| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: malwareproblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
26.06.2012, 18:19
| #1 |
 |  malwareproblemCode:
ATTFilter 19:16:05.0734 2924 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
19:16:06.0046 2924 ============================================================
19:16:06.0046 2924 Current date / time: 2012/06/26 19:16:06.0046
19:16:06.0046 2924 SystemInfo:
19:16:06.0046 2924
19:16:06.0046 2924 OS Version: 5.1.2600 ServicePack: 3.0
19:16:06.0046 2924 Product type: Workstation
19:16:06.0046 2924 ComputerName: DANNY-F8B37CE6A
19:16:06.0046 2924 UserName: Danny
19:16:06.0046 2924 Windows directory: C:\WINDOWS
19:16:06.0046 2924 System windows directory: C:\WINDOWS
19:16:06.0046 2924 Processor architecture: Intel x86
19:16:06.0046 2924 Number of processors: 1
19:16:06.0046 2924 Page size: 0x1000
19:16:06.0046 2924 Boot type: Normal boot
19:16:06.0046 2924 ============================================================
19:16:07.0609 2924 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:16:07.0609 2924 ============================================================
19:16:07.0609 2924 \Device\Harddisk0\DR0:
19:16:07.0609 2924 MBR partitions:
19:16:07.0609 2924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
19:16:07.0609 2924 ============================================================
19:16:07.0625 2924 C: <-> \Device\Harddisk0\DR0\Partition0
19:16:07.0640 2924 ============================================================
19:16:07.0640 2924 Initialize success
19:16:07.0640 2924 ============================================================
19:16:48.0421 0420 ============================================================
19:16:48.0421 0420 Scan started
19:16:48.0421 0420 Mode: Manual; SigCheck; TDLFS;
19:16:48.0421 0420 ============================================================
19:16:48.0765 0420 Abiosdsk - ok
19:16:48.0781 0420 abp480n5 - ok
19:16:48.0828 0420 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:16:49.0718 0420 ACPI - ok
19:16:49.0781 0420 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:16:49.0921 0420 ACPIEC - ok
19:16:50.0000 0420 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:16:50.0031 0420 AdobeFlashPlayerUpdateSvc - ok
19:16:50.0046 0420 adpu160m - ok
19:16:50.0078 0420 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:16:50.0218 0420 aec - ok
19:16:50.0234 0420 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:16:50.0296 0420 AFD - ok
19:16:50.0312 0420 Aha154x - ok
19:16:50.0312 0420 aic78u2 - ok
19:16:50.0328 0420 aic78xx - ok
19:16:50.0375 0420 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
19:16:50.0500 0420 Alerter - ok
19:16:50.0546 0420 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
19:16:50.0656 0420 ALG - ok
19:16:50.0671 0420 AliIde - ok
19:16:50.0687 0420 amsint - ok
19:16:50.0781 0420 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe
19:16:50.0828 0420 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
19:16:50.0828 0420 AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
19:16:50.0859 0420 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe
19:16:50.0875 0420 AntiVirService ( UnsignedFile.Multi.Generic ) - warning
19:16:50.0875 0420 AntiVirService - detected UnsignedFile.Multi.Generic (1)
19:16:50.0890 0420 AppMgmt - ok
19:16:50.0906 0420 asc - ok
19:16:50.0906 0420 asc3350p - ok
19:16:50.0921 0420 asc3550 - ok
19:16:51.0046 0420 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:16:51.0062 0420 aspnet_state - ok
19:16:51.0093 0420 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:16:51.0218 0420 AsyncMac - ok
19:16:51.0250 0420 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:16:51.0390 0420 atapi - ok
19:16:51.0406 0420 Atdisk - ok
19:16:51.0421 0420 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:16:51.0562 0420 Atmarpc - ok
19:16:51.0593 0420 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
19:16:51.0718 0420 AudioSrv - ok
19:16:51.0750 0420 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:16:51.0890 0420 audstub - ok
19:16:51.0937 0420 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
19:16:51.0937 0420 avgio - ok
19:16:51.0984 0420 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:16:52.0171 0420 avgntflt - ok
19:16:52.0218 0420 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:16:52.0250 0420 avipbb - ok
19:16:52.0281 0420 AVMUNET (980f4c96c73c61cc6fcf657a721b35d3) C:\WINDOWS\system32\DRIVERS\avmunet.sys
19:16:52.0328 0420 AVMUNET - ok
19:16:52.0375 0420 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:16:52.0531 0420 Beep - ok
19:16:52.0593 0420 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
19:16:52.0796 0420 BITS - ok
19:16:52.0843 0420 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
19:16:52.0937 0420 Browser - ok
19:16:53.0015 0420 CAPI20 (85cebcc4deeeaba4c72b53444a1979e0) C:\WINDOWS\system32\drivers\capi20.sys
19:16:53.0093 0420 CAPI20 ( UnsignedFile.Multi.Generic ) - warning
19:16:53.0093 0420 CAPI20 - detected UnsignedFile.Multi.Generic (1)
19:16:53.0140 0420 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:16:53.0312 0420 cbidf2k - ok
19:16:53.0328 0420 cd20xrnt - ok
19:16:53.0359 0420 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:16:53.0531 0420 Cdaudio - ok
19:16:53.0562 0420 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:16:53.0687 0420 Cdfs - ok
19:16:53.0703 0420 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:16:53.0828 0420 Cdrom - ok
19:16:53.0843 0420 Changer - ok
19:16:53.0875 0420 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
19:16:54.0031 0420 CiSvc - ok
19:16:54.0046 0420 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
19:16:54.0171 0420 ClipSrv - ok
19:16:54.0265 0420 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:54.0296 0420 clr_optimization_v2.0.50727_32 - ok
19:16:54.0312 0420 CmdIde - ok
19:16:54.0312 0420 COMSysApp - ok
19:16:54.0343 0420 Cpqarray - ok
19:16:54.0359 0420 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
19:16:54.0453 0420 CryptSvc - ok
19:16:54.0468 0420 dac2w2k - ok
19:16:54.0468 0420 dac960nt - ok
19:16:54.0531 0420 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
19:16:54.0609 0420 DcomLaunch - ok
19:16:54.0640 0420 DETEWECP (3fd032fe2f2aa9a7c10e37c0d5d8f746) C:\WINDOWS\System32\drivers\detewecp.sys
19:16:54.0656 0420 DETEWECP ( UnsignedFile.Multi.Generic ) - warning
19:16:54.0656 0420 DETEWECP - detected UnsignedFile.Multi.Generic (1)
19:16:54.0687 0420 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
19:16:54.0828 0420 Dhcp - ok
19:16:54.0859 0420 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:16:55.0000 0420 Disk - ok
19:16:55.0000 0420 dmadmin - ok
19:16:55.0046 0420 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
19:16:55.0218 0420 dmboot - ok
19:16:55.0234 0420 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
19:16:55.0375 0420 dmio - ok
19:16:55.0406 0420 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:16:55.0578 0420 dmload - ok
19:16:55.0609 0420 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
19:16:55.0718 0420 dmserver - ok
19:16:55.0765 0420 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:16:55.0890 0420 DMusic - ok
19:16:55.0921 0420 Dnscache (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
19:16:56.0031 0420 Dnscache - ok
19:16:56.0093 0420 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
19:16:56.0250 0420 Dot3svc - ok
19:16:56.0265 0420 dpti2o - ok
19:16:56.0281 0420 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:16:56.0406 0420 drmkaud - ok
19:16:56.0437 0420 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
19:16:56.0578 0420 EapHost - ok
19:16:56.0640 0420 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:16:56.0703 0420 EPSON_PM_RPCV4_01 - ok
19:16:56.0718 0420 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
19:16:56.0843 0420 ERSvc - ok
19:16:56.0859 0420 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:16:56.0921 0420 Eventlog - ok
19:16:56.0953 0420 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll
19:16:57.0000 0420 EventSystem - ok
19:16:57.0031 0420 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:16:57.0156 0420 Fastfat - ok
19:16:57.0203 0420 FastUserSwitchingCompatibility (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
19:16:57.0359 0420 FastUserSwitchingCompatibility - ok
19:16:57.0390 0420 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:16:57.0515 0420 Fdc - ok
19:16:57.0546 0420 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
19:16:57.0703 0420 FETNDIS - ok
19:16:57.0734 0420 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
19:16:57.0843 0420 Fips - ok
19:16:57.0875 0420 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
19:16:57.0984 0420 Flpydisk - ok
19:16:58.0031 0420 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:16:58.0171 0420 FltMgr - ok
19:16:58.0203 0420 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
19:16:58.0218 0420 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:16:58.0218 0420 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:16:58.0250 0420 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
19:16:58.0281 0420 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
19:16:58.0281 0420 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
19:16:58.0312 0420 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:16:58.0468 0420 Fs_Rec - ok
19:16:58.0515 0420 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:16:58.0656 0420 Ftdisk - ok
19:16:58.0671 0420 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
19:16:58.0796 0420 gagp30kx - ok
19:16:58.0828 0420 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:16:58.0953 0420 Gpc - ok
19:16:59.0015 0420 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:16:59.0125 0420 helpsvc - ok
19:16:59.0140 0420 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
19:16:59.0250 0420 HidServ - ok
19:16:59.0281 0420 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:16:59.0406 0420 hidusb - ok
19:16:59.0453 0420 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
19:16:59.0578 0420 hkmsvc - ok
19:16:59.0578 0420 hpn - ok
19:16:59.0718 0420 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:16:59.0812 0420 HPZid412 - ok
19:16:59.0828 0420 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:16:59.0875 0420 HPZipr12 - ok
19:16:59.0906 0420 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:16:59.0984 0420 HPZius12 - ok
19:17:00.0031 0420 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:17:00.0187 0420 HTTP - ok
19:17:00.0218 0420 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
19:17:00.0328 0420 HTTPFilter - ok
19:17:00.0343 0420 i2omgmt - ok
19:17:00.0359 0420 i2omp - ok
19:17:00.0390 0420 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:17:00.0515 0420 i8042prt - ok
19:17:00.0531 0420 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:17:00.0656 0420 Imapi - ok
19:17:00.0703 0420 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
19:17:00.0828 0420 ImapiService - ok
19:17:00.0843 0420 ini910u - ok
19:17:00.0859 0420 IntelIde - ok
19:17:00.0890 0420 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:17:01.0000 0420 Ip6Fw - ok
19:17:01.0046 0420 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:17:01.0203 0420 IpFilterDriver - ok
19:17:01.0265 0420 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:17:01.0437 0420 IpInIp - ok
19:17:01.0515 0420 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:17:01.0640 0420 IpNat - ok
19:17:01.0671 0420 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:17:01.0796 0420 IPSec - ok
19:17:01.0812 0420 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:17:01.0937 0420 IRENUM - ok
19:17:01.0968 0420 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:17:02.0093 0420 isapnp - ok
19:17:02.0187 0420 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
19:17:02.0203 0420 JavaQuickStarterService - ok
19:17:02.0234 0420 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:17:02.0343 0420 Kbdclass - ok
19:17:02.0375 0420 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:17:02.0500 0420 kbdhid - ok
19:17:02.0531 0420 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:17:02.0656 0420 kmixer - ok
19:17:02.0687 0420 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:17:02.0765 0420 KSecDD - ok
19:17:02.0796 0420 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
19:17:02.0937 0420 lanmanserver - ok
19:17:02.0968 0420 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
19:17:03.0046 0420 lanmanworkstation - ok
19:17:03.0062 0420 lbrtfdc - ok
19:17:03.0093 0420 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
19:17:03.0218 0420 LmHosts - ok
19:17:03.0281 0420 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
19:17:03.0281 0420 MBAMProtector - ok
19:17:03.0375 0420 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:17:03.0468 0420 MBAMService - ok
19:17:03.0500 0420 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:17:03.0515 0420 MBAMSwissArmy - ok
19:17:03.0546 0420 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
19:17:03.0656 0420 Messenger - ok
19:17:03.0687 0420 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:17:03.0843 0420 mnmdd - ok
19:17:03.0875 0420 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
19:17:04.0000 0420 mnmsrvc - ok
19:17:04.0015 0420 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
19:17:04.0140 0420 Modem - ok
19:17:04.0187 0420 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:17:04.0312 0420 Mouclass - ok
19:17:04.0343 0420 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:17:04.0500 0420 mouhid - ok
19:17:04.0531 0420 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:17:04.0640 0420 MountMgr - ok
19:17:04.0687 0420 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:17:04.0703 0420 MozillaMaintenance - ok
19:17:04.0718 0420 mraid35x - ok
19:17:04.0750 0420 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:17:04.0875 0420 MRxDAV - ok
19:17:04.0937 0420 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:17:05.0000 0420 MRxSmb - ok
19:17:05.0031 0420 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
19:17:05.0156 0420 MSDTC - ok
19:17:05.0203 0420 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:17:05.0312 0420 Msfs - ok
19:17:05.0343 0420 MSIServer - ok
19:17:05.0359 0420 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:17:05.0468 0420 MSKSSRV - ok
19:17:05.0500 0420 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:17:05.0609 0420 MSPCLOCK - ok
19:17:05.0625 0420 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:17:05.0750 0420 MSPQM - ok
19:17:05.0781 0420 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:17:05.0906 0420 mssmbios - ok
19:17:05.0937 0420 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:17:06.0046 0420 Mup - ok
19:17:06.0109 0420 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
19:17:06.0265 0420 napagent - ok
19:17:06.0296 0420 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:17:06.0421 0420 NDIS - ok
19:17:06.0468 0420 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:17:06.0578 0420 NdisTapi - ok
19:17:06.0609 0420 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:17:06.0734 0420 Ndisuio - ok
19:17:06.0734 0420 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:17:06.0859 0420 NdisWan - ok
19:17:06.0875 0420 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:17:07.0000 0420 NDProxy - ok
19:17:07.0046 0420 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:17:07.0171 0420 NetBIOS - ok
19:17:07.0203 0420 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:17:07.0312 0420 NetBT - ok
19:17:07.0343 0420 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:17:07.0484 0420 NetDDE - ok
19:17:07.0500 0420 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
19:17:07.0609 0420 NetDDEdsdm - ok
19:17:07.0640 0420 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
19:17:07.0734 0420 Netlogon - ok
19:17:07.0765 0420 Netman (cdf4da6b518105343fe9e8afbbf8fbf4) C:\WINDOWS\System32\netman.dll
19:17:07.0890 0420 Netman - ok
19:17:07.0921 0420 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
19:17:08.0000 0420 Nla - ok
19:17:08.0046 0420 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:17:08.0156 0420 Npfs - ok
19:17:08.0203 0420 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:17:08.0375 0420 Ntfs - ok
19:17:08.0375 0420 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
19:17:08.0468 0420 NtLmSsp - ok
19:17:08.0531 0420 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
19:17:08.0687 0420 NtmsSvc - ok
19:17:08.0718 0420 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:17:08.0875 0420 Null - ok
19:17:08.0906 0420 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:17:09.0046 0420 NwlnkFlt - ok
19:17:09.0062 0420 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:17:09.0203 0420 NwlnkFwd - ok
19:17:09.0250 0420 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
19:17:09.0375 0420 Parport - ok
19:17:09.0390 0420 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:17:09.0515 0420 PartMgr - ok
19:17:09.0546 0420 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:17:09.0687 0420 ParVdm - ok
19:17:09.0718 0420 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:17:09.0750 0420 pccsmcfd - ok
19:17:09.0765 0420 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
19:17:09.0890 0420 PCI - ok
19:17:09.0906 0420 PCIDump - ok
19:17:09.0921 0420 PCIIde - ok
19:17:09.0968 0420 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:17:10.0093 0420 Pcmcia - ok
19:17:10.0093 0420 PDCOMP - ok
19:17:10.0109 0420 PDFRAME - ok
19:17:10.0109 0420 PDRELI - ok
19:17:10.0125 0420 PDRFRAME - ok
19:17:10.0140 0420 perc2 - ok
19:17:10.0140 0420 perc2hib - ok
19:17:10.0203 0420 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
19:17:10.0250 0420 PlugPlay - ok
19:17:10.0281 0420 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
19:17:10.0312 0420 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:17:10.0312 0420 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:17:10.0312 0420 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
19:17:10.0406 0420 PolicyAgent - ok
19:17:10.0437 0420 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:17:10.0562 0420 PptpMiniport - ok
19:17:10.0578 0420 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
19:17:10.0703 0420 Processor - ok
19:17:10.0703 0420 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
19:17:10.0796 0420 ProtectedStorage - ok
19:17:10.0812 0420 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:17:10.0921 0420 PSched - ok
19:17:10.0953 0420 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:17:11.0109 0420 Ptilink - ok
19:17:11.0125 0420 ql1080 - ok
19:17:11.0140 0420 Ql10wnt - ok
19:17:11.0140 0420 ql12160 - ok
19:17:11.0156 0420 ql1240 - ok
19:17:11.0171 0420 ql1280 - ok
19:17:11.0187 0420 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:17:11.0312 0420 RasAcd - ok
19:17:11.0359 0420 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
19:17:11.0484 0420 RasAuto - ok
19:17:11.0500 0420 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:17:11.0625 0420 Rasl2tp - ok
19:17:11.0656 0420 RasMan (a5d2d745a2aefa327dca6da317b5fd70) C:\WINDOWS\System32\rasmans.dll
19:17:11.0781 0420 RasMan - ok
19:17:11.0812 0420 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:17:11.0921 0420 RasPppoe - ok
19:17:11.0953 0420 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:17:12.0109 0420 Raspti - ok
19:17:12.0140 0420 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:17:12.0265 0420 Rdbss - ok
19:17:12.0296 0420 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:17:12.0437 0420 RDPCDD - ok
19:17:12.0500 0420 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:17:12.0609 0420 RDPWD - ok
19:17:12.0640 0420 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
19:17:12.0765 0420 RDSessMgr - ok
19:17:12.0796 0420 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:17:12.0906 0420 redbook - ok
19:17:12.0937 0420 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
19:17:13.0062 0420 RemoteAccess - ok
19:17:13.0093 0420 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:17:13.0250 0420 ROOTMODEM - ok
19:17:13.0296 0420 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
19:17:13.0421 0420 RpcLocator - ok
19:17:13.0468 0420 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
19:17:13.0531 0420 RpcSs - ok
19:17:13.0578 0420 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
19:17:13.0734 0420 RSVP - ok
19:17:13.0765 0420 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
19:17:13.0859 0420 SamSs - ok
19:17:13.0875 0420 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
19:17:14.0015 0420 SCardSvr - ok
19:17:14.0062 0420 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
19:17:14.0187 0420 Schedule - ok
19:17:14.0218 0420 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:17:14.0312 0420 Secdrv - ok
19:17:14.0343 0420 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
19:17:14.0453 0420 seclogon - ok
19:17:14.0484 0420 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
19:17:14.0593 0420 SENS - ok
19:17:14.0609 0420 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:17:14.0734 0420 serenum - ok
19:17:14.0781 0420 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
19:17:14.0890 0420 Serial - ok
19:17:15.0000 0420 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
19:17:15.0046 0420 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:17:15.0046 0420 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:17:15.0062 0420 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:17:15.0187 0420 Sfloppy - ok
19:17:15.0234 0420 SharedAccess (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
19:17:15.0343 0420 SharedAccess - ok
19:17:15.0390 0420 ShellHWDetection (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
19:17:15.0500 0420 ShellHWDetection - ok
19:17:15.0500 0420 Simbad - ok
19:17:15.0515 0420 Sparrow - ok
19:17:15.0546 0420 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:17:15.0656 0420 splitter - ok
19:17:15.0671 0420 Spooler (54e7113a4bd696e430919bcaf5c65e06) C:\WINDOWS\system32\spoolsv.exe
19:17:15.0796 0420 Spooler - ok
19:17:15.0828 0420 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
19:17:15.0953 0420 sr - ok
19:17:16.0000 0420 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
19:17:16.0109 0420 srservice - ok
19:17:16.0156 0420 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
19:17:16.0218 0420 Srv - ok
19:17:16.0250 0420 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
19:17:16.0359 0420 SSDPSRV - ok
19:17:16.0390 0420 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:17:16.0406 0420 ssmdrv - ok
19:17:16.0437 0420 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
19:17:16.0453 0420 ss_bbus - ok
19:17:16.0484 0420 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
19:17:16.0500 0420 ss_bmdfl - ok
19:17:16.0531 0420 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
19:17:16.0578 0420 ss_bmdm - ok
19:17:16.0640 0420 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
19:17:16.0781 0420 stisvc - ok
19:17:16.0812 0420 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:17:16.0921 0420 swenum - ok
19:17:16.0953 0420 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:17:17.0078 0420 swmidi - ok
19:17:17.0093 0420 SwPrv - ok
19:17:17.0109 0420 symc810 - ok
19:17:17.0109 0420 symc8xx - ok
19:17:17.0125 0420 sym_hi - ok
19:17:17.0140 0420 sym_u3 - ok
19:17:17.0171 0420 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:17:17.0281 0420 sysaudio - ok
19:17:17.0328 0420 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
19:17:17.0437 0420 SysmonLog - ok
19:17:17.0500 0420 TapiSrv (4584e2a5fe662ab3e7c32936e1449043) C:\WINDOWS\System32\tapisrv.dll
19:17:17.0609 0420 TapiSrv - ok
19:17:17.0640 0420 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:17:17.0703 0420 Tcpip - ok
19:17:17.0734 0420 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:17:17.0859 0420 TDPIPE - ok
19:17:17.0890 0420 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:17:18.0000 0420 TDTCP - ok
19:17:18.0031 0420 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:17:18.0156 0420 TermDD - ok
19:17:18.0203 0420 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
19:17:18.0328 0420 TermService - ok
19:17:18.0375 0420 Themes (bac5f7f0c2b8c1b9832594851e0f9914) C:\WINDOWS\System32\shsvcs.dll
19:17:18.0468 0420 Themes - ok
19:17:18.0484 0420 TosIde - ok
19:17:18.0500 0420 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
19:17:18.0609 0420 TrkWks - ok
19:17:18.0640 0420 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:17:18.0765 0420 Udfs - ok
19:17:18.0796 0420 ulisa (7812146827eb4628694ddcf8bc37cd67) C:\WINDOWS\system32\Drivers\ulisa.sys
19:17:18.0812 0420 ulisa ( UnsignedFile.Multi.Generic ) - warning
19:17:18.0812 0420 ulisa - detected UnsignedFile.Multi.Generic (1)
19:17:18.0828 0420 ultra - ok
19:17:18.0875 0420 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:17:19.0015 0420 Update - ok
19:17:19.0062 0420 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
19:17:19.0187 0420 upnphost - ok
19:17:19.0218 0420 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
19:17:19.0343 0420 UPS - ok
19:17:19.0375 0420 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:17:19.0500 0420 usbccgp - ok
19:17:19.0515 0420 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:17:19.0640 0420 usbehci - ok
19:17:19.0671 0420 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:17:19.0796 0420 usbhub - ok
19:17:19.0828 0420 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:17:19.0953 0420 usbprint - ok
19:17:19.0984 0420 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:17:20.0109 0420 usbscan - ok
19:17:20.0140 0420 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:17:20.0265 0420 USBSTOR - ok
19:17:20.0312 0420 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:17:20.0421 0420 usbuhci - ok
19:17:20.0453 0420 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:17:20.0562 0420 VgaSave - ok
19:17:20.0609 0420 viagfx (22adafa1b08dc33b9402ebaff85b67de) C:\WINDOWS\system32\DRIVERS\vtmini.sys
19:17:20.0687 0420 viagfx - ok
19:17:20.0703 0420 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:17:20.0812 0420 ViaIde - ok
19:17:20.0859 0420 VIAudio (fece79a9aef62ad5f11a3f4a14f1dead) C:\WINDOWS\system32\drivers\vinyl97.sys
19:17:20.0937 0420 VIAudio - ok
19:17:20.0968 0420 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
19:17:21.0093 0420 VolSnap - ok
19:17:21.0125 0420 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
19:17:21.0250 0420 VSS - ok
19:17:21.0296 0420 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
19:17:21.0406 0420 W32Time - ok
19:17:21.0437 0420 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:17:21.0546 0420 Wanarp - ok
19:17:21.0562 0420 WDICA - ok
19:17:21.0593 0420 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:17:21.0703 0420 wdmaud - ok
19:17:21.0750 0420 WebClient (1eb51feea9d3208eae60604f4346c02e) C:\WINDOWS\System32\webclnt.dll
19:17:21.0843 0420 WebClient - ok
19:17:21.0921 0420 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:17:22.0031 0420 winmgmt - ok
19:17:22.0078 0420 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:17:22.0140 0420 WmdmPmSN - ok
19:17:22.0203 0420 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:17:22.0312 0420 WmiApSrv - ok
19:17:22.0437 0420 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Programme\Windows Media Player\WMPNetwk.exe
19:17:22.0515 0420 WMPNetworkSvc - ok
19:17:22.0546 0420 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:17:22.0562 0420 WpdUsb - ok
19:17:22.0609 0420 wscsvc (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
19:17:22.0703 0420 wscsvc - ok
19:17:22.0750 0420 wuauserv (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
19:17:22.0843 0420 wuauserv - ok
19:17:22.0875 0420 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:17:22.0906 0420 WudfPf - ok
19:17:22.0921 0420 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:17:22.0953 0420 WudfRd - ok
19:17:22.0968 0420 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:17:23.0000 0420 WudfSvc - ok
19:17:23.0062 0420 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
19:17:23.0203 0420 WZCSVC - ok
19:17:23.0250 0420 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
19:17:23.0359 0420 xmlprov - ok
19:17:23.0390 0420 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:17:23.0828 0420 \Device\Harddisk0\DR0 - ok
19:17:23.0843 0420 Boot (0x1200) (2673ff132e6437136c685389a72c806f) \Device\Harddisk0\DR0\Partition0
19:17:23.0843 0420 \Device\Harddisk0\DR0\Partition0 - ok
19:17:23.0843 0420 ============================================================
19:17:23.0843 0420 Scan finished
19:17:23.0843 0420 ============================================================
19:17:24.0000 1468 Detected object count: 9
19:17:24.0000 1468 Actual detected object count: 9
19:18:06.0906 1468 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 CAPI20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 CAPI20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 DETEWECP ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 DETEWECP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0906 1468 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0906 1468 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:18:06.0921 1468 ulisa ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:06.0921 1468 ulisa ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.06.2012, 19:12
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | malwareproblem Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
26.06.2012, 20:11
| #3 |
| | malwareproblem hallo arne...also ich hab den cf geöffnet (da stand auch nur speichern,kein ausführen) und er lief erst bis "fertiggestellt stufe 50" da stand, dann macht er neustart und es kommt eine Berichtsfehlermeldung von windows.aber es kommt keine LOGdatei die ich dir schicken kann,da kommt nichts mehr...was soll ich jetzt tun???
__________________Geändert von sophie05 (26.06.2012 um 20:36 Uhr) |
|
27.06.2012, 11:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwareproblem Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.06.2012, 13:07
| #5 |
| | malwareproblem hallo...einfach nur löschen oder muss man das iwo deinstallieren??und wo muss ich das löschen??? |
|
28.06.2012, 09:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwareproblem Meine Güte, du sollst nur die alte combofix.exe löschen und neu runterladen
__________________ --> malwareproblem |
|
28.06.2012, 13:58
| #7 |
| | malwareproblem hallo...ne geht trotzdem noch nicht...er macht immer neustart |
|
29.06.2012, 09:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwareproblem Du hast combofix auch im abgesicherten Modus mit Netzwerktreibern ausprobiert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 12:35
| #9 |
| | malwareproblem hallo...ich bin nun im abgesicherten modus aber bekomme den real-time-scanner nicht aus!!!irgendein tip??? |
|
29.06.2012, 12:46
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwareproblem Im abgesicherten Modus sollte so oder so schon kein Virenscanner aktiv sein, da in diesem Startmodus nur die allernötigsten Komponenen geladen werden 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 12:48
| #11 |
| | malwareproblem hmmm...das schreibt der aber...das der noch an ist aber combofix trotzdem versucht zu starten...auf eigene verantwortung....also soll ich trotzdem starten??ßwenn du meinst das da nichts an ist??? |
|
29.06.2012, 12:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwareproblem Ja das ist ein bekannter Fehler, einfach combofix werkeln lassen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 13:20
| #13 |
| | malwareproblemCode:
ATTFilter ComboFix 12-06-28.03 - Administrator 29.06.2012 14:09:09.6.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.959.767 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Eigene Dateien\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Danny\Desktop\Data_Recovery.lnk
c:\windows\IsUn0407.exe
c:\windows\system32\_004001_.tmp.dll
c:\windows\system32\_004002_.tmp.dll
c:\windows\system32\_004003_.tmp.dll
c:\windows\system32\_004004_.tmp.dll
c:\windows\system32\_004011_.tmp.dll
c:\windows\system32\_004012_.tmp.dll
c:\windows\system32\_004013_.tmp.dll
c:\windows\system32\_004014_.tmp.dll
c:\windows\system32\_004016_.tmp.dll
c:\windows\system32\_004017_.tmp.dll
c:\windows\system32\_004020_.tmp.dll
c:\windows\system32\_004021_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004024_.tmp.dll
c:\windows\system32\_004025_.tmp.dll
c:\windows\system32\_004027_.tmp.dll
c:\windows\system32\_004029_.tmp.dll
c:\windows\system32\_004030_.tmp.dll
c:\windows\system32\_004031_.tmp.dll
c:\windows\system32\_004035_.tmp.dll
c:\windows\system32\_004036_.tmp.dll
c:\windows\system32\_004038_.tmp.dll
c:\windows\system32\_004041_.tmp.dll
c:\windows\system32\_004043_.tmp.dll
c:\windows\system32\_004044_.tmp.dll
c:\windows\system32\_004045_.tmp.dll
c:\windows\system32\_004046_.tmp.dll
c:\windows\system32\_004047_.tmp.dll
c:\windows\system32\_004050_.tmp.dll
c:\windows\system32\_004051_.tmp.dll
c:\windows\system32\_004052_.tmp.dll
c:\windows\system32\_004053_.tmp.dll
c:\windows\system32\_004054_.tmp.dll
c:\windows\system32\_004059_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-28 bis 2012-06-29 ))))))))))))))))))))))))))))))
.
.
2012-06-26 17:36 . 2004-08-04 12:00 421 ----a-w- c:\windows\system32\utilman.bat
2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\dokumente und einstellungen\Danny\Anwendungsdaten\Salfeld
2012-06-26 17:36 . 2004-08-04 12:00 41 ----a-w- c:\windows\system32\SWCTL.DLL
2012-06-26 17:36 . 2012-06-26 17:38 -------- d--h--w- c:\programme\Gemeinsame Dateien\System Shared
2012-06-26 17:36 . 2012-06-26 17:36 -------- d--h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Device
2012-06-26 17:36 . 2011-10-26 13:12 228664 ----a-w- c:\windows\system32\wdrvtd32.dll
2012-06-26 17:36 . 2004-08-04 12:00 2262416 ----a-w- c:\windows\system32\cchservice.exe
2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\programme\Salfeld
2012-06-26 17:09 . 2012-06-26 17:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-26 16:25 . 2012-06-14 22:19 85472 ----a-w- c:\programme\Mozilla Firefox\components\browsercomps.dll
2012-06-26 15:29 . 2012-06-26 15:52 -------- d-----w- c:\dokumente und einstellungen\Administrator
2012-06-26 12:57 . 2012-06-26 12:57 -------- d-----w- C:\_OTL
2012-06-24 17:58 . 2012-06-24 17:58 -------- d-----w- c:\programme\ESET
2012-06-24 09:30 . 2012-06-24 13:29 9815752 ---ha-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-24 09:00 . 2012-06-24 09:00 -------- d-----w- c:\dokumente und einstellungen\Danny\Anwendungsdaten\Malwarebytes
2012-06-23 15:22 . 2012-06-23 15:22 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Malwarebytes
2012-06-23 15:21 . 2012-06-23 15:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-23 15:21 . 2012-04-04 13:56 22344 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 15:21 . 2012-06-23 15:21 -------- d--h--w- c:\programme\Malwarebytes' Anti-Malware
2012-06-23 15:20 . 2012-06-23 15:20 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2012-06-23 15:10 . 2012-06-23 15:10 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\PrivacIE
2012-06-23 14:54 . 2012-06-23 15:09 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2012-06-23 14:43 . 2012-06-23 14:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IETldCache
2012-06-20 08:35 . 2012-06-14 22:16 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll
2012-06-20 08:35 . 2012-06-14 22:16 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll
2012-06-06 07:57 . 2012-06-06 07:57 419488 ---ha-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-06 07:57 . 2011-09-27 07:48 70304 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 22:19 . 2012-06-26 16:25 85472 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2005-11-01 163840]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"strtfx"="c:\programme\T-Eumex KommunikationsCenter\strtfx.exe" [2005-03-17 24576]
"sndml"="c:\programme\T-Eumex KommunikationsCenter\sndml.exe" [2005-03-17 32768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"PDFPrint"="c:\programme\PDF24\pdf24.exe" [2012-02-09 160840]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\dokumente und einstellungen\Danny\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ksupmgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Programme\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [30.04.2011 16:32 14976]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.01.2010 18:14 108289]
S2 CAPI20;Eumex 220PC;c:\windows\system32\drivers\Capi20.sys [24.02.2005 15:24 970904]
S2 DETEWECP;Telekom CapiPort;c:\windows\system32\drivers\DETEWECP.SYS [07.02.2005 15:01 37696]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [02.10.2010 18:06 233472]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [23.06.2012 17:21 654408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06.06.2012 09:57 257696]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [02.10.2010 18:06 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [23.06.2012 17:21 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [02.05.2012 20:29 113120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [15.05.2011 11:50 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [15.05.2011 11:50 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [15.05.2011 11:50 123648]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\drivers\ulisa.sys [30.04.2011 16:33 34713]
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 07:57]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\programme\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\programme\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\programme\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\dokumente und einstellungen\Danny\Anwendungsdaten\Mozilla\Firefox\Profiles\pd1ucaym.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-AudioDeck - c:\programme\VIAudioi\SBADeck\ADeck.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-routcnf - c:\programme\Telekom\Eumex 200\routcnf.exe
HKLM-Run-ChicoSys - c:\windows\system32\cc32\webtmr.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-29 14:14
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1123561945-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,93,10,8c,f1,91,eb,46,9e,1d,3c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,93,10,8c,f1,91,eb,46,9e,1d,3c,\
.
Zeit der Fertigstellung: 2012-06-29 14:16:25
ComboFix-quarantined-files.txt 2012-06-29 12:16
.
Vor Suchlauf: 8 Verzeichnis(se), 57.570.455.552 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 57.528.225.792 Bytes frei
.
- - End Of File - - 41C296BA4D21FECB0085E28BB2530CCA
|
|
29.06.2012, 14:30
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | malwareproblemCode:
ATTFilter 2012-06-26 17:36 . 2004-08-04 12:00 421 ----a-w- c:\windows\system32\utilman.bat
2012-06-26 17:36 . 2012-06-26 17:36 -------- d-----w- c:\dokumente und einstellungen\Danny\Anwendungsdaten\Salfeld
2012-06-26 17:36 . 2004-08-04 12:00 41 ----a-w- c:\windows\system32\SWCTL.DLL
2012-06-26 17:36 . 2012-06-26 17:38 -------- d--h--w- c:\programme\Gemeinsame Dateien\System Shared
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.06.2012, 14:43
| #15 |
| | malwareproblem ähmmmm...ja wenn das das wegen der kindersicherung ist ja...aber das haben wir schon deinstalliert...warum?sry,falls es falsch war...aber wir wußten nicht das wir irgendwas nicht machen dürfen...und wir wollten auch nur den pc vor unserer tochter schützen...hihi....das wäre auch noch ne frage von mir gewesen,wie wir nur über ein passwort ins internet kommen,aber dazu später... gruß  |
|
| Themen zu malwareproblem |
| administrator, aktion, anti-malware, ausser, autostart, bildschirm, bösartige, check, critical, critical error, data, dateien, dateisystem, dokumente, downloads, erfolgreich, error, ersetzt, explorer, folge, folgendes, funktionier, funktioniert, gelöscht, gen, gestern, greifen, hallo zusammen, helft, heuristiks/extra, heuristiks/shuriken, i-net, inter, interne, internet, konnte, malwarebytes, microsoft, minute, nichts, quarantäne, rechner, registrierung, schwarze, service, service pack 3, software, speicher, system, taskleiste, test, version, warum, zusammen |
Hybrid-Darstellung
