Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Gema Trojaner & Windows Security Center Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 27.03.2012, 12:28   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Zitat:
11:39:12.0250 1596 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2012, 20:17   #17
mobo6new
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Code:
ATTFilter
 20:52:42.0546 1520	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:52:43.0968 1520	============================================================
20:52:43.0968 1520	Current date / time: 2012/03/27 20:52:43.0968
20:52:43.0968 1520	SystemInfo:
20:52:43.0968 1520	
20:52:43.0968 1520	OS Version: 5.1.2600 ServicePack: 3.0
20:52:43.0968 1520	Product type: Workstation
20:52:43.0968 1520	ComputerName: PUPPSIE
20:52:43.0968 1520	UserName: Mone
20:52:43.0968 1520	Windows directory: C:\WINDOWS
20:52:43.0968 1520	System windows directory: C:\WINDOWS
20:52:43.0968 1520	Processor architecture: Intel x86
20:52:43.0968 1520	Number of processors: 2
20:52:43.0968 1520	Page size: 0x1000
20:52:43.0968 1520	Boot type: Normal boot
20:52:43.0968 1520	============================================================
20:53:05.0562 1520	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:53:05.0734 1520	Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:53:05.0750 1520	Drive \Device\Harddisk2\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:53:05.0765 1520	\Device\Harddisk0\DR0:
20:53:05.0781 1520	MBR used
20:53:05.0781 1520	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:53:05.0781 1520	\Device\Harddisk1\DR2:
20:53:05.0781 1520	MBR used
20:53:05.0781 1520	\Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
20:53:05.0781 1520	\Device\Harddisk2\DR3:
20:53:05.0796 1520	MBR used
20:53:05.0796 1520	\Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
20:53:08.0343 1520	Initialize success
20:53:08.0343 1520	============================================================
20:53:19.0125 0552	============================================================
20:53:19.0125 0552	Scan started
20:53:19.0125 0552	Mode: Manual; SigCheck; TDLFS; 
20:53:19.0125 0552	============================================================
20:53:21.0421 0552	Abiosdsk - ok
20:53:21.0828 0552	abp480n5 - ok
20:53:22.0546 0552	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:53:34.0734 0552	ACPI - ok
20:53:36.0515 0552	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:53:36.0703 0552	ACPIEC - ok
20:53:37.0281 0552	adpu160m - ok
20:53:38.0531 0552	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:53:38.0796 0552	aec - ok
20:53:41.0406 0552	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:53:42.0234 0552	AFD - ok
20:53:45.0953 0552	Aha154x - ok
20:53:47.0984 0552	aic78u2 - ok
20:53:49.0500 0552	aic78xx - ok
20:53:50.0703 0552	Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
20:53:50.0921 0552	Alerter - ok
20:53:55.0671 0552	ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
20:53:55.0875 0552	ALG - ok
20:53:57.0203 0552	AliIde - ok
20:54:04.0578 0552	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:54:09.0171 0552	Ambfilt - ok
20:54:10.0015 0552	amsint - ok
20:54:10.0515 0552	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Programme\Avira\AntiVir Desktop\sched.exe
20:54:10.0546 0552	AntiVirSchedulerService - ok
20:54:10.0828 0552	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:54:10.0859 0552	AntiVirService - ok
20:54:11.0140 0552	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:54:11.0156 0552	Apple Mobile Device - ok
20:54:11.0875 0552	AppMgmt         (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
20:54:12.0531 0552	AppMgmt - ok
20:54:13.0062 0552	asc - ok
20:54:14.0093 0552	asc3350p - ok
20:54:14.0921 0552	asc3550 - ok
20:54:15.0484 0552	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:54:16.0453 0552	aspnet_state - ok
20:54:17.0437 0552	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:54:17.0578 0552	AsyncMac - ok
20:54:18.0156 0552	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:54:18.0296 0552	atapi - ok
20:54:18.0937 0552	Atdisk - ok
20:54:19.0406 0552	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:54:19.0593 0552	Atmarpc - ok
20:54:20.0109 0552	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
20:54:20.0359 0552	AudioSrv - ok
20:54:21.0171 0552	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:54:21.0359 0552	audstub - ok
20:54:21.0921 0552	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:54:21.0937 0552	avgntflt - ok
20:54:22.0390 0552	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:54:22.0421 0552	avipbb - ok
20:54:22.0937 0552	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:54:22.0953 0552	avkmgr - ok
20:54:23.0484 0552	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:54:23.0703 0552	Beep - ok
20:54:24.0953 0552	BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
20:54:26.0203 0552	BITS - ok
20:54:26.0687 0552	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
20:54:26.0937 0552	Bonjour Service - ok
20:54:27.0718 0552	Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
20:54:28.0046 0552	Browser - ok
20:54:28.0718 0552	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:54:29.0375 0552	cbidf2k - ok
20:54:29.0812 0552	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:54:29.0953 0552	CCDECODE - ok
20:54:30.0312 0552	cd20xrnt - ok
20:54:30.0734 0552	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:54:30.0875 0552	Cdaudio - ok
20:54:31.0421 0552	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:54:31.0640 0552	Cdfs - ok
20:54:32.0203 0552	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:54:32.0359 0552	Cdrom - ok
20:54:32.0734 0552	Changer - ok
20:54:33.0109 0552	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
20:54:33.0250 0552	CiSvc - ok
20:54:33.0625 0552	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
20:54:33.0765 0552	ClipSrv - ok
20:54:34.0156 0552	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:54:34.0578 0552	clr_optimization_v2.0.50727_32 - ok
20:54:35.0125 0552	CmdIde - ok
20:54:35.0453 0552	COMSysApp - ok
20:54:35.0859 0552	Cpqarray - ok
20:54:36.0468 0552	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
20:54:36.0593 0552	CryptSvc - ok
20:54:37.0000 0552	dac2w2k - ok
20:54:37.0593 0552	dac960nt - ok
20:54:38.0281 0552	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:54:38.0562 0552	DcomLaunch - ok
20:54:39.0156 0552	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
20:54:39.0328 0552	Dhcp - ok
20:54:39.0968 0552	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:54:40.0109 0552	Disk - ok
20:54:40.0578 0552	dmadmin - ok
20:54:44.0437 0552	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:54:45.0593 0552	dmboot - ok
20:54:46.0218 0552	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:54:46.0390 0552	dmio - ok
20:54:46.0796 0552	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:54:46.0906 0552	dmload - ok
20:54:47.0578 0552	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
20:54:47.0718 0552	dmserver - ok
20:54:48.0218 0552	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:54:48.0421 0552	DMusic - ok
20:54:48.0859 0552	Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
20:54:48.0984 0552	Dnscache - ok
20:54:49.0484 0552	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
20:54:49.0750 0552	Dot3svc - ok
20:54:50.0156 0552	dpti2o - ok
20:54:50.0687 0552	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:54:50.0875 0552	drmkaud - ok
20:54:51.0296 0552	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
20:54:51.0500 0552	EapHost - ok
20:54:51.0859 0552	ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
20:54:52.0000 0552	ERSvc - ok
20:54:52.0812 0552	Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:54:52.0859 0552	Eventlog - ok
20:54:53.0328 0552	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
20:54:53.0421 0552	EventSystem - ok
20:54:53.0984 0552	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:54:54.0312 0552	Fastfat - ok
20:54:54.0953 0552	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:54:55.0078 0552	FastUserSwitchingCompatibility - ok
20:54:55.0515 0552	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:54:55.0687 0552	Fdc - ok
20:54:57.0265 0552	FilterService   (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
20:54:57.0265 0552	FilterService - ok
20:54:58.0593 0552	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:54:59.0359 0552	Fips - ok
20:54:59.0984 0552	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:55:00.0140 0552	Flpydisk - ok
20:55:00.0578 0552	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:55:00.0734 0552	FltMgr - ok
20:55:01.0000 0552	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:55:01.0109 0552	FontCache3.0.0.0 - ok
20:55:01.0531 0552	fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:55:01.0531 0552	fssfltr - ok
20:55:02.0062 0552	fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Programme\Windows Live\Family Safety\fsssvc.exe
20:55:03.0375 0552	fsssvc - ok
20:55:04.0250 0552	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:55:04.0421 0552	Fs_Rec - ok
20:55:05.0671 0552	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:55:05.0906 0552	Ftdisk - ok
20:55:06.0765 0552	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:55:06.0781 0552	GEARAspiWDM - ok
20:55:07.0187 0552	ggflt           (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
20:55:07.0203 0552	ggflt - ok
20:55:07.0718 0552	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
20:55:07.0750 0552	ggsemc - ok
20:55:08.0187 0552	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:55:08.0375 0552	Gpc - ok
20:55:08.0515 0552	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
20:55:08.0515 0552	gupdate - ok
20:55:08.0593 0552	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe
20:55:08.0609 0552	gupdatem - ok
20:55:08.0734 0552	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
20:55:08.0812 0552	gusvc - ok
20:55:09.0578 0552	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:55:10.0406 0552	HDAudBus - ok
20:55:10.0625 0552	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:55:10.0734 0552	helpsvc - ok
20:55:11.0125 0552	HidServ         (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
20:55:11.0250 0552	HidServ - ok
20:55:11.0671 0552	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:55:11.0796 0552	hidusb - ok
20:55:12.0203 0552	hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
20:55:12.0359 0552	hkmsvc - ok
20:55:12.0765 0552	hpn - ok
20:55:12.0984 0552	hpqcxs08        (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
20:55:13.0015 0552	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:55:13.0015 0552	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:55:13.0187 0552	hpqddsvc        (f3f72a2a86c22610bca5439fa789dd52) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
20:55:13.0203 0552	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:55:13.0203 0552	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:55:13.0609 0552	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:55:13.0843 0552	HPZid412 - ok
20:55:14.0218 0552	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:55:14.0265 0552	HPZipr12 - ok
20:55:14.0718 0552	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:55:14.0781 0552	HPZius12 - ok
20:55:15.0609 0552	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:55:15.0687 0552	HTTP - ok
20:55:16.0531 0552	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
20:55:17.0046 0552	HTTPFilter - ok
20:55:18.0187 0552	i2omgmt - ok
20:55:18.0640 0552	i2omp - ok
20:55:19.0578 0552	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:55:19.0984 0552	i8042prt - ok
20:55:24.0703 0552	ialm            (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:55:34.0546 0552	ialm - ok
20:55:37.0484 0552	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:55:40.0265 0552	idsvc - ok
20:55:41.0250 0552	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:55:41.0484 0552	Imapi - ok
20:55:42.0406 0552	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
20:55:42.0531 0552	ImapiService - ok
20:55:42.0968 0552	ini910u - ok
20:55:48.0500 0552	IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:55:51.0359 0552	IntcAzAudAddService - ok
20:55:52.0062 0552	IntelIde - ok
20:55:53.0031 0552	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:55:53.0156 0552	intelppm - ok
20:55:54.0078 0552	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:55:54.0234 0552	Ip6Fw - ok
20:55:54.0656 0552	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:55:54.0765 0552	IpFilterDriver - ok
20:55:55.0187 0552	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:55:55.0343 0552	IpInIp - ok
20:55:55.0828 0552	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:55:55.0968 0552	IpNat - ok
20:55:56.0468 0552	iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe
20:55:56.0703 0552	iPod Service - ok
20:55:57.0140 0552	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:55:57.0375 0552	IPSec - ok
20:55:57.0796 0552	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:55:57.0921 0552	IRENUM - ok
20:55:58.0453 0552	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:55:58.0625 0552	isapnp - ok
20:55:58.0796 0552	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
20:55:58.0812 0552	JavaQuickStarterService - ok
20:55:59.0437 0552	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:55:59.0687 0552	Kbdclass - ok
20:56:00.0093 0552	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:56:00.0265 0552	kbdhid - ok
20:56:01.0031 0552	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:56:01.0187 0552	kmixer - ok
20:56:01.0640 0552	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:56:01.0781 0552	KSecDD - ok
20:56:02.0187 0552	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
20:56:02.0250 0552	lanmanserver - ok
20:56:02.0671 0552	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
20:56:02.0750 0552	lanmanworkstation - ok
20:56:03.0125 0552	lbrtfdc - ok
20:56:03.0500 0552	LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
20:56:03.0640 0552	LmHosts - ok
20:56:04.0093 0552	lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
20:56:04.0187 0552	lvpopflt - ok
20:56:04.0593 0552	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
20:56:04.0609 0552	LVPr2Mon - ok
20:56:04.0843 0552	LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
20:56:04.0859 0552	LVPrcSrv - ok
20:56:05.0546 0552	LVRS            (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
20:56:05.0578 0552	LVRS - ok
20:56:11.0234 0552	LVUVC           (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
20:56:18.0968 0552	LVUVC - ok
20:56:20.0265 0552	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:56:20.0453 0552	MBAMProtector - ok
20:56:21.0625 0552	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
20:56:22.0078 0552	MBAMService - ok
20:56:22.0671 0552	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
20:56:22.0703 0552	MDM - ok
20:56:23.0125 0552	Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
20:56:23.0375 0552	Messenger - ok
20:56:23.0968 0552	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:56:24.0093 0552	mnmdd - ok
20:56:24.0625 0552	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
20:56:24.0781 0552	mnmsrvc - ok
20:56:25.0250 0552	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:56:25.0484 0552	Modem - ok
20:56:26.0515 0552	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
20:56:27.0843 0552	Monfilt - ok
20:56:28.0406 0552	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:56:28.0562 0552	Mouclass - ok
20:56:28.0968 0552	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:56:29.0109 0552	mouhid - ok
20:56:29.0625 0552	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:56:29.0812 0552	MountMgr - ok
20:56:30.0156 0552	MpKsl1f947b4b - ok
20:56:30.0640 0552	mraid35x - ok
20:56:31.0093 0552	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:56:31.0359 0552	MRxDAV - ok
20:56:31.0953 0552	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:56:32.0421 0552	MRxSmb - ok
20:56:32.0796 0552	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
20:56:32.0937 0552	MSDTC - ok
20:56:33.0390 0552	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:56:33.0546 0552	Msfs - ok
20:56:33.0859 0552	MSIServer - ok
20:56:34.0265 0552	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:56:34.0437 0552	MSKSSRV - ok
20:56:34.0843 0552	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:56:34.0984 0552	MSPCLOCK - ok
20:56:35.0500 0552	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:56:35.0671 0552	MSPQM - ok
20:56:36.0093 0552	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:56:36.0234 0552	mssmbios - ok
20:56:36.0687 0552	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:56:36.0859 0552	MSTEE - ok
20:56:37.0359 0552	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:56:37.0468 0552	Mup - ok
20:56:37.0906 0552	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:56:38.0093 0552	NABTSFEC - ok
20:56:38.0609 0552	napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
20:56:38.0921 0552	napagent - ok
20:56:39.0437 0552	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:56:39.0671 0552	NDIS - ok
20:56:40.0078 0552	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:56:40.0265 0552	NdisIP - ok
20:56:40.0703 0552	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:56:40.0781 0552	NdisTapi - ok
20:56:41.0203 0552	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:56:41.0406 0552	Ndisuio - ok
20:56:41.0843 0552	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:56:42.0031 0552	NdisWan - ok
20:56:42.0453 0552	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:56:42.0546 0552	NDProxy - ok
20:56:42.0937 0552	Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
20:56:42.0953 0552	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:56:42.0953 0552	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:56:43.0359 0552	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:56:43.0531 0552	NetBIOS - ok
20:56:44.0000 0552	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:56:44.0250 0552	NetBT - ok
20:56:44.0671 0552	NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:56:44.0890 0552	NetDDE - ok
20:56:44.0953 0552	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
20:56:45.0078 0552	NetDDEdsdm - ok
20:56:45.0453 0552	Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:56:45.0593 0552	Netlogon - ok
20:56:46.0031 0552	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
20:56:46.0187 0552	Netman - ok
20:56:46.0468 0552	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:46.0578 0552	NetTcpPortSharing - ok
20:56:47.0031 0552	Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
20:56:47.0078 0552	Nla - ok
20:56:47.0515 0552	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:56:47.0687 0552	Npfs - ok
20:56:48.0328 0552	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:56:48.0906 0552	Ntfs - ok
20:56:49.0281 0552	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:56:49.0421 0552	NtLmSsp - ok
20:56:49.0937 0552	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
20:56:50.0453 0552	NtmsSvc - ok
20:56:50.0859 0552	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:56:50.0984 0552	Null - ok
20:56:51.0484 0552	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:56:51.0656 0552	NwlnkFlt - ok
20:56:52.0062 0552	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:56:52.0265 0552	NwlnkFwd - ok
20:56:52.0703 0552	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
20:56:52.0906 0552	Parport - ok
20:56:53.0390 0552	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:56:53.0609 0552	PartMgr - ok
20:56:54.0015 0552	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:56:54.0171 0552	ParVdm - ok
20:56:54.0609 0552	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:56:54.0796 0552	PCI - ok
20:56:55.0187 0552	PCIDump - ok
20:56:55.0609 0552	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:56:55.0765 0552	PCIIde - ok
20:56:56.0250 0552	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:56:56.0468 0552	Pcmcia - ok
20:56:56.0859 0552	PDCOMP - ok
20:56:57.0234 0552	PDFRAME - ok
20:56:57.0656 0552	PDRELI - ok
20:56:58.0015 0552	PDRFRAME - ok
20:56:58.0421 0552	perc2 - ok
20:56:58.0796 0552	perc2hib - ok
20:56:59.0203 0552	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
20:56:59.0234 0552	PlugPlay - ok
20:56:59.0625 0552	Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
20:56:59.0640 0552	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:56:59.0640 0552	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:57:00.0015 0552	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:57:00.0125 0552	PolicyAgent - ok
20:57:00.0593 0552	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:57:00.0796 0552	PptpMiniport - ok
20:57:01.0156 0552	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:57:01.0281 0552	ProtectedStorage - ok
20:57:01.0750 0552	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:57:01.0968 0552	PSched - ok
20:57:02.0390 0552	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:57:02.0531 0552	Ptilink - ok
20:57:02.0937 0552	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:57:02.0984 0552	PxHelp20 - ok
20:57:03.0359 0552	ql1080 - ok
20:57:03.0750 0552	Ql10wnt - ok
20:57:04.0125 0552	ql12160 - ok
20:57:04.0515 0552	ql1240 - ok
20:57:04.0875 0552	ql1280 - ok
20:57:05.0281 0552	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:57:05.0453 0552	RasAcd - ok
20:57:05.0843 0552	RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
20:57:06.0062 0552	RasAuto - ok
20:57:06.0578 0552	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:57:06.0765 0552	Rasl2tp - ok
20:57:07.0187 0552	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
20:57:07.0390 0552	RasMan - ok
20:57:07.0828 0552	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:57:08.0000 0552	RasPppoe - ok
20:57:08.0406 0552	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:57:08.0578 0552	Raspti - ok
20:57:09.0062 0552	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:57:09.0343 0552	Rdbss - ok
20:57:09.0750 0552	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:57:09.0890 0552	RDPCDD - ok
20:57:10.0421 0552	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:57:10.0687 0552	rdpdr - ok
20:57:11.0156 0552	RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:57:11.0296 0552	RDPWD - ok
20:57:11.0718 0552	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
20:57:11.0953 0552	RDSessMgr - ok
20:57:12.0375 0552	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:57:12.0562 0552	redbook - ok
20:57:12.0953 0552	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
20:57:13.0140 0552	RemoteAccess - ok
20:57:13.0609 0552	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
20:57:13.0750 0552	RemoteRegistry - ok
20:57:14.0156 0552	RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
20:57:14.0343 0552	RpcLocator - ok
20:57:14.0890 0552	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
20:57:15.0062 0552	RpcSs - ok
20:57:15.0500 0552	RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
20:57:15.0750 0552	RSVP - ok
20:57:16.0218 0552	RTLE8023xp      (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:57:16.0453 0552	RTLE8023xp - ok
20:57:16.0953 0552	s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\WINDOWS\system32\DRIVERS\s1018bus.sys
20:57:17.0093 0552	s1018bus - ok
20:57:17.0500 0552	s1018mdfl       (38f5ea219593f19b6b3a1b9c169e3b61) C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys
20:57:17.0515 0552	s1018mdfl - ok
20:57:17.0984 0552	s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\WINDOWS\system32\DRIVERS\s1018mdm.sys
20:57:18.0046 0552	s1018mdm - ok
20:57:18.0500 0552	s1018mgmt       (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys
20:57:18.0703 0552	s1018mgmt - ok
20:57:19.0109 0552	s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\WINDOWS\system32\DRIVERS\s1018nd5.sys
20:57:19.0140 0552	s1018nd5 - ok
20:57:19.0593 0552	s1018obex       (49431efda842b474531c29ffae9f5d09) C:\WINDOWS\system32\DRIVERS\s1018obex.sys
20:57:19.0671 0552	s1018obex - ok
20:57:20.0125 0552	s1018unic       (ac6b514cb4474f4c867d7cdc9cd54f05) C:\WINDOWS\system32\DRIVERS\s1018unic.sys
20:57:20.0203 0552	s1018unic - ok
20:57:20.0671 0552	s115bus         (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
20:57:20.0734 0552	s115bus - ok
20:57:21.0156 0552	s115mdfl        (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
20:57:21.0187 0552	s115mdfl - ok
20:57:21.0640 0552	s115mdm         (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
20:57:21.0703 0552	s115mdm - ok
20:57:22.0218 0552	s115mgmt        (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
20:57:22.0375 0552	s115mgmt - ok
20:57:23.0875 0552	s115obex        (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
20:57:24.0062 0552	s115obex - ok
20:57:26.0000 0552	s125bus         (06847aa6f3a9bf7c44134d00a2e578c0) C:\WINDOWS\system32\DRIVERS\s125bus.sys
20:57:26.0078 0552	s125bus - ok
20:57:27.0656 0552	s125mdfl        (f83f88e1b125308fb5015ea0349502b0) C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
20:57:28.0093 0552	s125mdfl - ok
20:57:29.0875 0552	s125mdm         (402a97756c14940ad6ae5169c2fb105e) C:\WINDOWS\system32\DRIVERS\s125mdm.sys
20:57:30.0031 0552	s125mdm - ok
20:57:31.0828 0552	s125mgmt        (82b14c51de76825ec769a6374e4c57d6) C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
20:57:31.0890 0552	s125mgmt - ok
20:57:33.0000 0552	s125obex        (bedfc5707c356fd073bf1a4afe442d91) C:\WINDOWS\system32\DRIVERS\s125obex.sys
20:57:33.0062 0552	s125obex - ok
20:57:33.0796 0552	SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
20:57:33.0921 0552	SamSs - ok
20:57:34.0687 0552	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
20:57:34.0921 0552	SCardSvr - ok
20:57:35.0562 0552	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
20:57:35.0781 0552	Schedule - ok
20:57:36.0218 0552	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:57:36.0390 0552	Secdrv - ok
20:57:36.0750 0552	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
20:57:36.0921 0552	seclogon - ok
20:57:37.0500 0552	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
20:57:37.0671 0552	SENS - ok
20:57:38.0093 0552	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:57:38.0281 0552	serenum - ok
20:57:38.0718 0552	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
20:57:38.0921 0552	Serial - ok
20:57:39.0359 0552	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:57:39.0515 0552	Sfloppy - ok
20:57:40.0046 0552	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
20:57:40.0390 0552	SharedAccess - ok
20:57:40.0812 0552	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:57:40.0859 0552	ShellHWDetection - ok
20:57:41.0234 0552	Simbad - ok
20:57:41.0687 0552	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:57:41.0859 0552	SLIP - ok
20:57:42.0343 0552	Sparrow - ok
20:57:42.0750 0552	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:57:42.0921 0552	splitter - ok
20:57:43.0296 0552	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:57:43.0359 0552	Spooler - ok
20:57:44.0046 0552	sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:57:44.0046 0552	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:57:44.0046 0552	sptd ( LockedFile.Multi.Generic ) - warning
20:57:44.0046 0552	sptd - detected LockedFile.Multi.Generic (1)
20:57:44.0593 0552	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:57:44.0796 0552	sr - ok
20:57:45.0328 0552	srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
20:57:45.0453 0552	srservice - ok
20:57:46.0015 0552	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:57:46.0421 0552	Srv - ok
20:57:46.0812 0552	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
20:57:46.0953 0552	SSDPSRV - ok
20:57:47.0500 0552	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:57:47.0515 0552	ssmdrv - ok
20:57:48.0046 0552	stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
20:57:48.0468 0552	stisvc - ok
20:57:48.0906 0552	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:57:49.0093 0552	streamip - ok
20:57:49.0562 0552	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:57:49.0734 0552	swenum - ok
20:57:50.0156 0552	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:57:50.0421 0552	swmidi - ok
20:57:50.0781 0552	SwPrv - ok
20:57:51.0500 0552	symc810 - ok
20:57:51.0875 0552	symc8xx - ok
20:57:52.0312 0552	sym_hi - ok
20:57:52.0687 0552	sym_u3 - ok
20:57:53.0125 0552	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:57:53.0343 0552	sysaudio - ok
20:57:53.0750 0552	SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
20:57:53.0953 0552	SysmonLog - ok
20:57:54.0546 0552	TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
20:57:54.0734 0552	TapiSrv - ok
20:57:55.0406 0552	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\TCPIP.SYS
20:57:55.0750 0552	Tcpip - ok
20:57:56.0187 0552	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:57:56.0375 0552	TDPIPE - ok
20:57:56.0796 0552	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:57:56.0984 0552	TDTCP - ok
20:57:57.0484 0552	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:57:57.0687 0552	TermDD - ok
20:57:58.0187 0552	TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
20:57:58.0468 0552	TermService - ok
20:57:58.0875 0552	Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
20:57:58.0906 0552	Themes - ok
20:57:59.0281 0552	TlntSvr         (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
20:57:59.0468 0552	TlntSvr - ok
20:57:59.0859 0552	TosIde - ok
20:58:00.0234 0552	TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
20:58:00.0390 0552	TrkWks - ok
20:58:00.0812 0552	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:58:01.0015 0552	Udfs - ok
20:58:01.0437 0552	ultra - ok
20:58:02.0000 0552	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:58:02.0609 0552	Update - ok
20:58:03.0046 0552	upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
20:58:03.0328 0552	upnphost - ok
20:58:03.0765 0552	UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
20:58:03.0937 0552	UPS - ok
20:58:04.0375 0552	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:58:04.0562 0552	usbaudio - ok
20:58:04.0968 0552	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:58:05.0156 0552	usbccgp - ok
20:58:05.0609 0552	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:58:05.0781 0552	usbehci - ok
20:58:06.0218 0552	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:58:06.0421 0552	usbhub - ok
20:58:06.0843 0552	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:58:07.0031 0552	usbprint - ok
20:58:07.0468 0552	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:58:07.0640 0552	usbscan - ok
20:58:08.0062 0552	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
20:58:08.0234 0552	usbser - ok
20:58:08.0687 0552	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:58:08.0875 0552	USBSTOR - ok
20:58:09.0296 0552	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:58:09.0468 0552	usbuhci - ok
20:58:09.0906 0552	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:58:10.0125 0552	usbvideo - ok
20:58:10.0546 0552	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:58:10.0718 0552	VgaSave - ok
20:58:11.0109 0552	ViaIde - ok
20:58:11.0531 0552	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:58:11.0718 0552	VolSnap - ok
20:58:12.0203 0552	VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
20:58:12.0515 0552	VSS - ok
20:58:12.0984 0552	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
20:58:13.0156 0552	W32Time - ok
20:58:13.0578 0552	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:58:13.0765 0552	Wanarp - ok
20:58:14.0390 0552	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:58:14.0781 0552	Wdf01000 - ok
20:58:15.0187 0552	WDICA - ok
20:58:15.0640 0552	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:58:15.0828 0552	wdmaud - ok
20:58:16.0234 0552	WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
20:58:16.0406 0552	WebClient - ok
20:58:16.0843 0552	winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:58:17.0000 0552	winmgmt - ok
20:58:17.0406 0552	WmdmPmSN        (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
20:58:17.0593 0552	WmdmPmSN - ok
20:58:18.0218 0552	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
20:58:18.0500 0552	Wmi - ok
20:58:18.0921 0552	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:58:19.0125 0552	WmiApSrv - ok
20:58:19.0734 0552	WMPNetworkSvc   (d3dbd6e76f4be9bee67eb631488b5f29) C:\Programme\Windows Media Player\WMPNetwk.exe
20:58:20.0703 0552	WMPNetworkSvc - ok
20:58:21.0187 0552	WpdUsb          (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:58:21.0265 0552	WpdUsb - ok
20:58:21.0656 0552	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
20:58:21.0828 0552	wscsvc - ok
20:58:22.0171 0552	WSearch - ok
20:58:22.0593 0552	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:58:22.0781 0552	WSTCODEC - ok
20:58:23.0140 0552	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
20:58:23.0359 0552	wuauserv - ok
20:58:23.0796 0552	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:58:23.0906 0552	WudfPf - ok
20:58:24.0375 0552	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:58:24.0453 0552	WudfRd - ok
20:58:24.0843 0552	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:58:24.0890 0552	WudfSvc - ok
20:58:25.0453 0552	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
20:58:25.0859 0552	WZCSVC - ok
20:58:26.0265 0552	xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
20:58:26.0500 0552	xmlprov - ok
20:58:26.0890 0552	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:58:27.0421 0552	\Device\Harddisk0\DR0 - ok
20:58:27.0421 0552	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
20:58:27.0593 0552	\Device\Harddisk1\DR2 - ok
20:58:27.0609 0552	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR3
20:58:27.0750 0552	\Device\Harddisk2\DR3 - ok
20:58:27.0859 0552	Boot (0x1200)   (c26e33a19b326a21b3bdfabf27f1031c) \Device\Harddisk0\DR0\Partition0
20:58:27.0859 0552	\Device\Harddisk0\DR0\Partition0 - ok
20:58:27.0859 0552	Boot (0x1200)   (afa5273584d158ddd2c8bc72c1aee70f) \Device\Harddisk1\DR2\Partition0
20:58:27.0859 0552	\Device\Harddisk1\DR2\Partition0 - ok
20:58:27.0875 0552	Boot (0x1200)   (cacc095ab2ebfa29e6482702ec7448d7) \Device\Harddisk2\DR3\Partition0
20:58:27.0875 0552	\Device\Harddisk2\DR3\Partition0 - ok
20:58:27.0875 0552	============================================================
20:58:27.0875 0552	Scan finished
20:58:27.0875 0552	============================================================
20:58:27.0984 2360	Detected object count: 5
20:58:27.0984 2360	Actual detected object count: 5
21:16:30.0265 2360	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:16:30.0265 2360	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:16:30.0265 2360	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:16:30.0265 2360	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:16:30.0265 2360	sptd ( LockedFile.Multi.Generic ) - skipped by user
21:16:30.0265 2360	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
21:16:32.0859 2312	Deinitialize success
         
Grüße Simone
__________________


Alt 27.03.2012, 20:23   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
__________________

Alt 28.03.2012, 08:36   #19
mobo6new
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-27.03 - Mone 27.03.2012  23:45:28.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2038.1448 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Mone\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Mone\GoogleEarthPluginSetup.exe
c:\dokumente und einstellungen\Mone\lyricsplugin03.exe
c:\dokumente und einstellungen\Mone\Recent\Thumbs.db
c:\dokumente und einstellungen\Mone\WINDOWS
c:\dokumente und einstellungen\tayler\21f19e6a402e6c260cbe40caf8007e5f_e896fb6554.jpg
c:\dokumente und einstellungen\tayler\24041290986793.jpg
c:\dokumente und einstellungen\tayler\25261292087054.jpg
c:\dokumente und einstellungen\tayler\79071287072585.jpg
c:\dokumente und einstellungen\tayler\88131292087054.jpg
c:\dokumente und einstellungen\tayler\95121289948044.jpg
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 18:22 . 2012-03-27 18:22	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-23 10:28 . 2009-05-18 12:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-23 10:28 . 2008-04-17 11:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2012-03-23 10:26 . 2012-03-23 10:26	--------	d-----w-	c:\programme\iPod
2012-03-23 10:25 . 2012-03-23 10:28	--------	d-----w-	c:\programme\iTunes
2012-03-23 10:25 . 2012-03-23 10:28	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-23 10:23 . 2012-03-23 10:23	--------	d-----w-	c:\programme\Apple Software Update
2012-03-23 10:22 . 2012-03-23 10:22	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Apple Computer
2012-03-23 10:14 . 2012-03-23 10:14	--------	d-----w-	c:\programme\Bonjour
2012-03-23 09:56 . 2012-03-23 09:57	74967408	----a-w-	C:\iTunesSetup.exe
2012-03-23 09:47 . 2012-03-23 09:47	--------	d-----w-	c:\programme\Ion Audio
2012-03-21 20:57 . 2012-03-21 20:57	--------	d-----w-	C:\_OTL
2012-03-19 17:35 . 2012-03-19 17:35	--------	d-----w-	c:\dokumente und einstellungen\Mone\Anwendungsdaten\Avira
2012-03-19 17:27 . 2012-01-31 07:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-19 17:27 . 2012-01-31 07:56	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-19 17:27 . 2011-09-16 15:08	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-19 17:26 . 2012-03-19 17:26	--------	d-----w-	c:\programme\Avira
2012-03-19 17:26 . 2012-03-19 17:26	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-03-18 22:07 . 2012-03-18 22:08	87227952	----a-w-	C:\avira_free_antivirus_de1200898.exe
2012-03-18 22:05 . 2012-03-18 22:05	12038144	----a-w-	C:\Ad-Aware_9.6_Install.exe
2012-03-18 09:27 . 2012-03-18 09:27	592824	----a-w-	c:\programme\Mozilla Firefox\gkmedias.dll
2012-03-18 09:27 . 2012-03-18 09:27	44472	----a-w-	c:\programme\Mozilla Firefox\mozglue.dll
2012-03-14 23:04 . 2012-03-14 23:04	--------	d-----w-	c:\dokumente und einstellungen\Mone\Anwendungsdaten\Malwarebytes
2012-03-14 23:04 . 2012-03-14 23:04	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-14 23:04 . 2012-03-14 23:31	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-03-14 23:04 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-08 01:19 . 2012-03-08 01:19	--------	d-----w-	c:\programme\Recuva
2012-02-29 15:42 . 2012-02-29 15:42	--------	d-----w-	c:\programme\PhotoZoom Pro 4
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 17:44 . 2012-03-27 17:44	2048299	----a-w-	C:\tdsskiller.zip
2012-03-14 14:57 . 2011-06-10 12:41	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2006-02-28 12:00	1860224	----a-w-	c:\windows\system32\win32k.sys
2012-01-13 10:01 . 2012-01-13 10:00	66566416	----a-w-	C:\FreeStudio.exe
2012-01-13 09:57 . 2012-01-13 09:57	19850888	----a-w-	C:\FreeVideoToMP3Converter504.exe
2012-01-12 09:00 . 2012-01-12 09:00	883840	----a-w-	C:\Avira-DE-Cleaner.exe
2012-01-11 19:06 . 2012-02-15 10:38	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-04-21 09:58	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-01-05 09:38 . 2012-01-05 09:38	4629040	----a-w-	C:\MyPhoneExplorer_Setup_1.8.2-uni.exe
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 09:27 . 2012-01-15 14:11	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"LWS"="c:\programme\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.10.2010 00:09 691696]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [19.03.2012 19:27 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.03.2012 19:27 86224]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [15.03.2012 01:04 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15.03.2012 01:04 20464]
S1 MpKsl1f947b4b;MpKsl1f947b4b;\??\c:\windows\system32\MpEngineStore\MpKsl1f947b4b.sys --> c:\windows\system32\MpEngineStore\MpKsl1f947b4b.sys [?]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.07.2011 00:21 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.04.2010 12:20 1691480]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [14.07.2010 12:52 13224]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [18.07.2011 00:21 136176]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [14.07.2010 12:17 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [14.07.2010 12:17 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [14.07.2010 12:17 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [14.07.2010 12:17 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [14.07.2010 12:17 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [14.07.2010 12:17 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [14.07.2010 12:17 109864]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [24.12.2011 02:19 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [24.12.2011 02:19 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [24.12.2011 02:19 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [24.12.2011 02:19 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [24.12.2011 02:19 98568]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 31931476
*Deregistered* - 31931476
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-17 22:20]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-07-17 22:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\dokumente und einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Mone\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\Mone\Anwendungsdaten\Mozilla\Firefox\Profiles\vhmjp5a6.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.payback.de/pb/id/105532/?s_ixcid=11_300_102#
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Audio Converter_is1 - c:\programme\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-Free YouTube Download_is1 - c:\programme\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-27 23:58
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-527237240-1580818891-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Zeit der Fertigstellung: 2012-03-28  00:02:28
ComboFix-quarantined-files.txt  2012-03-27 22:02
.
Vor Suchlauf: 14 Verzeichnis(se), 43.780.169.728 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 43.868.606.464 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C06AD9B1DA0A3C1603388FA09DA17C9A
         
--- --- ---

Sind sie jetzt weg die bösen Trajaner?
grüße

Alt 28.03.2012, 11:31   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.04.2012, 20:56   #21
mobo6new
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:56:12 on 01.04.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a844jgqb" (a844jgqb) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a844jgqb.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Mone\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsl1f947b4b" (MpKsl1f947b4b) - ? - C:\WINDOWS\system32\MpEngineStore\MpKsl1f947b4b.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Mone\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LWS" - "Logitech Inc." - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe -hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/code]

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 21:56:55
-----------------------------
21:56:55.328    OS Version: Windows 5.1.2600 Service Pack 3
21:56:55.328    Number of processors: 2 586 0x170A
21:56:55.328    ComputerName: PUPPSIE  UserName: Mone
21:56:57.125    Initialize success
21:59:07.734    AVAST engine defs: 12040101
21:59:35.078    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:59:35.078    Disk 0 Vendor: ST380011A 8.01 Size: 76319MB BusType: 3
21:59:35.078    Disk 0 MBR read successfully
21:59:35.078    Disk 0 MBR scan
21:59:35.171    Disk 0 Windows XP default MBR code
21:59:35.265    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
21:59:35.656    Disk 0 scanning sectors +156280320
21:59:35.890    Disk 0 scanning C:\WINDOWS\system32\drivers
22:00:14.453    Service scanning
22:01:22.250    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:01:34.578    Modules scanning
22:02:45.203    Disk 0 trace - called modules:
22:02:45.203    ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spou.sys >>UNKNOWN [0x8a934938]<<
22:02:45.203    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8e8ab8]
22:02:45.203    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a8a2f18]
22:02:45.218    5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a8ec940]
22:02:48.906    AVAST engine scan C:\WINDOWS
22:03:37.359    AVAST engine scan C:\WINDOWS\system32
22:13:19.484    AVAST engine scan C:\WINDOWS\system32\drivers
22:14:03.171    AVAST engine scan C:\Dokumente und Einstellungen\Mone
22:33:34.859    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\MBR.dat"
22:33:34.906    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Mone\Desktop\aswMBR.txt"
         
Grüße simone

Geändert von mobo6new (01.04.2012 um 21:34 Uhr)

Alt 02.04.2012, 11:20   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



GMER ging nicht? Wenn ja ein kurzer Hinweis warum du das Log nicht gepostet hast wäre schön gewesen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.04.2012, 15:04   #23
mobo6new
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Hallo tut mir leid ist untergegeangen.GMER hat nicht funktioniert leider.Gruß

Alt 02.04.2012, 15:38   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.04.2012, 22:01   #25
mobo6new
 
Gema Trojaner & Windows Security Center Trojaner - Standard

Gema Trojaner & Windows Security Center Trojaner



hi arne sorry das ich mich so lange nicht gemeldet habe.
mein computer ist leider totaler schrott musste mir nen neuen zulegen.ich danke dir ganz herzlich für die hilfestellung.schönen abend wünsch ich dir noch

Antwort

Themen zu Gema Trojaner & Windows Security Center Trojaner
abgesicherte, abgesicherten, blöden, compu, dankbar, forum, gestartet, malwarebytes, modus, programmier, pum.disabled.securitycenter, runtergeladen, sache, sachen, schließe, security, task-manager, troja, trojan.ransomp.gen, trojaner, windows, windows security center



Ähnliche Themen: Gema Trojaner & Windows Security Center Trojaner


  1. Virus/Trojaner, Windows-Security-Center, 100 euro per u-kash oder paysafecard zahlen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (4)
  2. Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren
    Log-Analyse und Auswertung - 16.04.2012 (6)
  3. Windows Security Center,Trojaner, 100Euro Strafe zum Entsperren
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (9)
  4. Windows Security Center Trojaner eingefangen
    Log-Analyse und Auswertung - 06.04.2012 (32)
  5. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  6. windows security center virus/trojaner
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (7)
  7. Windows Security Center - 100€ ukash paysafe Trojaner
    Log-Analyse und Auswertung - 14.03.2012 (4)
  8. Windows Security Center Trojaner sperrt PC
    Log-Analyse und Auswertung - 14.03.2012 (24)
  9. GEMA-Trojaner eingefangen - Windows XP Media Center Edition
    Plagegeister aller Art und deren Bekämpfung - 23.02.2012 (9)
  10. 100Euro Trojaner - Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (20)
  11. Trojaner Windows Security Center 100€ bezahlen
    Log-Analyse und Auswertung - 15.02.2012 (1)
  12. Windows Security Center: Computer gesperrt! Virus, Trojaner ?
    Log-Analyse und Auswertung - 13.02.2012 (22)
  13. Windows Security Center Trojaner sperrt Computer
    Log-Analyse und Auswertung - 07.02.2012 (17)
  14. Fehler: windows security center trojaner
    Log-Analyse und Auswertung - 02.02.2012 (1)
  15. Ukash Trojaner Windows Security Center Computer wurde gesperrt
    Log-Analyse und Auswertung - 29.01.2012 (7)
  16. "Windows Security Center" gibt ständig Virus/Trojaner Warnungen heraus
    Plagegeister aller Art und deren Bekämpfung - 14.01.2010 (47)
  17. "Windows Security Center Alert", selbst ein Trojaner/Wurm ?
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (5)

Zum Thema Gema Trojaner & Windows Security Center Trojaner - Zitat: 11:39:12.0250 1596 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach - Gema Trojaner & Windows Security Center Trojaner...
Archiv
Du betrachtest: Gema Trojaner & Windows Security Center Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.