
|
04.12.2012, 16:08
| #14 |
| /// Malware-holic | Werbung in allen Browsern Hast du die Funde entfernen lassen? was ist mit dem trojan hunter log?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.12.2012, 19:43
| #15 |
| | Werbung in allen Browsern so hier nochmal mbam log Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.04.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Daniel :: DANIEL-PC [Administrator] 04.12.2012 16:08:06 mbam-log-2012-12-04 (16-08-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222459 Laufzeit: 28 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 25 C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP46\A0023832.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP47\A0023871.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP48\A0023885.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP49\A0024885.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP50\A0024908.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP51\A0024923.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP51\A0024936.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP52\A0024945.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP52\A0025267.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP53\A0025445.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP54\A0025490.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP54\A0025504.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP54\A0025524.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP55\A0025554.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP55\A0025582.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP55\A0025609.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP56\A0026609.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP56\A0026630.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP58\A0027179.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP58\A0027504.sys (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\svc0000\tsk0000.dta (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0001.dta (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0006.dta (Rootkit.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0007.dta (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.12.2012_00.30.21\rtkt0000\zafs0000\tsk0008.dta (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter TrojanHunter Scan Report - Saved 2012-12-04 20:20
Found malware file: C:\Programme\Toshiba\PCDiag\dialtonetest.exe (Genome.2184)
Found malware file: C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP32\A0018375.EXE (Mabezat.187)
Found malware file: C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP4\A0001094.dll (Theals.105)
Found malware file: C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP4\A0001340.dll (Trafaret.105)
Found malware file: C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP4\A0001754.dll (Trafaret.105)
Found malware file: C:\System Volume Information\_restore{582FFEB4-A09B-402F-9B3D-FBA033F6BBDF}\RP4\A0002639.exe (Theals.105)
Found malware file: C:\WINDOWS\erdnt\cache\winlogon.exe (Bamital.206)
Found malware file: C:\WINDOWS\ServicePackFiles\i386\ulib.dll (AgentZ.815)
Found malware file: C:\WINDOWS\ServicePackFiles\i386\winlogon.exe (Bamital.206)
Found malware file: C:\WINDOWS\system32\ulib.dll (AgentZ.815)
Found malware file: C:\WINDOWS\system32\winlogon.exe (Bamital.206)
Hab noch eine zusätzliche Frage: Ich hab auf meinem E-Mail postfach jeden tag ca. 100 fehlgeschlagene Loginversuche, kann man da was gegen machen außer ein sehr sicheres Passwort zu nehmen? Geändert von hatecore01 (04.12.2012 um 20:21 Uhr) |
|
| Themen zu Werbung in allen Browsern |
| 00000008.@, adobe, ads not by this site, bho, browser, doppelt unterstrichene wörter, einstellungen, error, erweiterungen, firefox, flash player, fontcache, format, google, helper, homepage, iexplore.exe, logfile, plug-in, realtek, registry, rundll, scan, security, software, super, svchost.exe, temp, trojan, udp, unterstrichene wörter, werbung, wörter |
Linear-Darstellung
