| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware oder Fehlalarm?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.03.2012, 17:15
| #16 |
 |  Malware oder Fehlalarm?Code:
ATTFilter 17:13:09.0480 1032 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:13:09.0620 1032 ============================================================
17:13:09.0620 1032 Current date / time: 2012/03/16 17:13:09.0620
17:13:09.0620 1032 SystemInfo:
17:13:09.0620 1032
17:13:09.0620 1032 OS Version: 6.1.7601 ServicePack: 1.0
17:13:09.0620 1032 Product type: Workstation
17:13:09.0620 1032 ComputerName: JOHANNES-PC
17:13:09.0620 1032 UserName: Johannes
17:13:09.0620 1032 Windows directory: C:\Windows
17:13:09.0620 1032 System windows directory: C:\Windows
17:13:09.0620 1032 Running under WOW64
17:13:09.0620 1032 Processor architecture: Intel x64
17:13:09.0620 1032 Number of processors: 4
17:13:09.0620 1032 Page size: 0x1000
17:13:09.0620 1032 Boot type: Normal boot
17:13:09.0620 1032 ============================================================
17:13:10.0090 1032 Drive \Device\Harddisk0\DR0 - Size: 0xE8DCDB0000 (931.45 Gb), SectorSize: 0x200, Cylinders: 0x1DAF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:10.0110 1032 \Device\Harddisk0\DR0:
17:13:10.0110 1032 MBR used
17:13:10.0110 1032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
17:13:10.0110 1032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x395BD000
17:13:10.0110 1032 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B147817, BlocksNum 0x3959EBA2
17:13:10.0150 1032 Initialize success
17:13:10.0150 1032 ============================================================
17:13:45.0085 1756 ============================================================
17:13:45.0085 1756 Scan started
17:13:45.0085 1756 Mode: Manual; SigCheck; TDLFS;
17:13:45.0085 1756 ============================================================
17:13:45.0365 1756 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:13:45.0415 1756 1394ohci - ok
17:13:45.0445 1756 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:13:45.0455 1756 ACPI - ok
17:13:45.0475 1756 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:13:45.0515 1756 AcpiPmi - ok
17:13:45.0565 1756 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:45.0575 1756 adp94xx - ok
17:13:45.0585 1756 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:13:45.0605 1756 adpahci - ok
17:13:45.0615 1756 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:13:45.0615 1756 adpu320 - ok
17:13:45.0675 1756 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:13:45.0735 1756 AFD - ok
17:13:45.0755 1756 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:13:45.0755 1756 agp440 - ok
17:13:45.0785 1756 ahcix64s (367bb1682a128ddf23182b370769771e) C:\Windows\system32\DRIVERS\ahcix64s.sys
17:13:45.0815 1756 ahcix64s - ok
17:13:45.0845 1756 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:13:45.0855 1756 aliide - ok
17:13:45.0875 1756 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:13:45.0885 1756 amdide - ok
17:13:45.0905 1756 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:13:45.0935 1756 AmdK8 - ok
17:13:45.0955 1756 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:13:45.0975 1756 AmdPPM - ok
17:13:46.0005 1756 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:13:46.0015 1756 amdsata - ok
17:13:46.0035 1756 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:46.0045 1756 amdsbs - ok
17:13:46.0065 1756 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:13:46.0065 1756 amdxata - ok
17:13:46.0125 1756 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:13:46.0205 1756 AppID - ok
17:13:46.0255 1756 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:13:46.0285 1756 arc - ok
17:13:46.0295 1756 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:13:46.0305 1756 arcsas - ok
17:13:46.0325 1756 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:46.0375 1756 AsyncMac - ok
17:13:46.0395 1756 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:13:46.0405 1756 atapi - ok
17:13:46.0425 1756 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:13:46.0425 1756 AtiPcie - ok
17:13:46.0495 1756 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
17:13:46.0505 1756 avgntflt - ok
17:13:46.0535 1756 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
17:13:46.0545 1756 avipbb - ok
17:13:46.0585 1756 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:13:46.0595 1756 avkmgr - ok
17:13:46.0635 1756 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:13:46.0695 1756 b06bdrv - ok
17:13:46.0715 1756 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:13:46.0755 1756 b57nd60a - ok
17:13:46.0795 1756 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:13:46.0845 1756 Beep - ok
17:13:46.0885 1756 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:46.0895 1756 blbdrive - ok
17:13:46.0935 1756 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:13:46.0955 1756 bowser - ok
17:13:46.0955 1756 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:46.0975 1756 BrFiltLo - ok
17:13:46.0975 1756 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:46.0995 1756 BrFiltUp - ok
17:13:47.0015 1756 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:13:47.0045 1756 Brserid - ok
17:13:47.0055 1756 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:47.0075 1756 BrSerWdm - ok
17:13:47.0085 1756 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:47.0105 1756 BrUsbMdm - ok
17:13:47.0115 1756 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:47.0135 1756 BrUsbSer - ok
17:13:47.0145 1756 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:47.0155 1756 BTHMODEM - ok
17:13:47.0185 1756 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:13:47.0215 1756 cdfs - ok
17:13:47.0235 1756 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:13:47.0245 1756 cdrom - ok
17:13:47.0265 1756 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:13:47.0295 1756 circlass - ok
17:13:47.0315 1756 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:13:47.0335 1756 CLFS - ok
17:13:47.0355 1756 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:47.0365 1756 CmBatt - ok
17:13:47.0385 1756 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:13:47.0385 1756 cmdide - ok
17:13:47.0435 1756 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:13:47.0485 1756 CNG - ok
17:13:47.0495 1756 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:13:47.0505 1756 Compbatt - ok
17:13:47.0545 1756 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:13:47.0585 1756 CompositeBus - ok
17:13:47.0605 1756 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:47.0615 1756 crcdisk - ok
17:13:47.0685 1756 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:13:47.0725 1756 DfsC - ok
17:13:47.0735 1756 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:13:47.0765 1756 discache - ok
17:13:47.0785 1756 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:13:47.0785 1756 Disk - ok
17:13:47.0825 1756 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:13:47.0855 1756 drmkaud - ok
17:13:47.0915 1756 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:13:47.0945 1756 DXGKrnl - ok
17:13:47.0955 1756 EagleX64 - ok
17:13:48.0045 1756 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:13:48.0155 1756 ebdrv - ok
17:13:48.0195 1756 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:13:48.0205 1756 elxstor - ok
17:13:48.0225 1756 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:13:48.0255 1756 ErrDev - ok
17:13:48.0265 1756 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:13:48.0295 1756 exfat - ok
17:13:48.0315 1756 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:13:48.0355 1756 fastfat - ok
17:13:48.0365 1756 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:13:48.0395 1756 fdc - ok
17:13:48.0405 1756 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:13:48.0415 1756 FileInfo - ok
17:13:48.0435 1756 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:13:48.0475 1756 Filetrace - ok
17:13:48.0485 1756 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:48.0495 1756 flpydisk - ok
17:13:48.0535 1756 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:13:48.0565 1756 FltMgr - ok
17:13:48.0595 1756 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:13:48.0605 1756 FsDepends - ok
17:13:48.0615 1756 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:13:48.0625 1756 Fs_Rec - ok
17:13:48.0675 1756 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:13:48.0695 1756 fvevol - ok
17:13:48.0705 1756 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:48.0715 1756 gagp30kx - ok
17:13:48.0775 1756 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:13:48.0795 1756 GEARAspiWDM - ok
17:13:48.0865 1756 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
17:13:48.0875 1756 hamachi - ok
17:13:48.0885 1756 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:13:48.0925 1756 hcw85cir - ok
17:13:48.0966 1756 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:13:48.0976 1756 HdAudAddService - ok
17:13:49.0006 1756 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:13:49.0036 1756 HDAudBus - ok
17:13:49.0056 1756 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:49.0086 1756 HidBatt - ok
17:13:49.0096 1756 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:13:49.0126 1756 HidBth - ok
17:13:49.0136 1756 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:13:49.0166 1756 HidIr - ok
17:13:49.0176 1756 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:13:49.0206 1756 HidUsb - ok
17:13:49.0246 1756 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:13:49.0266 1756 HpSAMD - ok
17:13:49.0316 1756 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:13:49.0406 1756 HTTP - ok
17:13:49.0446 1756 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:13:49.0456 1756 hwpolicy - ok
17:13:49.0496 1756 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:13:49.0506 1756 i8042prt - ok
17:13:49.0556 1756 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:13:49.0576 1756 iaStorV - ok
17:13:49.0596 1756 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:13:49.0616 1756 iirsp - ok
17:13:49.0726 1756 IntcAzAudAddService (6feceb88cbb6e761e9194f5711f02102) C:\Windows\system32\drivers\RTKVHD64.sys
17:13:49.0756 1756 IntcAzAudAddService - ok
17:13:49.0776 1756 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:13:49.0786 1756 intelide - ok
17:13:49.0796 1756 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:13:49.0816 1756 intelppm - ok
17:13:49.0876 1756 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:49.0946 1756 IpFilterDriver - ok
17:13:49.0966 1756 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:13:50.0006 1756 IPMIDRV - ok
17:13:50.0016 1756 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:13:50.0076 1756 IPNAT - ok
17:13:50.0106 1756 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:13:50.0206 1756 IRENUM - ok
17:13:50.0226 1756 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:13:50.0236 1756 isapnp - ok
17:13:50.0266 1756 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:13:50.0276 1756 iScsiPrt - ok
17:13:50.0306 1756 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:13:50.0306 1756 kbdclass - ok
17:13:50.0316 1756 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:13:50.0326 1756 kbdhid - ok
17:13:50.0376 1756 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:13:50.0376 1756 KSecDD - ok
17:13:50.0426 1756 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:13:50.0456 1756 KSecPkg - ok
17:13:50.0476 1756 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:13:50.0526 1756 ksthunk - ok
17:13:50.0556 1756 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:13:50.0586 1756 lltdio - ok
17:13:50.0606 1756 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:13:50.0616 1756 LSI_FC - ok
17:13:50.0626 1756 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:13:50.0636 1756 LSI_SAS - ok
17:13:50.0646 1756 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:13:50.0646 1756 LSI_SAS2 - ok
17:13:50.0656 1756 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:13:50.0666 1756 LSI_SCSI - ok
17:13:50.0676 1756 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:13:50.0716 1756 luafv - ok
17:13:50.0776 1756 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:13:50.0796 1756 MBAMProtector - ok
17:13:50.0816 1756 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:13:50.0826 1756 megasas - ok
17:13:50.0836 1756 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:13:50.0856 1756 MegaSR - ok
17:13:50.0866 1756 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:13:50.0906 1756 Modem - ok
17:13:50.0916 1756 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:13:50.0926 1756 monitor - ok
17:13:50.0946 1756 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:13:50.0946 1756 mouclass - ok
17:13:50.0966 1756 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:13:50.0976 1756 mouhid - ok
17:13:51.0016 1756 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:13:51.0036 1756 mountmgr - ok
17:13:51.0056 1756 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:13:51.0076 1756 mpio - ok
17:13:51.0086 1756 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:13:51.0126 1756 mpsdrv - ok
17:13:51.0166 1756 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:13:51.0246 1756 MRxDAV - ok
17:13:51.0276 1756 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:13:51.0296 1756 mrxsmb - ok
17:13:51.0316 1756 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:13:51.0336 1756 mrxsmb10 - ok
17:13:51.0366 1756 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:13:51.0376 1756 mrxsmb20 - ok
17:13:51.0396 1756 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:13:51.0406 1756 msahci - ok
17:13:51.0436 1756 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:13:51.0446 1756 msdsm - ok
17:13:51.0466 1756 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:13:51.0496 1756 Msfs - ok
17:13:51.0516 1756 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:13:51.0546 1756 mshidkmdf - ok
17:13:51.0566 1756 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:13:51.0576 1756 msisadrv - ok
17:13:51.0616 1756 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:13:51.0646 1756 MSKSSRV - ok
17:13:51.0656 1756 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:13:51.0686 1756 MSPCLOCK - ok
17:13:51.0696 1756 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:13:51.0726 1756 MSPQM - ok
17:13:51.0756 1756 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:13:51.0766 1756 MsRPC - ok
17:13:51.0796 1756 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:13:51.0806 1756 mssmbios - ok
17:13:51.0816 1756 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:13:51.0856 1756 MSTEE - ok
17:13:51.0866 1756 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:13:51.0886 1756 MTConfig - ok
17:13:51.0886 1756 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:13:51.0896 1756 Mup - ok
17:13:51.0926 1756 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
17:13:51.0936 1756 mwlPSDFilter - ok
17:13:51.0956 1756 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
17:13:51.0966 1756 mwlPSDNServ - ok
17:13:51.0986 1756 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
17:13:51.0986 1756 mwlPSDVDisk - ok
17:13:52.0026 1756 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:13:52.0056 1756 NativeWifiP - ok
17:13:52.0116 1756 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:13:52.0166 1756 NDIS - ok
17:13:52.0186 1756 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:13:52.0216 1756 NdisCap - ok
17:13:52.0226 1756 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:13:52.0256 1756 NdisTapi - ok
17:13:52.0296 1756 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:13:52.0316 1756 Ndisuio - ok
17:13:52.0356 1756 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:13:52.0386 1756 NdisWan - ok
17:13:52.0416 1756 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:13:52.0476 1756 NDProxy - ok
17:13:52.0486 1756 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:13:52.0526 1756 NetBIOS - ok
17:13:52.0556 1756 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:13:52.0586 1756 NetBT - ok
17:13:52.0626 1756 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:13:52.0636 1756 nfrd960 - ok
17:13:52.0656 1756 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:13:52.0686 1756 Npfs - ok
17:13:52.0696 1756 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:13:52.0736 1756 nsiproxy - ok
17:13:52.0806 1756 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:13:52.0866 1756 Ntfs - ok
17:13:52.0876 1756 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:13:52.0946 1756 Null - ok
17:13:53.0256 1756 nvlddmkm (4628fa8f0cc0d509bc14a223e99d36f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:13:53.0416 1756 nvlddmkm - ok
17:13:53.0456 1756 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:13:53.0466 1756 nvraid - ok
17:13:53.0496 1756 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:13:53.0506 1756 nvstor - ok
17:13:53.0536 1756 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:13:53.0546 1756 nv_agp - ok
17:13:53.0566 1756 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:13:53.0586 1756 ohci1394 - ok
17:13:53.0666 1756 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:13:53.0686 1756 Parport - ok
17:13:53.0696 1756 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:13:53.0716 1756 partmgr - ok
17:13:53.0746 1756 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:13:53.0756 1756 pci - ok
17:13:53.0786 1756 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:13:53.0786 1756 pciide - ok
17:13:53.0816 1756 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:13:53.0826 1756 pcmcia - ok
17:13:53.0846 1756 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:13:53.0846 1756 pcw - ok
17:13:53.0866 1756 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:13:53.0926 1756 PEAUTH - ok
17:13:54.0016 1756 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:13:54.0096 1756 PptpMiniport - ok
17:13:54.0116 1756 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:13:54.0126 1756 Processor - ok
17:13:54.0176 1756 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:13:54.0266 1756 Psched - ok
17:13:54.0316 1756 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:13:54.0386 1756 ql2300 - ok
17:13:54.0406 1756 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:13:54.0416 1756 ql40xx - ok
17:13:54.0436 1756 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:13:54.0466 1756 QWAVEdrv - ok
17:13:54.0486 1756 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:13:54.0526 1756 RasAcd - ok
17:13:54.0546 1756 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:13:54.0576 1756 RasAgileVpn - ok
17:13:54.0616 1756 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:13:54.0706 1756 Rasl2tp - ok
17:13:54.0716 1756 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:13:54.0766 1756 RasPppoe - ok
17:13:54.0776 1756 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:13:54.0816 1756 RasSstp - ok
17:13:54.0846 1756 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:13:54.0876 1756 rdbss - ok
17:13:54.0886 1756 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:13:54.0906 1756 rdpbus - ok
17:13:54.0926 1756 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:13:54.0966 1756 RDPCDD - ok
17:13:54.0986 1756 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:13:55.0056 1756 RDPENCDD - ok
17:13:55.0066 1756 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:13:55.0096 1756 RDPREFMP - ok
17:13:55.0136 1756 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:13:55.0176 1756 RDPWD - ok
17:13:55.0216 1756 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:13:55.0246 1756 rdyboost - ok
17:13:55.0276 1756 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:13:55.0306 1756 rspndr - ok
17:13:55.0336 1756 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:13:55.0346 1756 RTL8167 - ok
17:13:55.0376 1756 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:13:55.0386 1756 sbp2port - ok
17:13:55.0426 1756 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:13:55.0496 1756 scfilter - ok
17:13:55.0516 1756 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:13:55.0546 1756 secdrv - ok
17:13:55.0566 1756 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:13:55.0586 1756 Serenum - ok
17:13:55.0616 1756 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:13:55.0636 1756 Serial - ok
17:13:55.0656 1756 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:13:55.0676 1756 sermouse - ok
17:13:55.0716 1756 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:13:55.0756 1756 sffdisk - ok
17:13:55.0776 1756 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:13:55.0796 1756 sffp_mmc - ok
17:13:55.0806 1756 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:13:55.0836 1756 sffp_sd - ok
17:13:55.0856 1756 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:13:55.0876 1756 sfloppy - ok
17:13:55.0946 1756 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:13:55.0996 1756 Sftfs - ok
17:13:56.0036 1756 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:13:56.0046 1756 Sftplay - ok
17:13:56.0066 1756 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:13:56.0076 1756 Sftredir - ok
17:13:56.0086 1756 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:13:56.0086 1756 Sftvol - ok
17:13:56.0106 1756 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:13:56.0116 1756 SiSRaid2 - ok
17:13:56.0136 1756 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:13:56.0146 1756 SiSRaid4 - ok
17:13:56.0156 1756 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:13:56.0206 1756 Smb - ok
17:13:56.0226 1756 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:13:56.0236 1756 spldr - ok
17:13:56.0276 1756 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:13:56.0286 1756 srv - ok
17:13:56.0306 1756 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:13:56.0326 1756 srv2 - ok
17:13:56.0346 1756 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:13:56.0356 1756 srvnet - ok
17:13:56.0386 1756 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:13:56.0396 1756 stexstor - ok
17:13:56.0416 1756 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:13:56.0426 1756 swenum - ok
17:13:56.0496 1756 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:13:56.0546 1756 Tcpip - ok
17:13:56.0586 1756 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:13:56.0616 1756 TCPIP6 - ok
17:13:56.0636 1756 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:13:56.0696 1756 tcpipreg - ok
17:13:56.0726 1756 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:13:56.0736 1756 TDPIPE - ok
17:13:56.0766 1756 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:13:56.0806 1756 TDTCP - ok
17:13:56.0836 1756 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:13:56.0906 1756 tdx - ok
17:13:56.0926 1756 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:13:56.0936 1756 TermDD - ok
17:13:56.0976 1756 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:13:57.0016 1756 tssecsrv - ok
17:13:57.0056 1756 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:13:57.0086 1756 TsUsbFlt - ok
17:13:57.0146 1756 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:13:57.0216 1756 tunnel - ok
17:13:57.0226 1756 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:13:57.0226 1756 uagp35 - ok
17:13:57.0266 1756 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:13:57.0306 1756 udfs - ok
17:13:57.0336 1756 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:13:57.0336 1756 uliagpkx - ok
17:13:57.0366 1756 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:13:57.0396 1756 umbus - ok
17:13:57.0406 1756 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:13:57.0426 1756 UmPass - ok
17:13:57.0496 1756 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:13:57.0526 1756 usbaudio - ok
17:13:57.0556 1756 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:13:57.0566 1756 usbccgp - ok
17:13:57.0606 1756 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:13:57.0626 1756 usbcir - ok
17:13:57.0646 1756 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:13:57.0656 1756 usbehci - ok
17:13:57.0686 1756 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:13:57.0706 1756 usbhub - ok
17:13:57.0726 1756 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:13:57.0746 1756 usbohci - ok
17:13:57.0766 1756 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:13:57.0786 1756 usbprint - ok
17:13:57.0816 1756 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:13:57.0826 1756 USBSTOR - ok
17:13:57.0846 1756 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:13:57.0856 1756 usbuhci - ok
17:13:57.0866 1756 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:13:57.0876 1756 vdrvroot - ok
17:13:57.0886 1756 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:13:57.0896 1756 vga - ok
17:13:57.0926 1756 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:13:57.0956 1756 VgaSave - ok
17:13:58.0007 1756 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:13:58.0037 1756 vhdmp - ok
17:13:58.0177 1756 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:13:58.0207 1756 viaide - ok
17:13:58.0247 1756 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:13:58.0267 1756 volmgr - ok
17:13:58.0307 1756 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:13:58.0337 1756 volmgrx - ok
17:13:58.0357 1756 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:13:58.0377 1756 volsnap - ok
17:13:58.0407 1756 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:13:58.0417 1756 vsmraid - ok
17:13:58.0447 1756 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:13:58.0467 1756 vwifibus - ok
17:13:58.0477 1756 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:13:58.0507 1756 WacomPen - ok
17:13:58.0527 1756 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:13:58.0547 1756 WANARP - ok
17:13:58.0557 1756 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:13:58.0577 1756 Wanarpv6 - ok
17:13:58.0597 1756 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:13:58.0607 1756 Wd - ok
17:13:58.0627 1756 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:13:58.0647 1756 Wdf01000 - ok
17:13:58.0677 1756 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:13:58.0697 1756 WfpLwf - ok
17:13:58.0707 1756 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:13:58.0717 1756 WIMMount - ok
17:13:58.0757 1756 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:13:58.0767 1756 WmiAcpi - ok
17:13:58.0787 1756 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:13:58.0817 1756 ws2ifsl - ok
17:13:58.0867 1756 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:13:58.0927 1756 WudfPf - ok
17:13:58.0947 1756 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:13:58.0987 1756 WUDFRd - ok
17:13:59.0047 1756 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
17:13:59.0087 1756 xusb21 - ok
17:13:59.0117 1756 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:13:59.0317 1756 \Device\Harddisk0\DR0 - ok
17:13:59.0337 1756 Boot (0x1200) (b57f793d31ccf623b804a8d8d8da0edc) \Device\Harddisk0\DR0\Partition0
17:13:59.0337 1756 \Device\Harddisk0\DR0\Partition0 - ok
17:13:59.0347 1756 Boot (0x1200) (09820334e27fb3be82cfe56c5bea0b8b) \Device\Harddisk0\DR0\Partition1
17:13:59.0347 1756 \Device\Harddisk0\DR0\Partition1 - ok
17:13:59.0377 1756 Boot (0x1200) (a3dc52930d3484542bfad31a12e6f044) \Device\Harddisk0\DR0\Partition2
17:13:59.0377 1756 \Device\Harddisk0\DR0\Partition2 - ok
17:13:59.0377 1756 ============================================================
17:13:59.0377 1756 Scan finished
17:13:59.0377 1756 ============================================================
17:13:59.0387 5040 Detected object count: 0
17:13:59.0387 5040 Actual detected object count: 0
|
|
16.03.2012, 17:18
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malware oder Fehlalarm? Da könnte noch was drauf sein
__________________Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
16.03.2012, 17:41
| #18 |
| | Malware oder Fehlalarm? Combofix Logfile:
__________________Code:
ATTFilter ComboFix 12-03-16.03 - Johannes 16.03.2012 17:25:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8176.6596 [GMT 1:00]
ausgeführt von:: c:\users\Johannes\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-16 bis 2012-03-16 ))))))))))))))))))))))))))))))
.
.
2012-03-16 14:19 . 2012-03-16 14:19 -------- d-----w- C:\_OTL
2012-03-16 14:19 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5897B5C5-5F63-4952-9DA4-B3CD46DF5EB2}\mpengine.dll
2012-03-14 19:33 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 19:33 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 19:33 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:24 . 2012-03-14 17:24 -------- d-----w- c:\program files (x86)\ESET
2012-03-14 14:37 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:37 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:37 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:36 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:36 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:36 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:36 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 14:36 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:36 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:36 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 20:37 . 2012-03-13 20:37 -------- d-----w- c:\users\Johannes\AppData\Roaming\Malwarebytes
2012-03-13 20:37 . 2012-03-13 20:37 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 20:37 . 2012-03-13 20:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 20:37 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 13:24 . 2012-03-12 13:26 -------- d-----w- c:\users\Johannes\AppData\Roaming\Apple Computer
2012-03-12 13:24 . 2012-03-12 13:24 -------- d-----w- c:\users\Johannes\AppData\Local\Apple Computer
2012-03-12 13:23 . 2012-03-12 13:23 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-12 13:22 . 2012-03-12 13:22 -------- d-----w- c:\programdata\Apple
2012-03-11 16:31 . 2012-03-13 22:23 -------- d-----w- c:\programdata\SecTaskMan
2012-03-11 16:31 . 2012-03-11 16:31 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-03-08 17:10 . 2012-03-08 17:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-08 17:10 . 2012-03-08 17:10 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-03-08 17:10 . 2012-03-08 17:10 -------- d-----w- c:\program files (x86)\Java
2012-03-07 16:54 . 2012-03-07 16:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-29 14:21 . 2012-02-29 14:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-02-19 15:55 . 2012-02-19 15:55 -------- d-----w- c:\programdata\Nexon
2012-02-19 14:06 . 2012-02-19 15:54 -------- d-----w- C:\Download
2012-02-19 14:05 . 2012-02-19 15:52 -------- d-----w- C:\Nexon
2012-02-19 14:05 . 2012-02-19 14:05 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-02-19 14:05 . 2012-02-19 14:05 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-02-16 14:57 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 14:57 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 14:57 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 14:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 14:57 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 14:57 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 14:57 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 17:10 . 2011-08-17 16:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 08:18 . 2011-08-17 16:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 14:50 . 2011-08-17 16:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 16:56 . 2011-10-20 10:55 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-29 17:21 . 2011-09-05 15:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-29 17:21 . 2011-09-05 15:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-29 17:21 . 2011-09-05 15:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-29 17:21 . 2011-09-05 15:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-17 1242448]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-02-19 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-04-15 124136]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 135664]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 15:06]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 15:06]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820378941-3440087322-173894445-1000Core.job
- c:\users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 19:29]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820378941-3440087322-173894445-1000UA.job
- c:\users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-20 19:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\wll5mwhn.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-16 17:36:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-16 16:36
.
Vor Suchlauf: 12 Verzeichnis(se), 341.504.086.016 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 341.126.897.664 Bytes frei
.
- - End Of File - - 72DBC12D0FAD0A55196E213ACF54C241
|
|
16.03.2012, 18:29
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware oder Fehlalarm? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2012, 18:40
| #20 |
| | Malware oder Fehlalarm?Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-16 18:30:22
-----------------------------
18:30:22.617 OS Version: Windows x64 6.1.7601 Service Pack 1
18:30:22.617 Number of processors: 4 586 0x502
18:30:22.617 ComputerName: JOHANNES-PC UserName: Johannes
18:30:24.910 Initialize success
18:33:23.959 AVAST engine defs: 12031600
18:33:30.448 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
18:33:30.464 Disk 0 Vendor: WDC_____ 80.0 Size: 953805MB BusType: 8
18:33:30.480 Disk 0 MBR read successfully
18:33:30.480 Disk 0 MBR scan
18:33:30.480 Disk 0 Windows 7 default MBR code
18:33:30.495 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
18:33:30.511 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
18:33:30.542 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 469882 MB offset 28878848
18:33:30.558 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 469821 MB offset 991197207
18:33:30.604 Disk 0 scanning C:\Windows\system32\drivers
18:33:38.935 Service scanning
18:33:55.486 Modules scanning
18:33:55.502 Disk 0 trace - called modules:
18:33:55.533 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
18:33:55.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082a4060]
18:33:55.533 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80078e09c0]
18:33:57.920 AVAST engine scan C:\Windows
18:34:01.945 AVAST engine scan C:\Windows\system32
18:36:23.952 AVAST engine scan C:\Windows\system32\drivers
18:36:35.059 AVAST engine scan C:\Users\Johannes
18:38:24.822 AVAST engine scan C:\ProgramData
18:38:58.128 Scan finished successfully
18:39:08.206 Disk 0 MBR has been saved successfully to "C:\Users\Johannes\Desktop\MBR.dat"
18:39:08.206 The log file has been saved successfully to "C:\Users\Johannes\Desktop\aswMBR.txt"
|
|
16.03.2012, 19:13
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware oder Fehlalarm? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Malware oder Fehlalarm? |
|
16.03.2012, 20:54
| #22 |
| | Malware oder Fehlalarm?Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/16/2012 at 08:49 PM
Application Version : 5.0.1146
Core Rules Database Version : 8344
Trace Rules Database Version: 6156
Scan type : Complete Scan
Total Scan Time : 01:24:08
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 64772
Registry threats detected : 0
File items scanned : 182225
File threats detected : 130
Adware.Tracking Cookie
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\XZXL4XR0.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SG8TBBZK.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\E3I79395.txt [ /tracking.quisma.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\0UYUSV5Z.txt [ /c.atdmt.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BNDF7LS0.txt [ /mediaplex.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\J268CY6S.txt [ /zanox.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\E87C9SHA.txt [ /adfarm1.adition.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\OBABH9QU.txt [ /dyntracker.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BULX33DP.txt [ /ad.zanox.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\NDTV82UQ.txt [ /atdmt.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\51NDIYXX.txt [ /serving-sys.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CLRVUG10.txt [ /doubleclick.net ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\LW4WBJN4.txt [ /smartadserver.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\E0BANIA3.txt [ /invitemedia.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PC0G15PD.txt [ /apmebf.com ]
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\IRLIES9Z.txt [ /imrworldwide.com ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\1TLXA4JK.txt [ Cookie:internet@dyntracker.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\3U6WUATK.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/1071875996/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\1IC50NL1.txt [ Cookie:internet@dealtime.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\4PPEY33T.txt [ Cookie:internet@www.etracker.de/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y7921EDT.txt [ Cookie:internet@ad2.adfarm1.adition.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\CLC3N4UA.txt [ Cookie:internet@a.revenuemax.de/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\76L041VF.txt [ Cookie:internet@smartadserver.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\98K9NZZ5.txt [ Cookie:internet@tracking.quisma.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\JWQ86HRG.txt [ Cookie:internet@clicks.pangora.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJ6FH5OF.txt [ Cookie:internet@ad1.adfarm1.adition.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Z30AM66.txt [ Cookie:internet@mediaplex.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZE62I4LS.txt [ Cookie:internet@partners.webmasterplan.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\NZ6QSEKB.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/956579696/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\736P6ON6.txt [ Cookie:internet@tracking.booming.de/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\DYM6KV1S.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/1066862399/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\J6IAFL8S.txt [ Cookie:internet@ad.adnet.de/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\UBFXP9WL.txt [ Cookie:internet@stat.dealtime.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\IJGBMVES.txt [ Cookie:internet@collective-media.net/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHKVVEFN.txt [ Cookie:internet@tradedoubler.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJ2MJCVP.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/1051510754/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\KFEL6J2B.txt [ Cookie:internet@ad.yieldmanager.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\U9VDXT7L.txt [ Cookie:internet@lfstmedia.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y4H0C7UU.txt [ Cookie:internet@ww251.smartadserver.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\LR5CMDHW.txt [ Cookie:internet@amazon-adsystem.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFG3MBOW.txt [ Cookie:internet@apmebf.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\53CW3QU9.txt [ Cookie:internet@invitemedia.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4OS2U95.txt [ Cookie:internet@atdmt.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\9J6W4NR2.txt [ Cookie:internet@ad3.adfarm1.adition.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\DBDBCDH9.txt [ Cookie:internet@www.googleadservices.com/pagead/conversion/972218701/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\8SIJJUB5.txt [ Cookie:internet@webmasterplan.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCZJBU4N.txt [ Cookie:internet@im.banner.t-online.de/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\8FHT1U61.txt [ Cookie:internet@track.effiliation.com/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\C6OPFNE8.txt [ Cookie:internet@fastclick.net/ ]
C:\USERS\INTERNET\AppData\Roaming\Microsoft\Windows\Cookies\Low\1KXOKETI.txt [ Cookie:internet@zanox.com/ ]
C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0B5WUDA.txt [ Cookie:johannes@doubleclick.net/ ]
C:\USERS\JOHANNES\Cookies\0UYUSV5Z.txt [ Cookie:johannes@c.atdmt.com/ ]
C:\USERS\JOHANNES\Cookies\BNDF7LS0.txt [ Cookie:johannes@mediaplex.com/ ]
C:\USERS\JOHANNES\Cookies\J268CY6S.txt [ Cookie:johannes@zanox.com/ ]
C:\USERS\JOHANNES\Cookies\E87C9SHA.txt [ Cookie:johannes@adfarm1.adition.com/ ]
C:\USERS\JOHANNES\Cookies\OBABH9QU.txt [ Cookie:johannes@dyntracker.com/ ]
C:\USERS\JOHANNES\Cookies\BULX33DP.txt [ Cookie:johannes@ad.zanox.com/ ]
C:\USERS\JOHANNES\Cookies\51NDIYXX.txt [ Cookie:johannes@serving-sys.com/ ]
C:\USERS\JOHANNES\Cookies\CLRVUG10.txt [ Cookie:johannes@doubleclick.net/ ]
C:\USERS\JOHANNES\Cookies\LW4WBJN4.txt [ Cookie:johannes@smartadserver.com/ ]
C:\USERS\JOHANNES\Cookies\E0BANIA3.txt [ Cookie:johannes@invitemedia.com/ ]
C:\USERS\JOHANNES\Cookies\PC0G15PD.txt [ Cookie:johannes@apmebf.com/ ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\INTERNET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4I94ERFC.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.etracker.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.spartzmedia.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.computecmedia.de [ C:\USERS\JOHANNES\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Malwarebytes folgt! |
|
16.03.2012, 21:42
| #23 |
| | Malware oder Fehlalarm?Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Johannes :: JOHANNES-PC [Administrator] Schutz: Aktiviert 16.03.2012 20:56:41 mbam-log-2012-03-16 (20-56-41).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 374275 Laufzeit: 43 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
17.03.2012, 14:25
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware oder Fehlalarm? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 14:27
| #25 |
| | Malware oder Fehlalarm? Nein. Alles in Ordnung! Danke für die Hilfe.. Ihr seid meine Helden! |
|
17.03.2012, 15:29
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware oder Fehlalarm? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware oder Fehlalarm? |
| abend, absolut, avira, fehlalarm, feststellen, gefunde, gefährliches, geladen, gelöscht, hoffe, komplette, kompletten, malewarebytes, malware, manager, nichts, programme, programmen, quarantäne, runter, schritte, sicherheit, stelle, task manager, virus |
Linear-Darstellung
