| |
| |||||||
Log-Analyse und Auswertung: Habe ich mir AdWare oder ähnliches eingefangen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.01.2013, 22:57
| #1 |
 |  Habe ich mir AdWare oder ähnliches eingefangen? Hallo Trojanerboard-Team Ich möchte bitte wieder mal gerne eure Hilfe  Und zwar ist in den letzten Tagen mehrmals bei mir während dem Surfen ein PopUp erschienen in welchem ein französischsprachiges Video startet und fürs Geldverdienen wirbt. Klicke ich nun auf x, erscheint eine Einblendung in französischer Sprache in welcher ungefähr gefragt wird "sind Sie sicher dass Sie die Gelegenheit nicht wahrnehmen möchten?" Klicke ich hier nun auf OK, erscheint eine weitere Meldung mit dem ungefähren Text: "Die Seite bittet Sie zu bestätigen, dass Sie sie verlassen möchten". Klicke ich hier nun auf OK, schliesst sich die Seite mit dem Video. Desweiteren benutze ich regelmässig den CCleaner, in dessen Analyse mir öfter angegeben wird das der InternetExplorer ca 20 Dateien im Ordner "Temporary Internet Files" abgelegt hat, von denen bestimmt einige vom Antivir-Update stammen aber ich weis nicht ob alle davon stammen. Ebenfalls wird vom CCleaner öfter angegeben das ca 8 Cookies gespeichert wurden, von denen ich ebenfalls nicht weis, ob und wieviele davon mit dem Antivir-Update im Zusammenhang stehen. Anbei die Logs von OTL und GMER beste Grüsse, LonelySea Code:
ATTFilter OTL logfile created on: 28.01.2013 16:13:50 - Run 5 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,73 Mb Total Physical Memory | 498,78 Mb Available Physical Memory | 48,77% Memory free 2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,30% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 30,24 Gb Free Space | 39,43% Space Free | Partition Type: NTFS Drive E: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.12.08 04:47:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.03.26 14:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.07.27 13:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.06.03 01:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Secunia Update Agent) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (aspnet_state) SRV - [2013.01.19 01:07:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.01.09 00:54:45 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2009.03.26 14:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2011.12.08 23:16:48 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.01.20 15:00:00 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM) DRV - [2004.08.28 13:54:38 | 000,033,995 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf) DRV - [2004.08.04 00:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.04.26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2002.09.20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.19 01:07:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.19 01:07:21 | 000,000,000 | ---D | M] [2009.09.03 21:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.06.29 03:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions [2010.12.19 04:14:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.05.05 00:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions\nostmp [2012.08.24 01:02:11 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions\toolbar@ask.com [2013.01.19 01:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 01:07:34 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.24 23:31:01 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 03:34:00 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.24 23:31:01 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 23:31:01 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 23:31:01 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 23:31:01 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.13 00:19:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCF9E5A-098A-48AB-AA93-5839C80598A3}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.11 23:59:30 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2007.10.04 00:36:21 | 001,528,743 | R--- | M] () - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.08.01 15:00:31 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013.01.28 16:13:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2013.01.19 01:07:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2009.09.04 00:29:38 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll ========== Files - Modified Within 30 Days ========== [2013.01.28 15:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.28 00:31:37 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns [2013.01.28 00:31:37 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns [2013.01.27 21:48:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.27 21:48:36 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys [2013.01.26 03:20:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.14 04:18:47 | 003,060,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\notiz.bmp ========== Files Created - No Company Name ========== [2012.02.18 06:20:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.13 00:07:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011.12.13 00:07:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011.12.13 00:07:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011.12.13 00:07:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011.12.13 00:07:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011.01.26 01:41:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2011.01.25 04:32:15 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2010.12.13 01:21:03 | 000,000,062 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.12.06 00:22:41 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini [2009.10.29 01:41:54 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2009.09.04 00:29:38 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe [2009.09.04 00:29:38 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys [2009.09.03 21:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.15 02:15:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.05.19 23:43:26 | 000,000,482 | ---- | C] () -- C:\WINDOWS\eReg.dat [2009.05.14 02:29:57 | 000,175,104 | ---- | C] () -- C:\WINDOWS\MM_Bahn_V3_Uninstall.exe [2009.04.20 01:37:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI [2009.01.08 22:05:21 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin [2009.01.08 03:56:09 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.12.15 23:28:44 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2002.12.31 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.12.31 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.12.31 13:00:00 | 000,352,428 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2002.12.31 13:00:00 | 000,341,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.12.31 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.12.31 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002.12.31 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.12.31 13:00:00 | 000,063,528 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2002.12.31 13:00:00 | 000,052,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.12.31 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.12.31 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002.12.31 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.12.31 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.12.31 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.12.31 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002.12.31 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.01.01 00:11:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2002.01.01 00:10:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2002.01.01 00:09:49 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002.01.01 00:06:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== LOP Check ========== [2010.05.15 01:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IrfanView [2009.10.15 02:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LEGO Company [2012.07.20 02:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2012.11.08 03:07:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\temp [2009.06.12 01:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tibo Software [2009.06.12 01:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tibo Software [2009.05.09 21:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2013-01-28 22:10:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L080AVVA07-0 rev.VA4OA52A
Running: cp6dryyd.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fwncafow.sys
---- System - GMER 1.0.15 ----
SSDT F7F38866 ZwCreateKey
SSDT F7F3885C ZwCreateThread
SSDT F7F3886B ZwDeleteKey
SSDT F7F38875 ZwDeleteValueKey
SSDT F7F3887A ZwLoadKey
SSDT F7F38848 ZwOpenProcess
SSDT F7F3884D ZwOpenThread
SSDT F7F38884 ZwReplaceKey
SSDT F7F3887F ZwRestoreKey
SSDT F7F38870 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6BF6F80]
---- EOF - GMER 1.0.15 ----
Geändert von LonelySea (28.01.2013 um 23:20 Uhr) |
|
29.01.2013, 22:07
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Habe ich mir AdWare oder ähnliches eingefangen? Hallo,
__________________Zitat:
Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
30.01.2013, 00:45
| #3 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus
__________________Es ist kein Büro-/Firmen-PC oder ein Uni-Rechner. Ich bin Heimanwender. Anbei ein OTL-Log, mit der neuesten Version erstellt. beste Grüsse, LonelySea Code:
ATTFilter OTL logfile created on: 30.01.2013 00:15:16 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,73 Mb Total Physical Memory | 670,32 Mb Available Physical Memory | 65,54% Memory free 2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,52% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,68 Gb Total Space | 29,09 Gb Free Space | 37,94% Space Free | Partition Type: NTFS Drive E: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *** | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.29 22:15:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2013.01.12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.07.03 08:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2009.03.26 14:31:20 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004.07.27 13:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.06.03 01:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.06.03 01:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2013.01.19 01:07:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.01.09 00:54:45 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:50 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010.11.29 10:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2009.03.26 14:31:20 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\trufos.sys -- (Trufos) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Softwin\BitDefender10\bdfdll.sys -- (bdfdll) DRV - [2011.12.08 23:16:48 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.01.20 15:00:00 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM) DRV - [2004.08.28 13:54:38 | 000,033,995 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf) DRV - [2004.08.04 00:38:58 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.04.26 10:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2002.09.20 11:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.13.2.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.19 01:07:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.19 01:07:21 | 000,000,000 | ---D | M] [2009.09.03 21:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.06.29 03:06:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions [2010.12.19 04:14:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.05.05 00:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions\nostmp [2012.08.24 01:02:11 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\gmx994ql.default\extensions\toolbar@ask.com [2013.01.19 01:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 01:07:34 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.24 23:31:01 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 03:34:00 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.24 23:31:01 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 23:31:01 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 23:31:01 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 23:31:01 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.13 00:19:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCF9E5A-098A-48AB-AA93-5839C80598A3}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.11 23:59:30 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2007.10.04 00:36:21 | 001,528,743 | R--- | M] () - E:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.08.01 15:00:31 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 00:14:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2013.01.19 01:07:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.01.30 00:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.30 00:09:04 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys [2013.01.29 23:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.29 22:15:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.01.29 05:27:58 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns [2013.01.29 05:27:58 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns [2013.01.26 03:20:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.14 04:18:47 | 003,060,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\notiz.bmp ========== Files Created - No Company Name ========== [2012.02.18 06:20:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.13 00:07:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011.12.13 00:07:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011.12.13 00:07:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011.12.13 00:07:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011.12.13 00:07:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009.01.08 03:56:09 | 000,007,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2010.07.16 04:40:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.05.15 01:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\IrfanView [2009.10.15 02:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\LEGO Company [2012.07.20 02:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2012.11.08 03:07:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\temp [2009.06.12 01:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tibo Software [2009.06.12 01:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tibo Software [2009.05.09 21:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} ========== Purity Check ========== < End of report > |
|
30.01.2013, 11:18
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir AdWare oder ähnliches eingefangen?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.02.2013, 01:38
| #5 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus Habe den Rechner mit diesem System aus zweiter Hand bekommen, Lizenzsticker ist mit drauf. beste Grüsse, LonelySea |
|
03.02.2013, 02:23
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir AdWare oder ähnliches eingefangen? Ok, danke für die Info Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ --> Habe ich mir AdWare oder ähnliches eingefangen? |
|
03.02.2013, 02:46
| #7 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus Habe ansonsten keine weiteren Logs mit Funden. Allerdings ist mir aufgefallen das seit dem GMER-Scan, dessen Log ich in diesem Thread gepostet habe, der Computer langsamer startet als vorher, könnte es deswegen sein weil der Computer zu lange an war? beste Grüsse, LonelySea |
|
03.02.2013, 02:52
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir AdWare oder ähnliches eingefangen? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2013, 04:09
| #9 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus MBAR meldet "no Malware found!" Anbei das Log beste Grüsse, LonelySea Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
v2013.02.03.01
Windows XP Service Pack 3 x86 NTFS
8.0.6001.18702
Administrator :: ***
03.02.2013 03:53:47
mbar-log-2013-02-03 (03-53-47).txt
24959
49 , 11
0
0
0
0
0
0
0
|
|
03.02.2013, 22:04
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir AdWare oder ähnliches eingefangen? Ich weiß nicht was du mit dem Log gemacht hast, so aber ist es völlig unbrauchbar
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2013, 22:42
| #11 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus Ich habe wohl das falsche Log gepostet, anbei das andere, hoffentlich richtige. beste Grüsse, LonelySea Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.593000 GHz
Memory total: 1072410624, free: 728948736
------------ Kernel report ------------
02/03/2013 03:03:31
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\drivers\sf.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sacm2A.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86758ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff86784d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.02.03.01
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86758ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8678fb40, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86758ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86772f18, DeviceName: \Device\00000064\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86784d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe189b530, 0xffffffff86758ab8, 0xffffffff86323280
Lower DeviceData: 0xffffffffe3309368, 0xffffffff86784d98, 0xffffffff864b0c18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9E3E5FDC
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 160810587
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 82348277760 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-160816480-160836480)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.593000 GHz
Memory total: 1072410624, free: 678965248
=======================================
|
|
03.02.2013, 23:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir AdWare oder ähnliches eingefangen? Nein, das Log war schon das richtige, aber irgendwie zerheckselt  Hatte MBAR denn Funde gemeldet?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2013, 23:23
| #13 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus MBAR hatte gemeldet das keine Funde gemacht wurden und ein CleanUp nicht erforderlich sei. beste Grüsse, LonelySea |
|
04.02.2013, 09:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Habe ich mir AdWare oder ähnliches eingefangen? 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2013, 06:14
| #15 |
| | Habe ich mir AdWare oder ähnliches eingefangen? Hallo Cosinus Anbei die Logs von aswMBR und TDSSKiller beste Grüsse, LonelySea Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-06 05:55:03
-----------------------------
05:55:03.620 OS Version: Windows 5.1.2600 Service Pack 3
05:55:03.620 Number of processors: 2 586 0x209
05:55:03.620 ComputerName: *** UserName: Administrator
05:55:06.635 Initialize success
05:55:25.088 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
05:55:25.088 Disk 0 Vendor: IC35L080AVVA07-0 VA4OA52A Size: 78533MB BusType: 3
05:55:25.104 Disk 0 MBR read successfully
05:55:25.104 Disk 0 MBR scan
05:55:25.104 Disk 0 Windows XP default MBR code
05:55:25.104 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78520 MB offset 63
05:55:25.120 Disk 0 scanning sectors +160810650
05:55:25.198 Disk 0 scanning C:\WINDOWS\system32\drivers
05:55:41.401 Service scanning
05:56:04.135 Modules scanning
05:56:20.370 Disk 0 trace - called modules:
05:56:20.385 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
05:56:20.385 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8678fab8]
05:56:20.385 3 CLASSPNP.SYS[f78a3fd7] -> nt!IofCallDriver -> \Device\00000064[0x86772f18]
05:56:20.385 5 ACPI.sys[f7819620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86771d98]
05:56:20.385 Scan finished successfully
05:56:36.448 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
05:56:36.448 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
Code:
ATTFilter 06:01:29.0745 1320 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:01:30.0057 1320 ============================================================
06:01:30.0057 1320 Current date / time: 2013/02/06 06:01:30.0057
06:01:30.0057 1320 SystemInfo:
06:01:30.0057 1320
06:01:30.0057 1320 OS Version: 5.1.2600 ServicePack: 3.0
06:01:30.0057 1320 Product type: Workstation
06:01:30.0057 1320 ComputerName: ***
06:01:30.0057 1320 UserName: Administrator
06:01:30.0057 1320 Windows directory: C:\WINDOWS
06:01:30.0057 1320 System windows directory: C:\WINDOWS
06:01:30.0057 1320 Processor architecture: Intel x86
06:01:30.0057 1320 Number of processors: 2
06:01:30.0057 1320 Page size: 0x1000
06:01:30.0057 1320 Boot type: Normal boot
06:01:30.0057 1320 ============================================================
06:01:31.0776 1320 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:01:31.0776 1320 ============================================================
06:01:31.0776 1320 \Device\Harddisk0\DR0:
06:01:31.0776 1320 MBR partitions:
06:01:31.0776 1320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
06:01:31.0776 1320 ============================================================
06:01:31.0807 1320 C: <-> \Device\Harddisk0\DR0\Partition1
06:01:31.0807 1320 ============================================================
06:01:31.0807 1320 Initialize success
06:01:31.0807 1320 ============================================================
06:02:36.0604 2916 ============================================================
06:02:36.0604 2916 Scan started
06:02:36.0604 2916 Mode: Manual; SigCheck; TDLFS;
06:02:36.0604 2916 ============================================================
06:02:37.0385 2916 ================ Scan system memory ========================
06:02:37.0401 2916 System memory - ok
06:02:37.0401 2916 ================ Scan services =============================
06:02:37.0542 2916 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Programme\SUPERAntiSpyware\SASCORE.EXE
06:02:37.0729 2916 !SASCORE - ok
06:02:37.0979 2916 Abiosdsk - ok
06:02:37.0995 2916 abp480n5 - ok
06:02:38.0088 2916 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:02:38.0432 2916 ACPI - ok
06:02:38.0463 2916 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
06:02:38.0635 2916 ACPIEC - ok
06:02:38.0760 2916 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:02:38.0792 2916 AdobeFlashPlayerUpdateSvc - ok
06:02:38.0792 2916 adpu160m - ok
06:02:38.0870 2916 [ CDE1F62FE63631B932ACE2249FB11DA0 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
06:02:38.0917 2916 aeaudio ( UnsignedFile.Multi.Generic ) - warning
06:02:38.0917 2916 aeaudio - detected UnsignedFile.Multi.Generic (1)
06:02:38.0979 2916 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
06:02:39.0167 2916 aec - ok
06:02:39.0245 2916 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
06:02:39.0338 2916 AFD - ok
06:02:39.0385 2916 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
06:02:39.0526 2916 agp440 - ok
06:02:39.0542 2916 Aha154x - ok
06:02:39.0542 2916 aic78u2 - ok
06:02:39.0557 2916 aic78xx - ok
06:02:39.0604 2916 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
06:02:39.0776 2916 Alerter - ok
06:02:39.0807 2916 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
06:02:39.0901 2916 ALG - ok
06:02:39.0901 2916 AliIde - ok
06:02:39.0901 2916 amsint - ok
06:02:40.0026 2916 [ A122D68EA2541453F787F341877CB40B ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
06:02:40.0073 2916 AntiVirSchedulerService - ok
06:02:40.0135 2916 [ 2FE359EDEB34EFCF42574752F8AEBD3F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
06:02:40.0182 2916 AntiVirService - ok
06:02:40.0323 2916 [ CC62FDC25725267A702F48C90C5CDF31 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
06:02:40.0542 2916 AntiVirWebService - ok
06:02:40.0682 2916 [ 43DC4FC662DF064535E30B17C8B5AB00 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
06:02:40.0745 2916 Apple Mobile Device - ok
06:02:40.0823 2916 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
06:02:40.0963 2916 AppMgmt - ok
06:02:40.0979 2916 asc - ok
06:02:40.0979 2916 asc3350p - ok
06:02:40.0995 2916 asc3550 - ok
06:02:41.0010 2916 aspnet_state - ok
06:02:41.0057 2916 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:02:41.0198 2916 AsyncMac - ok
06:02:41.0245 2916 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
06:02:41.0401 2916 atapi - ok
06:02:41.0401 2916 Atdisk - ok
06:02:41.0635 2916 [ 8948961A4BD498A29E5EEEFE548E380F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
06:02:42.0135 2916 ati2mtag - ok
06:02:42.0167 2916 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:02:42.0323 2916 Atmarpc - ok
06:02:42.0370 2916 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
06:02:42.0526 2916 AudioSrv - ok
06:02:42.0604 2916 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
06:02:42.0745 2916 audstub - ok
06:02:42.0776 2916 [ 7713E4EB0276702FAA08E52A6E23F2A6 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
06:02:42.0823 2916 avgntflt - ok
06:02:42.0901 2916 [ 475FBB85956534720858AE72010C0A43 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
06:02:42.0948 2916 avipbb - ok
06:02:42.0963 2916 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
06:02:42.0995 2916 avkmgr - ok
06:02:42.0995 2916 bdfdll - ok
06:02:43.0010 2916 BDFsDrv - ok
06:02:43.0010 2916 BDRsDrv - ok
06:02:43.0057 2916 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
06:02:43.0198 2916 Beep - ok
06:02:43.0354 2916 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
06:02:43.0713 2916 BITS - ok
06:02:43.0807 2916 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
06:02:43.0885 2916 Bonjour Service - ok
06:02:43.0948 2916 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
06:02:44.0042 2916 Browser - ok
06:02:44.0229 2916 catchme - ok
06:02:44.0260 2916 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
06:02:44.0417 2916 cbidf2k - ok
06:02:44.0463 2916 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:02:44.0620 2916 CCDECODE - ok
06:02:44.0635 2916 cd20xrnt - ok
06:02:44.0651 2916 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
06:02:44.0807 2916 Cdaudio - ok
06:02:44.0838 2916 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
06:02:44.0979 2916 Cdfs - ok
06:02:45.0010 2916 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:02:45.0182 2916 Cdrom - ok
06:02:45.0182 2916 Changer - ok
06:02:45.0213 2916 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
06:02:45.0370 2916 CiSvc - ok
06:02:45.0417 2916 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
06:02:45.0588 2916 ClipSrv - ok
06:02:45.0604 2916 CmdIde - ok
06:02:45.0604 2916 COMSysApp - ok
06:02:45.0620 2916 Cpqarray - ok
06:02:45.0667 2916 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
06:02:45.0823 2916 CryptSvc - ok
06:02:45.0823 2916 dac2w2k - ok
06:02:45.0838 2916 dac960nt - ok
06:02:45.0979 2916 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
06:02:46.0213 2916 DcomLaunch - ok
06:02:46.0292 2916 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
06:02:46.0479 2916 Dhcp - ok
06:02:46.0510 2916 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
06:02:46.0682 2916 Disk - ok
06:02:46.0682 2916 dmadmin - ok
06:02:46.0932 2916 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
06:02:47.0432 2916 dmboot - ok
06:02:47.0526 2916 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
06:02:47.0713 2916 dmio - ok
06:02:47.0729 2916 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
06:02:47.0885 2916 dmload - ok
06:02:47.0932 2916 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
06:02:48.0104 2916 dmserver - ok
06:02:48.0135 2916 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
06:02:48.0292 2916 DMusic - ok
06:02:48.0338 2916 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
06:02:48.0432 2916 Dnscache - ok
06:02:48.0510 2916 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
06:02:48.0713 2916 Dot3svc - ok
06:02:48.0713 2916 dpti2o - ok
06:02:48.0745 2916 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
06:02:48.0901 2916 drmkaud - ok
06:02:48.0948 2916 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
06:02:49.0120 2916 EapHost - ok
06:02:49.0167 2916 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
06:02:49.0354 2916 ERSvc - ok
06:02:49.0417 2916 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
06:02:49.0479 2916 Eventlog - ok
06:02:49.0588 2916 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
06:02:49.0698 2916 EventSystem - ok
06:02:49.0792 2916 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
06:02:49.0948 2916 Fastfat - ok
06:02:50.0026 2916 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:02:50.0120 2916 FastUserSwitchingCompatibility - ok
06:02:50.0151 2916 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
06:02:50.0292 2916 Fdc - ok
06:02:50.0323 2916 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
06:02:50.0479 2916 Fips - ok
06:02:50.0526 2916 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:02:50.0667 2916 Flpydisk - ok
06:02:50.0745 2916 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
06:02:50.0901 2916 FltMgr - ok
06:02:50.0917 2916 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:02:51.0088 2916 Fs_Rec - ok
06:02:51.0135 2916 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:02:51.0292 2916 Ftdisk - ok
06:02:51.0338 2916 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:02:51.0354 2916 GEARAspiWDM - ok
06:02:51.0401 2916 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:02:51.0557 2916 Gpc - ok
06:02:51.0682 2916 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:02:51.0870 2916 helpsvc - ok
06:02:51.0870 2916 HidServ - ok
06:02:51.0932 2916 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
06:02:52.0088 2916 hkmsvc - ok
06:02:52.0088 2916 hpn - ok
06:02:52.0198 2916 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
06:02:52.0323 2916 HTTP - ok
06:02:52.0354 2916 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
06:02:52.0526 2916 HTTPFilter - ok
06:02:52.0526 2916 i2omgmt - ok
06:02:52.0542 2916 i2omp - ok
06:02:52.0557 2916 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:02:52.0760 2916 i8042prt - ok
06:02:52.0792 2916 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
06:02:52.0948 2916 Imapi - ok
06:02:53.0026 2916 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
06:02:53.0245 2916 ImapiService - ok
06:02:53.0245 2916 ini910u - ok
06:02:53.0276 2916 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
06:02:53.0432 2916 IntelIde - ok
06:02:53.0479 2916 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:02:53.0635 2916 intelppm - ok
06:02:53.0667 2916 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
06:02:53.0823 2916 Ip6Fw - ok
06:02:53.0870 2916 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:02:54.0026 2916 IpFilterDriver - ok
06:02:54.0057 2916 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:02:54.0213 2916 IpInIp - ok
06:02:54.0292 2916 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:02:54.0463 2916 IpNat - ok
06:02:54.0698 2916 [ F055C1760ABFA52B159985E551EA0EDC ] iPod Service C:\Programme\iPod\bin\iPodService.exe
06:02:54.0870 2916 iPod Service - ok
06:02:54.0917 2916 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:02:55.0073 2916 IPSec - ok
06:02:55.0104 2916 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
06:02:55.0182 2916 IRENUM - ok
06:02:55.0198 2916 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:02:55.0354 2916 isapnp - ok
06:02:55.0510 2916 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
06:02:55.0588 2916 JavaQuickStarterService - ok
06:02:55.0604 2916 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:02:55.0760 2916 Kbdclass - ok
06:02:55.0854 2916 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
06:02:56.0042 2916 kmixer - ok
06:02:56.0088 2916 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
06:02:56.0229 2916 KSecDD - ok
06:02:56.0276 2916 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
06:02:56.0354 2916 lanmanserver - ok
06:02:56.0432 2916 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:02:56.0510 2916 lanmanworkstation - ok
06:02:56.0526 2916 lbrtfdc - ok
06:02:56.0557 2916 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
06:02:56.0729 2916 LmHosts - ok
06:02:56.0776 2916 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
06:02:56.0948 2916 Messenger - ok
06:02:57.0042 2916 [ 63C34814492AA65FC517B002DE77B191 ] MidiSyn C:\WINDOWS\system32\drivers\MidiSyn.sys
06:02:57.0151 2916 MidiSyn - ok
06:02:57.0182 2916 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
06:02:57.0338 2916 mnmdd - ok
06:02:57.0370 2916 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
06:02:57.0542 2916 mnmsrvc - ok
06:02:57.0635 2916 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
06:02:57.0792 2916 Modem - ok
06:02:57.0807 2916 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:02:57.0963 2916 Mouclass - ok
06:02:57.0995 2916 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
06:02:58.0151 2916 MountMgr - ok
06:02:58.0245 2916 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
06:02:58.0307 2916 MozillaMaintenance - ok
06:02:58.0307 2916 mraid35x - ok
06:02:58.0370 2916 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:02:58.0557 2916 MRxDAV - ok
06:02:58.0729 2916 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:02:58.0948 2916 MRxSmb - ok
06:02:58.0995 2916 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
06:02:59.0151 2916 MSDTC - ok
06:02:59.0182 2916 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
06:02:59.0354 2916 Msfs - ok
06:02:59.0354 2916 MSIServer - ok
06:02:59.0385 2916 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:02:59.0526 2916 MSKSSRV - ok
06:02:59.0573 2916 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:02:59.0713 2916 MSPCLOCK - ok
06:02:59.0745 2916 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
06:02:59.0901 2916 MSPQM - ok
06:02:59.0932 2916 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:03:00.0088 2916 mssmbios - ok
06:03:00.0104 2916 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
06:03:00.0245 2916 MSTEE - ok
06:03:00.0323 2916 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
06:03:00.0370 2916 Mup - ok
06:03:00.0432 2916 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:03:00.0604 2916 NABTSFEC - ok
06:03:00.0745 2916 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
06:03:00.0995 2916 napagent - ok
06:03:01.0057 2916 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
06:03:01.0229 2916 NDIS - ok
06:03:01.0260 2916 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:03:01.0401 2916 NdisIP - ok
06:03:01.0448 2916 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:03:01.0495 2916 NdisTapi - ok
06:03:01.0542 2916 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:03:01.0698 2916 Ndisuio - ok
06:03:01.0745 2916 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:03:01.0901 2916 NdisWan - ok
06:03:01.0948 2916 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
06:03:01.0979 2916 NDProxy - ok
06:03:02.0010 2916 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
06:03:02.0370 2916 NetBIOS - ok
06:03:02.0448 2916 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
06:03:02.0635 2916 NetBT - ok
06:03:02.0698 2916 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
06:03:02.0885 2916 NetDDE - ok
06:03:02.0917 2916 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
06:03:03.0073 2916 NetDDEdsdm - ok
06:03:03.0120 2916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
06:03:03.0276 2916 Netlogon - ok
06:03:03.0354 2916 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
06:03:03.0573 2916 Netman - ok
06:03:03.0667 2916 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
06:03:03.0760 2916 Nla - ok
06:03:03.0823 2916 [ 431ADA51E9D032F533548688CE5A2A24 ] nosGetPlusHelper C:\Programme\NOS\bin\getPlus_Helper_3004.dll
06:03:03.0854 2916 nosGetPlusHelper - ok
06:03:03.0885 2916 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
06:03:04.0042 2916 Npfs - ok
06:03:04.0260 2916 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
06:03:04.0620 2916 Ntfs - ok
06:03:04.0651 2916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
06:03:04.0792 2916 NtLmSsp - ok
06:03:04.0963 2916 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
06:03:05.0323 2916 NtmsSvc - ok
06:03:05.0338 2916 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
06:03:05.0495 2916 Null - ok
06:03:05.0542 2916 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:03:05.0682 2916 NwlnkFlt - ok
06:03:05.0713 2916 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:03:05.0854 2916 NwlnkFwd - ok
06:03:05.0901 2916 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
06:03:06.0042 2916 Parport - ok
06:03:06.0088 2916 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
06:03:06.0245 2916 PartMgr - ok
06:03:06.0292 2916 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
06:03:06.0432 2916 ParVdm - ok
06:03:06.0463 2916 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
06:03:06.0620 2916 PCI - ok
06:03:06.0620 2916 PCIDump - ok
06:03:06.0635 2916 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
06:03:06.0776 2916 PCIIde - ok
06:03:06.0823 2916 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
06:03:06.0979 2916 Pcmcia - ok
06:03:06.0979 2916 PDCOMP - ok
06:03:06.0995 2916 PDFRAME - ok
06:03:06.0995 2916 PDRELI - ok
06:03:07.0010 2916 PDRFRAME - ok
06:03:07.0010 2916 perc2 - ok
06:03:07.0026 2916 perc2hib - ok
06:03:07.0088 2916 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
06:03:07.0135 2916 PlugPlay - ok
06:03:07.0167 2916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
06:03:07.0307 2916 PolicyAgent - ok
06:03:07.0370 2916 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:03:07.0510 2916 PptpMiniport - ok
06:03:07.0526 2916 Profos - ok
06:03:07.0542 2916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:03:07.0682 2916 ProtectedStorage - ok
06:03:07.0698 2916 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
06:03:07.0854 2916 PSched - ok
06:03:07.0901 2916 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:03:08.0042 2916 Ptilink - ok
06:03:08.0057 2916 ql1080 - ok
06:03:08.0057 2916 Ql10wnt - ok
06:03:08.0073 2916 ql12160 - ok
06:03:08.0073 2916 ql1240 - ok
06:03:08.0088 2916 ql1280 - ok
06:03:08.0104 2916 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:03:08.0292 2916 RasAcd - ok
06:03:08.0354 2916 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
06:03:08.0526 2916 RasAuto - ok
06:03:08.0557 2916 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:03:08.0713 2916 Rasl2tp - ok
06:03:08.0807 2916 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
06:03:08.0995 2916 RasMan - ok
06:03:09.0026 2916 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:03:09.0182 2916 RasPppoe - ok
06:03:09.0213 2916 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
06:03:09.0385 2916 Raspti - ok
06:03:09.0448 2916 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:03:09.0635 2916 Rdbss - ok
06:03:09.0651 2916 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:03:09.0792 2916 RDPCDD - ok
06:03:09.0870 2916 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:03:10.0042 2916 rdpdr - ok
06:03:10.0120 2916 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
06:03:10.0229 2916 RDPWD - ok
06:03:10.0292 2916 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
06:03:10.0495 2916 RDSessMgr - ok
06:03:10.0542 2916 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
06:03:10.0698 2916 redbook - ok
06:03:10.0760 2916 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
06:03:10.0917 2916 RemoteAccess - ok
06:03:10.0979 2916 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
06:03:11.0151 2916 RemoteRegistry - ok
06:03:11.0198 2916 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
06:03:11.0370 2916 RpcLocator - ok
06:03:11.0495 2916 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
06:03:11.0588 2916 RpcSs - ok
06:03:11.0667 2916 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
06:03:11.0838 2916 RSVP - ok
06:03:11.0870 2916 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
06:03:12.0010 2916 SamSs - ok
06:03:12.0057 2916 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
06:03:12.0073 2916 SASDIFSV - ok
06:03:12.0104 2916 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
06:03:12.0135 2916 SASKUTIL - ok
06:03:12.0182 2916 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
06:03:12.0370 2916 SCardSvr - ok
06:03:12.0463 2916 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
06:03:12.0667 2916 Schedule - ok
06:03:12.0713 2916 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:03:12.0776 2916 Secdrv - ok
06:03:12.0792 2916 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
06:03:12.0948 2916 seclogon - ok
06:03:12.0948 2916 Secunia Update Agent - ok
06:03:13.0073 2916 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
06:03:13.0292 2916 senfilt ( UnsignedFile.Multi.Generic ) - warning
06:03:13.0307 2916 senfilt - detected UnsignedFile.Multi.Generic (1)
06:03:13.0401 2916 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
06:03:13.0573 2916 SENS - ok
06:03:13.0604 2916 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
06:03:13.0745 2916 serenum - ok
06:03:13.0776 2916 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
06:03:13.0917 2916 Serial - ok
06:03:13.0948 2916 [ 8DA9C7FEEDBA52CFD91EE2E2113DF6A9 ] sf C:\WINDOWS\system32\drivers\sf.sys
06:03:13.0948 2916 sf ( UnsignedFile.Multi.Generic ) - warning
06:03:13.0948 2916 sf - detected UnsignedFile.Multi.Generic (1)
06:03:13.0995 2916 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
06:03:14.0167 2916 Sfloppy - ok
06:03:14.0307 2916 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
06:03:14.0635 2916 SharedAccess - ok
06:03:14.0682 2916 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:03:14.0713 2916 ShellHWDetection - ok
06:03:14.0729 2916 Simbad - ok
06:03:14.0745 2916 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:03:14.0885 2916 SLIP - ok
06:03:14.0995 2916 [ CE52BFFEBFAF1E59553E2885CAB80B52 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
06:03:15.0088 2916 smwdm ( UnsignedFile.Multi.Generic ) - warning
06:03:15.0088 2916 smwdm - detected UnsignedFile.Multi.Generic (1)
06:03:15.0182 2916 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
06:03:15.0198 2916 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
06:03:15.0198 2916 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
06:03:15.0198 2916 Sparrow - ok
06:03:15.0213 2916 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
06:03:15.0354 2916 splitter - ok
06:03:15.0401 2916 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
06:03:15.0463 2916 Spooler - ok
06:03:15.0510 2916 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
06:03:15.0588 2916 sr - ok
06:03:15.0682 2916 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
06:03:15.0807 2916 srservice - ok
06:03:15.0948 2916 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
06:03:16.0167 2916 Srv - ok
06:03:16.0213 2916 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
06:03:16.0323 2916 SSDPSRV - ok
06:03:16.0370 2916 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
06:03:16.0385 2916 ssmdrv - ok
06:03:16.0510 2916 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
06:03:16.0823 2916 stisvc - ok
06:03:16.0854 2916 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:03:16.0995 2916 streamip - ok
06:03:17.0042 2916 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
06:03:17.0198 2916 swenum - ok
06:03:17.0229 2916 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
06:03:17.0370 2916 swmidi - ok
06:03:17.0385 2916 SwPrv - ok
06:03:17.0385 2916 symc810 - ok
06:03:17.0401 2916 symc8xx - ok
06:03:17.0401 2916 sym_hi - ok
06:03:17.0417 2916 sym_u3 - ok
06:03:17.0448 2916 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
06:03:17.0588 2916 sysaudio - ok
06:03:17.0651 2916 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
06:03:17.0838 2916 SysmonLog - ok
06:03:17.0917 2916 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
06:03:18.0151 2916 TapiSrv - ok
06:03:18.0292 2916 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:03:18.0479 2916 Tcpip - ok
06:03:18.0526 2916 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
06:03:18.0682 2916 TDPIPE - ok
06:03:18.0698 2916 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
06:03:18.0854 2916 TDTCP - ok
06:03:18.0870 2916 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
06:03:19.0026 2916 TermDD - ok
06:03:19.0167 2916 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
06:03:19.0432 2916 TermService - ok
06:03:19.0495 2916 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
06:03:19.0510 2916 Themes - ok
06:03:19.0573 2916 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
06:03:19.0682 2916 TlntSvr - ok
06:03:19.0682 2916 TosIde - ok
06:03:19.0745 2916 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
06:03:19.0917 2916 TrkWks - ok
06:03:19.0932 2916 Trufos - ok
06:03:19.0995 2916 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
06:03:20.0151 2916 Udfs - ok
06:03:20.0151 2916 ultra - ok
06:03:20.0292 2916 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
06:03:20.0604 2916 Update - ok
06:03:20.0698 2916 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
06:03:20.0823 2916 upnphost - ok
06:03:20.0854 2916 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
06:03:21.0026 2916 UPS - ok
06:03:21.0073 2916 [ D21CDE1C635BCC5053463579EEE453CF ] USBCM C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
06:03:21.0120 2916 USBCM - ok
06:03:21.0167 2916 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:03:21.0307 2916 usbehci - ok
06:03:21.0370 2916 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:03:21.0510 2916 usbhub - ok
06:03:21.0542 2916 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:03:21.0682 2916 USBSTOR - ok
06:03:21.0713 2916 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:03:21.0854 2916 usbuhci - ok
06:03:21.0917 2916 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
06:03:22.0057 2916 VgaSave - ok
06:03:22.0073 2916 ViaIde - ok
06:03:22.0104 2916 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
06:03:22.0276 2916 VolSnap - ok
06:03:22.0401 2916 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
06:03:22.0557 2916 VSS - ok
06:03:22.0620 2916 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
06:03:22.0823 2916 W32Time - ok
06:03:22.0854 2916 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:03:22.0995 2916 Wanarp - ok
06:03:22.0995 2916 WDICA - ok
06:03:23.0057 2916 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
06:03:23.0229 2916 wdmaud - ok
06:03:23.0292 2916 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
06:03:23.0448 2916 WebClient - ok
06:03:23.0573 2916 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
06:03:23.0745 2916 winmgmt - ok
06:03:23.0807 2916 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
06:03:23.0963 2916 WmdmPmSN - ok
06:03:24.0182 2916 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
06:03:24.0557 2916 Wmi - ok
06:03:24.0620 2916 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:03:24.0807 2916 WmiApSrv - ok
06:03:24.0854 2916 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
06:03:24.0995 2916 WS2IFSL - ok
06:03:25.0057 2916 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
06:03:25.0229 2916 wscsvc - ok
06:03:25.0260 2916 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:03:25.0417 2916 WSTCODEC - ok
06:03:25.0432 2916 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
06:03:25.0573 2916 wuauserv - ok
06:03:25.0760 2916 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
06:03:26.0151 2916 WZCSVC - ok
06:03:26.0229 2916 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
06:03:26.0417 2916 xmlprov - ok
06:03:26.0432 2916 ================ Scan global ===============================
06:03:26.0479 2916 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
06:03:26.0604 2916 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
06:03:26.0776 2916 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
06:03:26.0823 2916 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
06:03:26.0838 2916 [Global] - ok
06:03:26.0838 2916 ================ Scan MBR ==================================
06:03:26.0870 2916 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
06:03:27.0213 2916 \Device\Harddisk0\DR0 - ok
06:03:27.0213 2916 ================ Scan VBR ==================================
06:03:27.0245 2916 [ 47B58E94A8FFC951B1FCB336F9FAB8B4 ] \Device\Harddisk0\DR0\Partition1
06:03:27.0245 2916 \Device\Harddisk0\DR0\Partition1 - ok
06:03:27.0245 2916 ============================================================
06:03:27.0245 2916 Scan finished
06:03:27.0245 2916 ============================================================
06:03:27.0354 1316 Detected object count: 5
06:03:27.0354 1316 Actual detected object count: 5
06:05:30.0620 1316 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
06:05:30.0620 1316 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:05:30.0635 1316 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user
06:05:30.0635 1316 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:05:30.0635 1316 sf ( UnsignedFile.Multi.Generic ) - skipped by user
06:05:30.0635 1316 sf ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:05:30.0635 1316 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
06:05:30.0635 1316 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:05:30.0635 1316 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
06:05:30.0635 1316 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Habe ich mir AdWare oder ähnliches eingefangen? |
| administrator, adobe, adobe flash player, adware, avg, avira, avira searchfree toolbar, bho, bonjour, einstellungen, explorer, firefox, flash player, focus, format, helper, logfile, monitor, monitor.exe, mozilla, nodrives, opera, plug-in, popup, registry, scan, software, surfen, vista |
Linear-Darstellung
