| |
| |||||||
Log-Analyse und Auswertung: Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.02.2012, 15:51
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Rootkit.Win32.TDSS.tdl3 bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.02.2012, 16:46
| #17 |
 | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! erledigt, hier das neue log:
__________________Code:
ATTFilter 16:41:04.0611 5484 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:41:04.0830 5484 ============================================================
16:41:04.0830 5484 Current date / time: 2012/02/03 16:41:04.0830
16:41:04.0830 5484 SystemInfo:
16:41:04.0830 5484
16:41:04.0830 5484 OS Version: 6.0.6002 ServicePack: 2.0
16:41:04.0830 5484 Product type: Workstation
16:41:04.0830 5484 ComputerName: FMNOTEBOOK
16:41:04.0830 5484 UserName: Fabian
16:41:04.0830 5484 Windows directory: C:\Windows
16:41:04.0830 5484 System windows directory: C:\Windows
16:41:04.0830 5484 Processor architecture: Intel x86
16:41:04.0830 5484 Number of processors: 2
16:41:04.0830 5484 Page size: 0x1000
16:41:04.0830 5484 Boot type: Normal boot
16:41:04.0830 5484 ============================================================
16:41:06.0406 5484 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:41:06.0438 5484 \Device\Harddisk0\DR0:
16:41:06.0469 5484 MBR used
16:41:06.0469 5484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
16:41:06.0469 5484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x110E97F8
16:41:06.0672 5484 Initialize success
16:41:06.0672 5484 ============================================================
16:42:03.0549 5896 ============================================================
16:42:03.0549 5896 Scan started
16:42:03.0549 5896 Mode: Manual; SigCheck; TDLFS;
16:42:03.0549 5896 ============================================================
16:42:07.0153 5896 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:42:07.0402 5896 ACPI - ok
16:42:08.0276 5896 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:42:08.0416 5896 adp94xx - ok
16:42:08.0557 5896 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:42:08.0619 5896 adpahci - ok
16:42:08.0666 5896 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:42:08.0697 5896 adpu160m - ok
16:42:08.0744 5896 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:42:08.0760 5896 adpu320 - ok
16:42:08.0947 5896 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
16:42:09.0118 5896 Afc - ok
16:42:10.0195 5896 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:42:10.0444 5896 AFD - ok
16:42:10.0897 5896 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
16:42:10.0944 5896 agp440 - ok
16:42:11.0115 5896 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:42:11.0162 5896 aic78xx - ok
16:42:11.0209 5896 aliide (e32a92e1574a467f7c762922f6162d76) C:\Windows\system32\drivers\aliide.sys
16:42:11.0240 5896 aliide - ok
16:42:11.0365 5896 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
16:42:11.0396 5896 amdagp - ok
16:42:11.0458 5896 amdide (b52b576cb0099a62f87214f371031561) C:\Windows\system32\drivers\amdide.sys
16:42:11.0474 5896 amdide - ok
16:42:11.0521 5896 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:42:12.0706 5896 AmdK7 - ok
16:42:12.0956 5896 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:42:13.0159 5896 AmdK8 - ok
16:42:13.0377 5896 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:42:13.0486 5896 ApfiltrService - ok
16:42:14.0032 5896 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:42:14.0064 5896 arc - ok
16:42:14.0157 5896 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:42:14.0188 5896 arcsas - ok
16:42:14.0313 5896 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:42:14.0454 5896 AsyncMac - ok
16:42:14.0578 5896 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:42:14.0594 5896 atapi - ok
16:42:14.0672 5896 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
16:42:14.0703 5896 avgntflt - ok
16:42:14.0906 5896 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
16:42:15.0000 5896 avipbb - ok
16:42:15.0452 5896 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
16:42:15.0530 5896 avkmgr - ok
16:42:15.0842 5896 BCM42RLY - ok
16:42:15.0967 5896 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:42:16.0045 5896 BCM43XX - ok
16:42:16.0170 5896 blbdrive - ok
16:42:16.0248 5896 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\Windows\system32\DRIVERS\blueletaudio.sys
16:42:16.0279 5896 BlueletAudio - ok
16:42:16.0294 5896 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
16:42:16.0310 5896 BlueletSCOAudio - ok
16:42:16.0528 5896 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:42:16.0622 5896 bowser - ok
16:42:16.0778 5896 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:42:16.0903 5896 BrFiltLo - ok
16:42:17.0012 5896 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:42:17.0074 5896 BrFiltUp - ok
16:42:17.0152 5896 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:42:17.0246 5896 Brserid - ok
16:42:17.0355 5896 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:42:17.0449 5896 BrSerWdm - ok
16:42:17.0480 5896 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:42:17.0558 5896 BrUsbMdm - ok
16:42:17.0683 5896 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:42:17.0792 5896 BrUsbSer - ok
16:42:17.0901 5896 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\Windows\system32\DRIVERS\btnetdrv.sys
16:42:17.0917 5896 BT - ok
16:42:18.0042 5896 Btcsrusb (da473d279420234170da795f1cad4479) C:\Windows\system32\Drivers\btcusb.sys
16:42:18.0057 5896 Btcsrusb - ok
16:42:18.0151 5896 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
16:42:18.0229 5896 BthEnum - ok
16:42:18.0322 5896 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\Windows\system32\Drivers\vbtenum.sys
16:42:18.0338 5896 BTHidEnum - ok
16:42:18.0400 5896 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\Windows\system32\Drivers\BTHidMgr.sys
16:42:18.0416 5896 BTHidMgr - ok
16:42:18.0478 5896 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:42:18.0541 5896 BTHMODEM - ok
16:42:18.0666 5896 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:42:18.0759 5896 BthPan - ok
16:42:19.0134 5896 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
16:42:19.0336 5896 BTHPORT - ok
16:42:19.0477 5896 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
16:42:19.0555 5896 BTHUSB - ok
16:42:19.0695 5896 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
16:42:19.0742 5896 btwaudio - ok
16:42:19.0804 5896 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
16:42:19.0836 5896 btwavdt - ok
16:42:19.0960 5896 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
16:42:19.0992 5896 btwrchid - ok
16:42:20.0070 5896 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:42:20.0132 5896 cdfs - ok
16:42:20.0350 5896 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:42:20.0538 5896 cdrom - ok
16:42:20.0662 5896 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:42:20.0803 5896 circlass - ok
16:42:20.0865 5896 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:42:20.0896 5896 CLFS - ok
16:42:21.0099 5896 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:42:21.0193 5896 CmBatt - ok
16:42:21.0318 5896 cmdide (c177dd90b5dc1dcaa96ccece752e6f0f) C:\Windows\system32\drivers\cmdide.sys
16:42:21.0349 5896 cmdide - ok
16:42:21.0411 5896 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:42:21.0458 5896 Compbatt - ok
16:42:21.0474 5896 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:42:21.0489 5896 crcdisk - ok
16:42:21.0520 5896 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:42:21.0645 5896 Crusoe - ok
16:42:21.0864 5896 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:42:21.0973 5896 DfsC - ok
16:42:22.0129 5896 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:42:22.0176 5896 disk - ok
16:42:22.0269 5896 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:42:22.0347 5896 drmkaud - ok
16:42:22.0597 5896 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:42:22.0659 5896 DXGKrnl - ok
16:42:23.0065 5896 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
16:42:23.0205 5896 e1express - ok
16:42:23.0330 5896 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:42:23.0439 5896 E1G60 - ok
16:42:23.0533 5896 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:42:23.0564 5896 Ecache - ok
16:42:23.0689 5896 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:42:23.0798 5896 elxstor - ok
16:42:24.0266 5896 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:42:24.0453 5896 exfat - ok
16:42:24.0984 5896 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:42:25.0093 5896 fastfat - ok
16:42:25.0249 5896 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:42:25.0389 5896 fdc - ok
16:42:25.0498 5896 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:42:25.0545 5896 FileInfo - ok
16:42:25.0654 5896 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:42:25.0701 5896 Filetrace - ok
16:42:25.0779 5896 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:42:25.0888 5896 flpydisk - ok
16:42:25.0998 5896 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:42:26.0029 5896 FltMgr - ok
16:42:26.0200 5896 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:42:26.0278 5896 Fs_Rec - ok
16:42:26.0388 5896 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:42:26.0419 5896 gagp30kx - ok
16:42:26.0544 5896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:42:26.0559 5896 GEARAspiWDM - ok
16:42:26.0809 5896 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:42:26.0934 5896 HDAudBus - ok
16:42:27.0043 5896 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:42:27.0152 5896 HidBth - ok
16:42:27.0183 5896 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:42:27.0277 5896 HidIr - ok
16:42:27.0417 5896 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:42:27.0542 5896 HidUsb - ok
16:42:27.0807 5896 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:42:27.0885 5896 HpCISSs - ok
16:42:28.0774 5896 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:42:29.0445 5896 HSF_DPV - ok
16:42:30.0100 5896 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:42:30.0256 5896 HSXHWAZL - ok
16:42:30.0662 5896 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:42:30.0834 5896 HTTP - ok
16:42:31.0270 5896 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:42:31.0333 5896 i2omp - ok
16:42:31.0972 5896 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:42:32.0113 5896 i8042prt - ok
16:42:32.0596 5896 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
16:42:32.0628 5896 iaStor - ok
16:42:33.0220 5896 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:42:33.0298 5896 iaStorV - ok
16:42:34.0312 5896 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:42:36.0169 5896 igfx - ok
16:42:36.0699 5896 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:42:36.0746 5896 iirsp - ok
16:42:37.0323 5896 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
16:42:37.0526 5896 IntcHdmiAddService - ok
16:42:38.0041 5896 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\DRIVERS\intelide.sys
16:42:38.0088 5896 intelide - ok
16:42:38.0556 5896 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:42:38.0649 5896 intelppm - ok
16:42:38.0992 5896 IpInIp - ok
16:42:39.0382 5896 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:42:39.0726 5896 IPMIDRV - ok
16:42:40.0084 5896 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:42:40.0209 5896 IPNAT - ok
16:42:40.0911 5896 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:42:41.0020 5896 IRENUM - ok
16:42:41.0644 5896 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
16:42:41.0722 5896 isapnp - ok
16:42:41.0878 5896 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:42:41.0910 5896 iScsiPrt - ok
16:42:42.0081 5896 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:42:42.0159 5896 iteatapi - ok
16:42:42.0721 5896 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:42:42.0783 5896 iteraid - ok
16:42:43.0126 5896 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:42:43.0236 5896 kbdclass - ok
16:42:43.0610 5896 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:42:43.0704 5896 kbdhid - ok
16:42:44.0156 5896 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:42:44.0967 5896 KSecDD - ok
16:42:45.0264 5896 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:42:45.0404 5896 lltdio - ok
16:42:46.0028 5896 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:42:46.0122 5896 LSI_FC - ok
16:42:46.0480 5896 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:42:46.0558 5896 LSI_SAS - ok
16:42:47.0011 5896 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:42:47.0089 5896 LSI_SCSI - ok
16:42:47.0619 5896 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:42:47.0869 5896 luafv - ok
16:42:48.0072 5896 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:42:48.0181 5896 mdmxsdk - ok
16:42:48.0696 5896 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:42:48.0805 5896 megasas - ok
16:42:49.0179 5896 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:42:49.0320 5896 Modem - ok
16:42:49.0772 5896 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:42:49.0834 5896 monitor - ok
16:42:50.0256 5896 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:42:50.0318 5896 mouclass - ok
16:42:50.0942 5896 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:42:51.0082 5896 mouhid - ok
16:42:51.0816 5896 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:42:52.0065 5896 MountMgr - ok
16:42:52.0642 5896 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:42:54.0124 5896 mpio - ok
16:42:54.0655 5896 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:42:55.0107 5896 mpsdrv - ok
16:42:55.0653 5896 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:42:55.0747 5896 Mraid35x - ok
16:42:56.0293 5896 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:42:56.0527 5896 MRxDAV - ok
16:42:56.0995 5896 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:42:57.0166 5896 mrxsmb - ok
16:42:57.0884 5896 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:42:58.0134 5896 mrxsmb10 - ok
16:42:58.0539 5896 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:42:58.0680 5896 mrxsmb20 - ok
16:42:59.0101 5896 msahci (2681302b63b318cbea6c82902ac5428c) C:\Windows\system32\drivers\msahci.sys
16:42:59.0194 5896 msahci - ok
16:42:59.0990 5896 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:43:00.0052 5896 msdsm - ok
16:43:00.0364 5896 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:43:00.0520 5896 Msfs - ok
16:43:01.0035 5896 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:43:01.0098 5896 msisadrv - ok
16:43:01.0628 5896 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:43:01.0784 5896 MSKSSRV - ok
16:43:02.0548 5896 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:02.0673 5896 MSPCLOCK - ok
16:43:03.0360 5896 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:43:03.0531 5896 MSPQM - ok
16:43:03.0781 5896 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:43:03.0890 5896 MsRPC - ok
16:43:04.0498 5896 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:43:04.0514 5896 mssmbios - ok
16:43:04.0654 5896 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:43:04.0779 5896 MSTEE - ok
16:43:05.0091 5896 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:43:05.0185 5896 Mup - ok
16:43:05.0590 5896 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:43:05.0715 5896 NativeWifiP - ok
16:43:06.0480 5896 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:43:06.0558 5896 NDIS - ok
16:43:07.0057 5896 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:07.0431 5896 NdisTapi - ok
16:43:07.0930 5896 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:08.0164 5896 Ndisuio - ok
16:43:08.0508 5896 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:08.0632 5896 NdisWan - ok
16:43:09.0022 5896 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:43:09.0178 5896 NDProxy - ok
16:43:09.0724 5896 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:43:09.0849 5896 NetBIOS - ok
16:43:10.0473 5896 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:43:10.0645 5896 netbt - ok
16:43:11.0628 5896 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:43:11.0690 5896 nfrd960 - ok
16:43:12.0111 5896 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:43:12.0236 5896 Npfs - ok
16:43:12.0798 5896 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:43:12.0954 5896 nsiproxy - ok
16:43:14.0638 5896 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:43:15.0574 5896 Ntfs - ok
16:43:15.0964 5896 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:43:16.0136 5896 ntrigdigi - ok
16:43:16.0713 5896 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:43:16.0807 5896 Null - ok
16:43:17.0462 5896 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:43:17.0556 5896 nvraid - ok
16:43:18.0086 5896 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:43:18.0195 5896 nvstor - ok
16:43:18.0585 5896 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
16:43:18.0679 5896 nv_agp - ok
16:43:19.0131 5896 NwlnkFlt - ok
16:43:19.0194 5896 NwlnkFwd - ok
16:43:19.0771 5896 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
16:43:19.0974 5896 OEM02Dev - ok
16:43:20.0426 5896 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
16:43:20.0504 5896 OEM02Vfx - ok
16:43:20.0863 5896 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:43:20.0956 5896 ohci1394 - ok
16:43:21.0440 5896 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:43:21.0627 5896 Parport - ok
16:43:22.0158 5896 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:43:22.0251 5896 partmgr - ok
16:43:22.0563 5896 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:43:22.0782 5896 Parvdm - ok
16:43:23.0218 5896 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:43:23.0343 5896 pci - ok
16:43:23.0764 5896 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:43:23.0858 5896 pciide - ok
16:43:24.0654 5896 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:43:24.0716 5896 pcmcia - ok
16:43:25.0543 5896 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:43:26.0151 5896 PEAUTH - ok
16:43:26.0853 5896 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:43:26.0978 5896 PptpMiniport - ok
16:43:27.0384 5896 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:43:27.0571 5896 Processor - ok
16:43:28.0117 5896 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:43:28.0273 5896 PSched - ok
16:43:28.0975 5896 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
16:43:29.0100 5896 PxHelp20 - ok
16:43:29.0786 5896 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:43:30.0036 5896 ql2300 - ok
16:43:30.0472 5896 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:43:30.0566 5896 ql40xx - ok
16:43:31.0096 5896 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:43:31.0408 5896 QWAVEdrv - ok
16:43:32.0376 5896 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:34.0216 5896 R300 - ok
16:43:34.0825 5896 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:43:34.0903 5896 RasAcd - ok
16:43:35.0355 5896 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:35.0511 5896 Rasl2tp - ok
16:43:36.0026 5896 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:36.0151 5896 RasPppoe - ok
16:43:36.0634 5896 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:43:36.0759 5896 RasSstp - ok
16:43:37.0180 5896 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:43:37.0399 5896 rdbss - ok
16:43:37.0914 5896 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:38.0007 5896 RDPCDD - ok
16:43:38.0460 5896 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
16:43:38.0631 5896 rdpdr - ok
16:43:39.0536 5896 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:43:39.0708 5896 RDPENCDD - ok
16:43:40.0285 5896 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:43:40.0410 5896 RDPWD - ok
16:43:41.0346 5896 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
16:43:41.0486 5896 RFCOMM - ok
16:43:41.0938 5896 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:43:42.0079 5896 rimmptsk - ok
16:43:42.0625 5896 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:43:42.0781 5896 rimsptsk - ok
16:43:43.0264 5896 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:43:43.0389 5896 rismxdp - ok
16:43:43.0998 5896 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
16:43:44.0138 5896 ROOTMODEM - ok
16:43:44.0887 5896 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:43:45.0183 5896 rspndr - ok
16:43:45.0542 5896 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:43:45.0589 5896 sbp2port - ok
16:43:46.0088 5896 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:43:46.0182 5896 sdbus - ok
16:43:46.0712 5896 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:43:46.0852 5896 secdrv - ok
16:43:47.0102 5896 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
16:43:47.0227 5896 Serenum - ok
16:43:47.0710 5896 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:43:47.0944 5896 Serial - ok
16:43:48.0459 5896 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:43:48.0568 5896 sermouse - ok
16:43:49.0083 5896 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
16:43:49.0224 5896 sffdisk - ok
16:43:50.0300 5896 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
16:43:50.0456 5896 sffp_mmc - ok
16:43:50.0986 5896 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:43:51.0127 5896 sffp_sd - ok
16:43:51.0517 5896 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:43:51.0720 5896 sfloppy - ok
16:43:52.0297 5896 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
16:43:52.0390 5896 sisagp - ok
16:43:52.0827 5896 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:43:52.0905 5896 SiSRaid2 - ok
16:43:53.0514 5896 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:43:53.0607 5896 SiSRaid4 - ok
16:43:54.0075 5896 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:43:54.0216 5896 Smb - ok
16:43:54.0808 5896 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:43:54.0902 5896 spldr - ok
16:43:55.0495 5896 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:43:55.0698 5896 srv - ok
16:43:56.0244 5896 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:43:56.0446 5896 srv2 - ok
16:43:56.0992 5896 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:43:57.0102 5896 srvnet - ok
16:43:57.0554 5896 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:43:57.0632 5896 ssmdrv - ok
16:43:58.0318 5896 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
16:43:58.0646 5896 STHDA - ok
16:43:59.0067 5896 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:43:59.0130 5896 swenum - ok
16:43:59.0598 5896 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:43:59.0722 5896 Symc8xx - ok
16:44:00.0175 5896 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:44:00.0237 5896 Sym_hi - ok
16:44:00.0799 5896 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:44:00.0892 5896 Sym_u3 - ok
16:44:01.0470 5896 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:44:02.0125 5896 Tcpip - ok
16:44:02.0577 5896 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:44:02.0655 5896 Tcpip6 - ok
16:44:03.0170 5896 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:44:03.0279 5896 tcpipreg - ok
16:44:03.0856 5896 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:44:04.0012 5896 TDPIPE - ok
16:44:04.0558 5896 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:44:04.0746 5896 TDTCP - ok
16:44:05.0198 5896 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:44:05.0354 5896 tdx - ok
16:44:05.0697 5896 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:44:05.0791 5896 TermDD - ok
16:44:06.0212 5896 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:06.0337 5896 tssecsrv - ok
16:44:06.0805 5896 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:44:06.0945 5896 tunmp - ok
16:44:07.0460 5896 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:44:07.0632 5896 tunnel - ok
16:44:08.0240 5896 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:44:08.0318 5896 uagp35 - ok
16:44:08.0880 5896 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:44:09.0036 5896 udfs - ok
16:44:09.0582 5896 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
16:44:09.0660 5896 uliagpkx - ok
16:44:10.0299 5896 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:44:10.0455 5896 uliahci - ok
16:44:10.0845 5896 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:44:10.0939 5896 UlSata - ok
16:44:11.0407 5896 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:44:11.0516 5896 ulsata2 - ok
16:44:11.0906 5896 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:44:12.0046 5896 umbus - ok
16:44:12.0624 5896 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:12.0764 5896 usbccgp - ok
16:44:13.0045 5896 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:44:13.0279 5896 usbcir - ok
16:44:13.0918 5896 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:44:14.0043 5896 usbehci - ok
16:44:14.0402 5896 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:44:14.0589 5896 usbhub - ok
16:44:15.0073 5896 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:44:15.0260 5896 usbohci - ok
16:44:16.0040 5896 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:44:16.0383 5896 usbprint - ok
16:44:17.0038 5896 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:44:17.0226 5896 usbscan - ok
16:44:17.0803 5896 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:44:17.0959 5896 USBSTOR - ok
16:44:18.0552 5896 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:44:18.0661 5896 usbuhci - ok
16:44:19.0144 5896 VComm (51750b0539986186c6931fc40d171521) C:\Windows\system32\DRIVERS\VComm.sys
16:44:19.0222 5896 VComm - ok
16:44:19.0628 5896 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\Windows\system32\Drivers\VcommMgr.sys
16:44:19.0722 5896 VcommMgr - ok
16:44:20.0221 5896 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:20.0424 5896 vga - ok
16:44:20.0892 5896 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:44:21.0032 5896 VgaSave - ok
16:44:21.0656 5896 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
16:44:21.0750 5896 viaagp - ok
16:44:22.0296 5896 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:44:22.0498 5896 ViaC7 - ok
16:44:23.0278 5896 viaide (689547ce911998d1e0da7a5992e025fc) C:\Windows\system32\drivers\viaide.sys
16:44:23.0356 5896 viaide - ok
16:44:23.0512 5896 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:44:23.0575 5896 volmgr - ok
16:44:23.0934 5896 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:44:24.0058 5896 volmgrx - ok
16:44:24.0573 5896 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:44:24.0667 5896 volsnap - ok
16:44:25.0197 5896 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
16:44:25.0275 5896 vpnva - ok
16:44:25.0774 5896 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:44:25.0868 5896 vsmraid - ok
16:44:26.0274 5896 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:44:26.0445 5896 WacomPen - ok
16:44:26.0960 5896 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:27.0100 5896 Wanarp - ok
16:44:27.0116 5896 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:44:27.0163 5896 Wanarpv6 - ok
16:44:27.0537 5896 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:44:27.0646 5896 Wd - ok
16:44:28.0177 5896 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:44:28.0348 5896 Wdf01000 - ok
16:44:28.0832 5896 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:44:28.0972 5896 winachsf - ok
16:44:29.0581 5896 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:44:29.0659 5896 WmiAcpi - ok
16:44:30.0018 5896 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:44:30.0174 5896 WpdUsb - ok
16:44:30.0298 5896 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:44:30.0423 5896 ws2ifsl - ok
16:44:30.0548 5896 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:30.0657 5896 WUDFRd - ok
16:44:30.0735 5896 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:44:30.0782 5896 XAudio - ok
16:44:30.0922 5896 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
16:44:31.0032 5896 yukonwlh - ok
16:44:31.0110 5896 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:44:31.0297 5896 \Device\Harddisk0\DR0 - ok
16:44:31.0344 5896 Boot (0x1200) (293e1023632a465dd237e47019bdb3dc) \Device\Harddisk0\DR0\Partition0
16:44:31.0344 5896 \Device\Harddisk0\DR0\Partition0 - ok
16:44:31.0344 5896 Boot (0x1200) (36f83092e4e3be7d2f2c7764cab9bc57) \Device\Harddisk0\DR0\Partition1
16:44:31.0359 5896 \Device\Harddisk0\DR0\Partition1 - ok
16:44:31.0359 5896 ============================================================
16:44:31.0359 5896 Scan finished
16:44:31.0359 5896 ============================================================
16:44:31.0390 5888 Detected object count: 0
16:44:31.0390 5888 Actual detected object count: 0
|
|
04.02.2012, 13:30
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
04.02.2012, 15:00
| #19 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! combofix erledigt, hier das log: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-03.02 - Fabian 04.02.2012 14:28:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.1116 [GMT 1:00]
ausgeführt von:: c:\users\Babe\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Fabian\AppData\Local\assembly\tmp
c:\users\Fabian\AppData\Local\TempDIR
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-04 bis 2012-02-04 ))))))))))))))))))))))))))))))
.
.
2012-02-04 13:39 . 2012-02-04 13:40 -------- d-----w- c:\users\Fabian\AppData\Local\temp
2012-02-04 13:39 . 2012-02-04 13:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-04 13:39 . 2012-02-04 13:39 -------- d-----w- c:\users\Babe 2\AppData\Local\temp
2012-02-04 11:50 . 2012-02-04 11:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A92AF949-71F4-4C5F-A94A-789D2B120303}\offreg.dll
2012-02-03 15:34 . 2012-02-03 15:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-03 14:23 . 2012-02-03 14:23 -------- d-----w- c:\users\Babe\AppData\Roaming\TuneUp Software
2012-02-03 14:14 . 2012-02-03 14:14 -------- d-----w- c:\users\Fabian\AppData\Roaming\TuneUp Software
2012-02-03 14:12 . 2012-02-03 14:15 -------- d-----w- c:\programdata\TuneUp Software
2012-02-03 14:12 . 2012-02-03 14:12 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-03 13:30 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A92AF949-71F4-4C5F-A94A-789D2B120303}\mpengine.dll
2012-02-02 18:07 . 2012-02-02 18:07 -------- d-----w- C:\_OTL
2012-01-31 22:32 . 2012-02-03 23:51 -------- d-----w- c:\users\Babe\AppData\Local\PokerStars
2012-01-31 00:11 . 2012-01-31 00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 21:33 . 2012-01-30 21:33 -------- d-----w- c:\program files\ESET
2012-01-28 20:13 . 2012-01-28 20:14 -------- d-----w- c:\users\Fabian\AppData\Local\PokerStars
2012-01-28 20:13 . 2012-01-28 20:13 -------- d-----w- c:\program files\PokerStars
2012-01-28 20:05 . 2012-01-28 20:08 -------- d-----w- c:\users\Babe\AppData\Local\FullTiltPoker
2012-01-28 19:54 . 2012-01-28 19:54 -------- d-----w- c:\users\Babe\AppData\Local\Conduit
2012-01-25 11:10 . 2012-01-25 11:10 -------- d-----w- C:\Fabian_abOktober10
2012-01-23 18:51 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-23 18:51 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-23 18:51 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 18:51 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 18:51 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 18:51 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-23 18:39 . 2012-01-23 18:39 -------- d-----w- c:\program files\iPod
2012-01-23 18:39 . 2012-01-23 18:39 -------- d-----w- C:\Fabian_abMai08
2012-01-23 11:53 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-23 11:53 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-23 11:53 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-23 11:52 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-23 11:52 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-23 11:52 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-23 11:52 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-23 11:52 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-23 11:40 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-23 11:21 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-23 11:21 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-23 11:21 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-23 11:20 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-23 11:19 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 15:36 . 2009-10-21 10:48 226280 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-01-26 23:21 . 2009-10-02 16:34 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 18:23 . 2011-05-15 17:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-08 21:39 . 2011-10-15 08:20 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-30 18:39 . 2011-03-22 19:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ---ha-w- c:\users\Fabian\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"iTunesHelper"="c:\fabian_abmai08\Programme\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2011-12-24 1080904]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-26 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
SetPoint.lnk - c:\programme\SetPoint\SetPoint.exe [2008-5-10 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 15:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 09:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 16:22 421736 ----a-w- c:\fabian_abmai08\Programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ---ha-w- c:\fabian_abjan10\Programme\TomTom\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3497887377-387843333-1673539603-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001Core.job
- c:\users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 01:24]
.
2012-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001UA.job
- c:\users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-05 01:24]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 15:22]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 15:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D40413F7-9AC5-46FE-84B2-EDA3193D2645}: NameServer = 10.10.10.1
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-conhost - c:\users\Fabian\AppData\Roaming\Microsoft\conhost.exe
SafeBoot-85869856.sys
MSConfigStartUp-13906258451053471646257583519029 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-oovoo - c:\program files\ooVoo\oovoo.exe
AddRemove-Excel to PDF Converter_is1 - c:\fabian_ab13oktober08\Programme\xls2pdf\unins000.exe
AddRemove-Free M4a to MP3 Converter_is1 - c:\fabian_aboktober10\Programme\Youtube converter\mp4 to mp3\unins000.exe
AddRemove-gretl_is1 - c:\fabian_aboktober10\Programme\gretl\unins000.exe
AddRemove-Icy Tower v1.4_is1 - c:\fabian_aboktober10\Programme\Icy Tower\icytower1.4\unins000.exe
AddRemove-PDF to Excel 22_is1 - c:\fabian_ab13oktober08\Programme\PDF to Excel 22\unins000.exe
AddRemove-PokerStars.net - c:\program files\PokerStars.NET\PokerStarsUninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-Winamp Toolbar for Firefox - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\t9k1hfdu.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-04 14:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,d3,bd,9d,7a,53,c7,4c,87,9e,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,d3,bd,9d,7a,53,c7,4c,87,9e,fd,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6092)
c:\programme\SetPoint\lgscroll.dll
.
Zeit der Fertigstellung: 2012-02-04 14:55:36
ComboFix-quarantined-files.txt 2012-02-04 13:55
.
Vor Suchlauf: 24 Verzeichnis(se), 19.645.906.944 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 19.802.968.064 Bytes frei
.
- - End Of File - - 0498577B19624A1B44EA64FAA15109B2
|
|
05.02.2012, 18:34
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 23:13
| #21 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! hi, GMER ist leider immer abgestürzt. anbei die beiden logs von OSAM und aswMBR. da ich mir nicht selber antworten kann (sonst siehst du nicht mehr, dass ich geschrieben hab..) bitte mir schreiben wenn das prozedere mit den logs machen vorbei ist, nur damit ich das weiß OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:46:46 on 06.02.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001Core.job" - "Facebook Inc." - C:\Users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-3497887377-387843333-1673539603-1001UA.job" - "Facebook Inc." - C:\Users\Babe\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\Windows\system32\BCMWLCPL.CPL "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "DMdm32.cpl" - ? - C:\Windows\system32\DMdm32.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "BCM42RLY" (BCM42RLY) - ? - C:\Windows\System32\drivers\BCM42RLY.sys (File not found) "Beep" (Beep) - ? - C:\Windows\system32\drivers\Beep.sys (File not found) "catchme" (catchme) - ? - C:\Users\Fabian\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\FA0E9B~1\PROGRA~1\YOUTUB~1\MP4TOM~1\m4a_menu.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Fabian_abMai08\Programme\iTunes\iTunesMiniPlayer.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - (File not found) {8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} "IZArc Shell Context Menu" - ? - (File not found) {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech Inc." - C:\Programme\SetPoint\kbcplext.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech Inc." - C:\Programme\SetPoint\mcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.0.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ6" - "ICQ, LLC." - C:\Fabian_abAugust09\Programme\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe (Shortcut exists | File exists) "QuickSet.lnk" - "Dell Inc." - C:\Program Files\Dell\QuickSet\quickset.exe (Shortcut exists | File exists) "SetPoint.lnk" - "Logitech Inc." - C:\Programme\SetPoint\SetPoint.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "dellsupportcenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter "dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" "FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Fabian_abMai08\Programme\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "OrderReminder" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe "PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe" "SearchSettings" - "GreenTree Applications, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- " Malwarebytes Anti-Malware " - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent " Malwarebytes Anti-Malware (cleanup)" - "Malwarebytes Corporation" - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFConverter" - ? - C:\Windows\system32\pdfmonnt.dll (File found, but it contains no detailed information) "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "PrimoMon" - ? - C:\Windows\system32\Primomonnt.dll (File found, but it contains no detailed information) "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "VeryPDF" - ? - C:\Windows\system32\_pdfxp.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - ? - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (File not found) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Program Files\Canon\CAL\CALMAIN.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "SafeConnect Manager" (SCManager) - "Impulse Point, LLC" - C:\Program Files\SafeConnect\scManager.sys "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Fabian_abJan10\Programme\TomTom\TomTomHOMEService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-06 22:47:33
-----------------------------
22:47:33.565 OS Version: Windows 6.0.6002 Service Pack 2
22:47:33.565 Number of processors: 2 586 0xF0D
22:47:33.565 ComputerName: FMNOTEBOOK UserName: Fabian
22:47:35.468 Initialize success
22:48:31.620 AVAST engine defs: 12020601
22:51:09.165 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:51:09.165 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
22:51:09.196 Disk 0 MBR read successfully
22:51:09.196 Disk 0 MBR scan
22:51:09.211 Disk 0 Windows VISTA default MBR code
22:51:09.227 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
22:51:09.243 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 194560
22:51:09.274 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139730 MB offset 21166080
22:51:09.289 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
22:51:09.336 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
22:51:09.352 Disk 0 scanning sectors +312578048
22:51:09.430 Disk 0 scanning C:\Windows\system32\drivers
22:51:28.384 Service scanning
22:51:30.037 Modules scanning
22:51:41.394 Disk 0 trace - called modules:
22:51:41.441 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:51:41.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8660dac8]
22:51:41.472 3 CLASSPNP.SYS[8899e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85602030]
22:51:42.705 AVAST engine scan C:\Windows
22:51:48.523 AVAST engine scan C:\Windows\system32
22:57:12.968 AVAST engine scan C:\Windows\system32\drivers
22:57:37.741 AVAST engine scan C:\Users\Fabian
23:01:41.635 AVAST engine scan C:\ProgramData
23:06:11.335 Scan finished successfully
23:07:27.693 Disk 0 MBR has been saved successfully to "C:\Users\Babe\Desktop\MBR.dat"
23:07:27.708 The log file has been saved successfully to "C:\Users\Babe\Desktop\aswMBR.txt"
|
|
07.02.2012, 09:48
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.02.2012, 11:17
| #23 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! hier die logs, malware hat nichts gefunden, SASW schon (SASW hatte zuviele zeilen für code tags, daher angehängt): Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.07.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Fabian :: FMNOTEBOOK [Administrator] 07.02.2012 13:27:57 mbam-log-2012-02-07 (13-27-57).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 446310 Laufzeit: 9 Stunde(n), 25 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.02.2012, 12:10
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! Sieht ok aus, da wurden nur Cookies gefunden und ein Überrest, kann alles weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2012, 09:57
| #25 |
| | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! ich hab alles von SUPERAntiSpyware entfernt und dann wie angegeben nochmal im abgesicherten modus einen scan gemacht, keine funde, log angehängt. es läuft alles soweit wieder, wobei ich deine meinung zu den folgenden beiden problemen sehr schätzen würde: was ich tun kann bzw. ein guter ansprechpartner bei trojaner-board würde mir helfen. 1) Wenn ich neue Seiten aufrufe von google (damit meine ich keine seite wie facebook.com die man ständig aufruft) werde ich immer redirected zu komischen anderen seiten, muss dann immer zurück klicken und ca. beim vierten mal auf den google link klicken läd sich dann endlich die richtige seite.. 2) mein laptop ist allgemein sehr langsam und ich denke es liegt daran dass ich da jede menge zeug (verwaiste dateien, prozesse/dienste) drauf hab was überflüssig ist und nur speicher verbraucht und dadurch der laptop langsamer wird. kann man das iwie überprüfen, gibts für sowas eine schwarze liste oder ... ? danke für deine hilfe! Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/09/2012 at 08:24 AM
Application Version : 5.0.1144
Core Rules Database Version : 8219
Trace Rules Database Version: 6031
Scan type : Complete Scan
Total Scan Time : 03:03:44
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Limited User
Memory items scanned : 283
Memory threats detected : 0
Registry items scanned : 34436
Registry threats detected : 0
File items scanned : 247234
File threats detected : 0
|
|
09.02.2012, 15:44
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Achtung! Ihr Windowssystem wird aus Sicherheitsgründen gesperrt! |
| achtung, achtung!, aus sicherheitsgründen, bereits, durchgeführt, ergebnisse, gesperrt, hallo zusammen, helft, infiziert, laptop, scan, sicherheitsgründe, sicherheitsgründen, virus/trojaner, windowssystem, wurde ihr, zusammen |
Linear-Darstellung
