| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pup Blabbers /xsecva usw. - was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.08.2012, 11:32
| #16 |
 |  Pup Blabbers /xsecva usw. - was tun? ich will wirklich nicht ungeduldig sein aber ich fühl mich total unsicher, was ich noch tun und lassen kann mit meinem Rechner. Ist beruflich schon ne kleine Katastrophe. Wär dankbar für ne kurze Nachricht, obs noch hinzukriegen ist oder ob ich lieber neuaufsetze. gruss blubb |
|
03.08.2012, 11:17
| #17 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Pup Blabbers /xsecva usw. - was tun?Zitat:
 Wenn du sofortige Hilfe brauchst dann musst du einen Vor-Ort-Service beauftragen! Übrigens: Firmenrechner werden hier eigentlich nicht bereinigt Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ |
|
03.08.2012, 11:22
| #18 |
| | Pup Blabbers /xsecva usw. - was tun? Hi Arne
__________________ist kein Firmenrechner...der Rechner ist schon privat. Inwiefern ich den jedetzt beruflich nutze mag ich nicht ausführlich erklären. Ich bin einfach unsicher, was kann ich noch tun und was nicht. sorry für die schräge Formulierung. (ich hab keine eigene Firma  |
|
03.08.2012, 19:01
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup Blabbers /xsecva usw. - was tun? Ok, dann seh ich den mal als Heimrechner an  Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Smartbar Search"
FF - prefs.js..keyword.URL: "http://www.plusnetwork.com/?sp=ctbar&dp=MessengerPlus&q="
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-515967899-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - ("C:\Dokumente und Einstellungen\Petra\Anwendungsdaten\xsecva\xsecva.exe" -s) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.27 22:34:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.09.13 06:46:42 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2007.05.18 10:37:12 | 000,000,069 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4e97d598-9129-11e0-b6d2-00248c76750b}\Shell - "" = AutoRun
O33 - MountPoints2\{4e97d598-9129-11e0-b6d2-00248c76750b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4e97d598-9129-11e0-b6d2-00248c76750b}\Shell\AutoRun\command - "" = M:\pushinst.exe
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
:Files
C:\Dokumente und Einstellungen\kids\Desktop\light_image_resizer4_setup_4.0.9.8_linkular.exe
C:\Dokumente und Einstellungen\Petra\Lokale Einstellungen\Anwendungsdaten\{2b26b5e6-99db-4fc4-bff2-051efd523150}\U
C:\Dokumente und Einstellungen\Petra\Lokale Einstellungen\Anwendungsdaten\{2b26b5e6-99db-4fc4-bff2-051efd523150}\n
C:\Dokumente und Einstellungen\Petra\Lokale Einstellungen\Anwendungsdaten\{2b26b5e6-99db-4fc4-bff2-051efd523150}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.08.2012, 21:45
| #20 |
| | Pup Blabbers /xsecva usw. - was tun? so wieder geht nicht was ich will: OTL ist weg von meinem Rechner kann ich auch nicht runterladen laut Sicherheitscenter läuft Antirvir...kann ich nicht abschlaten weil ichs nirgendwo finde...weder bei Programmen noch im Autostart ich bin zu blöd oder der Rechner spinnt total sorry Arne meine eigenschaften von Internet erscheinen im übirgen jetzt in Englisch so auf Umwegen dann doch fix mit OTL...  Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Messenger Plus Smartbar Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.plusnetwork.com/?sp=ctbar&dp=MessengerPlus&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-220523388-515967899-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-515967899-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:"C:\Dokumente und Einstellungen\Petra\Anwendungsdaten\xsecva\xsecva.exe" -s deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File not found.
File G:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e97d598-9129-11e0-b6d2-00248c76750b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e97d598-9129-11e0-b6d2-00248c76750b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e97d598-9129-11e0-b6d2-00248c76750b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e97d598-9129-11e0-b6d2-00248c76750b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e97d598-9129-11e0-b6d2-00248c76750b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e97d598-9129-11e0-b6d2-00248c76750b}\ not found.
File M:\pushinst.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpybotSD TeaTimer\ not found.
========== FILES ==========
C:\Dokumente und Einstellungen\kids\Desktop\light_image_resizer4_setup_4.0.9.8_linkular.exe moved successfully.
C:\Dokumente und Einstellungen\Petra\Lokale Einstellungen\Anwendungsdaten\{2b26b5e6-99db-4fc4-bff2-051efd523150}\U folder moved successfully.
File\Folder C:\Dokumente und Einstellungen\Petra\Lokale Einstellungen\Anwendungsdaten\{2b26b5e6-99db-4fc4-bff2-051efd523150}\n not found.
C:\Dokumente und Einstellungen\Petra\Lokale Einstellungen\Anwendungsdaten\{2b26b5e6-99db-4fc4-bff2-051efd523150}\@ moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: kids
->Temp folder emptied: 371778 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60439511 bytes
->Flash cache emptied: 506 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 1021441 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Petra
->Temp folder emptied: 3169377 bytes
->Temporary Internet Files folder emptied: 4449649 bytes
->Java cache emptied: 1380222 bytes
->FireFox cache emptied: 473126365 bytes
->Flash cache emptied: 585 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2153902 bytes
%systemroot%\System32 .tmp files removed: 4528519 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 448 bytes
RecycleBin emptied: 138995520 bytes
Total Files Cleaned = 658,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: kids
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: Petra
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 08042012_003025
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von blubberubb (03.08.2012 um 21:55 Uhr) |
|
04.08.2012, 12:36
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup Blabbers /xsecva usw. - was tun? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Pup Blabbers /xsecva usw. - was tun? |
|
04.08.2012, 22:37
| #22 |
| | Pup Blabbers /xsecva usw. - was tun? Hallo Arne ich kann keinen Virenscanner abschalten - wo soll ich das tun? Im Windos SIcherhheitscenter wird angezeigt, dass Antivir aktuell ist und der Viruscan aktiviert ist. Ich find aber Avira nicht - weder ist das Regenschirmchen da, nix im Autostart, nix unter Programme. Bin ratlos - hilf mir  dennoch hier TDSS log Code:
ATTFilter 23:51:34.0890 4084 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:51:35.0156 4084 ============================================================
23:51:35.0156 4084 Current date / time: 2012/08/04 23:51:35.0156
23:51:35.0156 4084 SystemInfo:
23:51:35.0156 4084
23:51:35.0156 4084 OS Version: 5.1.2600 ServicePack: 3.0
23:51:35.0156 4084 Product type: Workstation
23:51:35.0156 4084 ComputerName: BRAUSEZWERG
23:51:35.0156 4084 UserName: Petra
23:51:35.0156 4084 Windows directory: C:\WINDOWS
23:51:35.0156 4084 System windows directory: C:\WINDOWS
23:51:35.0156 4084 Processor architecture: Intel x86
23:51:35.0156 4084 Number of processors: 2
23:51:35.0156 4084 Page size: 0x1000
23:51:35.0156 4084 Boot type: Normal boot
23:51:35.0156 4084 ============================================================
23:51:36.0281 4084 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:51:36.0375 4084 Drive \Device\Harddisk6\DR16 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:51:36.0750 4084 ============================================================
23:51:36.0750 4084 \Device\Harddisk0\DR0:
23:51:36.0750 4084 MBR partitions:
23:51:36.0750 4084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
23:51:36.0765 4084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E849DFE, BlocksNum 0x15F90DA4
23:51:36.0781 4084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x347DABE1, BlocksNum 0x1607841F
23:51:36.0781 4084 \Device\Harddisk6\DR16:
23:51:36.0781 4084 MBR partitions:
23:51:36.0781 4084 \Device\Harddisk6\DR16\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
23:51:36.0781 4084 ============================================================
23:51:36.0812 4084 C: <-> \Device\Harddisk0\DR0\Partition0
23:51:36.0921 4084 D: <-> \Device\Harddisk0\DR0\Partition1
23:51:36.0921 4084 L: <-> \Device\Harddisk6\DR16\Partition0
23:51:36.0921 4084 ============================================================
23:51:36.0921 4084 Initialize success
23:51:36.0921 4084 ============================================================
23:52:29.0609 2592 ============================================================
23:52:29.0609 2592 Scan started
23:52:29.0609 2592 Mode: Manual; SigCheck; TDLFS;
23:52:29.0609 2592 ============================================================
23:52:30.0328 2592 Abiosdsk - ok
23:52:30.0343 2592 abp480n5 - ok
23:52:30.0375 2592 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:52:30.0578 2592 ACPI - ok
23:52:30.0593 2592 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:52:30.0703 2592 ACPIEC - ok
23:52:30.0781 2592 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:52:30.0796 2592 AdobeFlashPlayerUpdateSvc - ok
23:52:30.0796 2592 adpu160m - ok
23:52:30.0828 2592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:52:30.0906 2592 aec - ok
23:52:30.0953 2592 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
23:52:31.0031 2592 AFD - ok
23:52:31.0031 2592 Aha154x - ok
23:52:31.0046 2592 aic78u2 - ok
23:52:31.0046 2592 aic78xx - ok
23:52:31.0078 2592 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:52:31.0171 2592 Alerter - ok
23:52:31.0187 2592 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:52:31.0265 2592 ALG - ok
23:52:31.0265 2592 AliIde - ok
23:52:31.0281 2592 amsint - ok
23:52:31.0281 2592 AppMgmt - ok
23:52:31.0281 2592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:52:31.0359 2592 Arp1394 - ok
23:52:31.0359 2592 asc - ok
23:52:31.0359 2592 asc3350p - ok
23:52:31.0375 2592 asc3550 - ok
23:52:31.0421 2592 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:52:31.0421 2592 aspnet_state - ok
23:52:31.0437 2592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:52:31.0515 2592 AsyncMac - ok
23:52:31.0531 2592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:52:31.0609 2592 atapi - ok
23:52:31.0609 2592 Atdisk - ok
23:52:31.0640 2592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:52:31.0718 2592 Atmarpc - ok
23:52:31.0734 2592 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:52:31.0812 2592 AudioSrv - ok
23:52:31.0843 2592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:52:31.0921 2592 audstub - ok
23:52:31.0937 2592 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
23:52:31.0937 2592 avmeject ( UnsignedFile.Multi.Generic ) - warning
23:52:31.0937 2592 avmeject - detected UnsignedFile.Multi.Generic (1)
23:52:31.0968 2592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:52:32.0062 2592 Beep - ok
23:52:32.0156 2592 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:52:32.0265 2592 BITS - ok
23:52:32.0296 2592 bizVSerial (66f655b08eed3230e059d197c8a1969b) C:\WINDOWS\system32\drivers\bizVSerialNT.sys
23:52:32.0296 2592 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
23:52:32.0296 2592 bizVSerial - detected UnsignedFile.Multi.Generic (1)
23:52:32.0312 2592 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:52:32.0390 2592 Browser - ok
23:52:32.0453 2592 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
23:52:32.0531 2592 BrScnUsb - ok
23:52:32.0562 2592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:52:32.0640 2592 cbidf2k - ok
23:52:32.0640 2592 cd20xrnt - ok
23:52:32.0671 2592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:52:32.0750 2592 Cdaudio - ok
23:52:32.0781 2592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:52:32.0859 2592 Cdfs - ok
23:52:32.0875 2592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:52:32.0937 2592 Cdrom - ok
23:52:32.0953 2592 Changer - ok
23:52:32.0953 2592 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:52:33.0015 2592 CiSvc - ok
23:52:33.0093 2592 cjpcsc (ed81e81752ca817afa740c14ad05bc6c) C:\WINDOWS\system32\cjpcsc.exe
23:52:33.0125 2592 cjpcsc - ok
23:52:33.0140 2592 cjusb (b0dfc4adb1ff150ac466f3dad323196a) C:\WINDOWS\system32\DRIVERS\cjusb.sys
23:52:33.0156 2592 cjusb - ok
23:52:33.0156 2592 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:52:33.0234 2592 ClipSrv - ok
23:52:33.0281 2592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:52:33.0296 2592 clr_optimization_v2.0.50727_32 - ok
23:52:33.0328 2592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:52:33.0343 2592 clr_optimization_v4.0.30319_32 - ok
23:52:33.0343 2592 CmdIde - ok
23:52:33.0359 2592 COMSysApp - ok
23:52:33.0359 2592 Cpqarray - ok
23:52:33.0390 2592 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:52:33.0531 2592 CryptSvc - ok
23:52:33.0531 2592 dac2w2k - ok
23:52:33.0546 2592 dac960nt - ok
23:52:33.0609 2592 DcomLaunch (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
23:52:33.0781 2592 DcomLaunch - ok
23:52:33.0828 2592 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:52:33.0968 2592 Dhcp - ok
23:52:34.0000 2592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:52:34.0125 2592 Disk - ok
23:52:34.0125 2592 dmadmin - ok
23:52:34.0265 2592 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:52:34.0484 2592 dmboot - ok
23:52:34.0531 2592 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:52:34.0671 2592 dmio - ok
23:52:34.0703 2592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:52:34.0859 2592 dmload - ok
23:52:34.0875 2592 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:52:35.0015 2592 dmserver - ok
23:52:35.0031 2592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:52:35.0156 2592 DMusic - ok
23:52:35.0187 2592 Dnscache (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
23:52:35.0296 2592 Dnscache - ok
23:52:35.0343 2592 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:52:35.0500 2592 Dot3svc - ok
23:52:35.0500 2592 dpti2o - ok
23:52:35.0515 2592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:52:35.0625 2592 drmkaud - ok
23:52:35.0656 2592 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:52:35.0781 2592 EapHost - ok
23:52:35.0796 2592 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:52:35.0937 2592 ERSvc - ok
23:52:35.0953 2592 Eventlog (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
23:52:36.0109 2592 Eventlog - ok
23:52:36.0125 2592 EventSystem (0f3edaee1ef97cf3db2be23a7289b78c) C:\WINDOWS\system32\es.dll
23:52:36.0265 2592 EventSystem - ok
23:52:36.0312 2592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:52:36.0468 2592 Fastfat - ok
23:52:36.0500 2592 FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
23:52:36.0640 2592 FastUserSwitchingCompatibility - ok
23:52:36.0656 2592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:52:36.0781 2592 Fdc - ok
23:52:36.0796 2592 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:52:36.0921 2592 Fips - ok
23:52:36.0953 2592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:52:37.0078 2592 Flpydisk - ok
23:52:37.0109 2592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:52:37.0250 2592 FltMgr - ok
23:52:37.0343 2592 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:52:37.0359 2592 FontCache3.0.0.0 - ok
23:52:37.0359 2592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:52:37.0531 2592 Fs_Rec - ok
23:52:37.0546 2592 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:52:37.0687 2592 Ftdisk - ok
23:52:37.0718 2592 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
23:52:37.0750 2592 FWLANUSB - ok
23:52:37.0781 2592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:52:37.0906 2592 Gpc - ok
23:52:37.0921 2592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:52:38.0062 2592 HDAudBus - ok
23:52:38.0078 2592 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:52:38.0203 2592 helpsvc - ok
23:52:38.0203 2592 HidServ - ok
23:52:38.0218 2592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:52:38.0359 2592 HidUsb - ok
23:52:38.0390 2592 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:52:38.0515 2592 hkmsvc - ok
23:52:38.0515 2592 hpn - ok
23:52:38.0562 2592 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
23:52:38.0703 2592 HTTP - ok
23:52:38.0734 2592 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:52:38.0875 2592 HTTPFilter - ok
23:52:38.0875 2592 i2omgmt - ok
23:52:38.0875 2592 i2omp - ok
23:52:38.0890 2592 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:52:39.0015 2592 i8042prt - ok
23:52:39.0156 2592 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:52:39.0218 2592 idsvc - ok
23:52:39.0250 2592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:52:39.0359 2592 Imapi - ok
23:52:39.0390 2592 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:52:39.0515 2592 ImapiService - ok
23:52:39.0515 2592 ini910u - ok
23:52:40.0078 2592 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:52:40.0328 2592 IntcAzAudAddService - ok
23:52:40.0453 2592 IntelIde - ok
23:52:40.0484 2592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:52:40.0609 2592 Ip6Fw - ok
23:52:40.0640 2592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:52:40.0812 2592 IpFilterDriver - ok
23:52:40.0828 2592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:52:40.0953 2592 IpInIp - ok
23:52:40.0984 2592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:52:41.0109 2592 IpNat - ok
23:52:41.0125 2592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:52:41.0250 2592 IPSec - ok
23:52:41.0265 2592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:52:41.0406 2592 IRENUM - ok
23:52:41.0421 2592 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:52:41.0562 2592 isapnp - ok
23:52:41.0625 2592 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
23:52:41.0656 2592 JavaQuickStarterService - ok
23:52:41.0656 2592 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:52:41.0796 2592 Kbdclass - ok
23:52:41.0828 2592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:52:41.0968 2592 kmixer - ok
23:52:41.0968 2592 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
23:52:42.0093 2592 KSecDD - ok
23:52:42.0125 2592 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
23:52:42.0265 2592 lanmanserver - ok
23:52:42.0296 2592 lanmanworkstation (c0db1e9367681ecd7ecca9615c1d0f9b) C:\WINDOWS\System32\wkssvc.dll
23:52:42.0421 2592 lanmanworkstation - ok
23:52:42.0437 2592 lbrtfdc - ok
23:52:42.0453 2592 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:52:42.0578 2592 LmHosts - ok
23:52:42.0609 2592 mbamchameleon (6c1b3c47915a8bf6bd752c9d476b1ca5) C:\WINDOWS\system32\drivers\mbamchameleon.sys
23:52:42.0656 2592 mbamchameleon - ok
23:52:42.0671 2592 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:52:42.0796 2592 Messenger - ok
23:52:42.0812 2592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:52:42.0968 2592 mnmdd - ok
23:52:42.0984 2592 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
23:52:43.0109 2592 mnmsrvc - ok
23:52:43.0125 2592 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
23:52:43.0250 2592 Modem - ok
23:52:43.0281 2592 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:52:43.0390 2592 Mouclass - ok
23:52:43.0421 2592 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:52:43.0578 2592 mouhid - ok
23:52:43.0578 2592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:52:43.0703 2592 MountMgr - ok
23:52:43.0750 2592 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:52:43.0781 2592 MozillaMaintenance - ok
23:52:43.0781 2592 mraid35x - ok
23:52:43.0796 2592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:52:43.0921 2592 MRxDAV - ok
23:52:43.0984 2592 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:52:44.0125 2592 MRxSmb - ok
23:52:44.0140 2592 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
23:52:44.0281 2592 MSDTC - ok
23:52:44.0281 2592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:52:44.0421 2592 Msfs - ok
23:52:44.0421 2592 MSIServer - ok
23:52:44.0453 2592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:52:44.0578 2592 MSKSSRV - ok
23:52:44.0593 2592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:52:44.0718 2592 MSPCLOCK - ok
23:52:44.0734 2592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:52:44.0859 2592 MSPQM - ok
23:52:44.0875 2592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:52:44.0984 2592 mssmbios - ok
23:52:45.0015 2592 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:52:45.0031 2592 MTsensor - ok
23:52:45.0046 2592 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:52:45.0171 2592 Mup - ok
23:52:45.0218 2592 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
23:52:45.0359 2592 napagent - ok
23:52:45.0375 2592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:52:45.0515 2592 NDIS - ok
23:52:45.0531 2592 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:52:45.0671 2592 NdisTapi - ok
23:52:45.0687 2592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:52:45.0812 2592 Ndisuio - ok
23:52:45.0812 2592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:52:45.0937 2592 NdisWan - ok
23:52:45.0937 2592 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:52:46.0062 2592 NDProxy - ok
23:52:46.0062 2592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:52:46.0187 2592 NetBIOS - ok
23:52:46.0218 2592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:52:46.0343 2592 NetBT - ok
23:52:46.0359 2592 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:52:46.0500 2592 NetDDE - ok
23:52:46.0500 2592 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
23:52:46.0625 2592 NetDDEdsdm - ok
23:52:46.0656 2592 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:52:46.0765 2592 Netlogon - ok
23:52:46.0796 2592 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
23:52:46.0953 2592 Netman - ok
23:52:47.0015 2592 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:52:47.0031 2592 NetTcpPortSharing - ok
23:52:47.0062 2592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:52:47.0187 2592 NIC1394 - ok
23:52:47.0234 2592 Nla (f12b9d9a069331877d006cc81b4735f9) C:\WINDOWS\System32\mswsock.dll
23:52:47.0359 2592 Nla - ok
23:52:47.0406 2592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:52:47.0546 2592 Npfs - ok
23:52:47.0609 2592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:52:47.0765 2592 Ntfs - ok
23:52:47.0765 2592 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:52:47.0890 2592 NtLmSsp - ok
23:52:47.0953 2592 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
23:52:48.0093 2592 NtmsSvc - ok
23:52:48.0125 2592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:52:48.0281 2592 Null - ok
23:52:48.0968 2592 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:52:49.0281 2592 nv - ok
23:52:49.0421 2592 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:52:49.0468 2592 NVENETFD - ok
23:52:49.0500 2592 NVHDA (e7f70353c86cad7c330b7a1e0f6f22bb) C:\WINDOWS\system32\drivers\nvhda32.sys
23:52:49.0515 2592 NVHDA - ok
23:52:49.0531 2592 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:52:49.0578 2592 nvnetbus - ok
23:52:49.0578 2592 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
23:52:49.0625 2592 nvsmu - ok
23:52:49.0671 2592 NVSvc (42321ac5448078131903b272e6c49024) C:\WINDOWS\system32\nvsvc32.exe
23:52:49.0687 2592 NVSvc - ok
23:52:49.0718 2592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:52:49.0875 2592 NwlnkFlt - ok
23:52:49.0890 2592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:52:50.0046 2592 NwlnkFwd - ok
23:52:50.0062 2592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:52:50.0203 2592 ohci1394 - ok
23:52:50.0218 2592 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
23:52:50.0343 2592 Parport - ok
23:52:50.0343 2592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:52:50.0468 2592 PartMgr - ok
23:52:50.0500 2592 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:52:50.0640 2592 ParVdm - ok
23:52:50.0656 2592 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
23:52:50.0765 2592 PCI - ok
23:52:50.0781 2592 PCIDump - ok
23:52:50.0796 2592 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:52:50.0937 2592 PCIIde - ok
23:52:50.0984 2592 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:52:51.0125 2592 Pcmcia - ok
23:52:51.0125 2592 PDCOMP - ok
23:52:51.0125 2592 PDFRAME - ok
23:52:51.0125 2592 PDRELI - ok
23:52:51.0140 2592 PDRFRAME - ok
23:52:51.0140 2592 perc2 - ok
23:52:51.0140 2592 perc2hib - ok
23:52:51.0203 2592 PlugPlay (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
23:52:51.0328 2592 PlugPlay - ok
23:52:51.0343 2592 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:52:51.0453 2592 PolicyAgent - ok
23:52:51.0484 2592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:52:51.0593 2592 PptpMiniport - ok
23:52:51.0609 2592 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
23:52:51.0734 2592 Processor - ok
23:52:51.0734 2592 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:52:51.0859 2592 ProtectedStorage - ok
23:52:51.0859 2592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:52:51.0984 2592 PSched - ok
23:52:52.0000 2592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:52:52.0140 2592 Ptilink - ok
23:52:52.0156 2592 ql1080 - ok
23:52:52.0156 2592 Ql10wnt - ok
23:52:52.0156 2592 ql12160 - ok
23:52:52.0171 2592 ql1240 - ok
23:52:52.0171 2592 ql1280 - ok
23:52:52.0203 2592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:52:52.0328 2592 RasAcd - ok
23:52:52.0359 2592 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
23:52:52.0515 2592 RasAuto - ok
23:52:52.0531 2592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:52:52.0656 2592 Rasl2tp - ok
23:52:52.0687 2592 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
23:52:52.0843 2592 RasMan - ok
23:52:52.0843 2592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:52:52.0968 2592 RasPppoe - ok
23:52:52.0968 2592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:52:53.0109 2592 Raspti - ok
23:52:53.0140 2592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:52:53.0296 2592 Rdbss - ok
23:52:53.0312 2592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:52:53.0453 2592 RDPCDD - ok
23:52:53.0500 2592 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:52:53.0640 2592 RDPWD - ok
23:52:53.0671 2592 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
23:52:53.0812 2592 RDSessMgr - ok
23:52:53.0843 2592 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:52:53.0984 2592 redbook - ok
23:52:54.0015 2592 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
23:52:54.0156 2592 RemoteAccess - ok
23:52:54.0156 2592 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
23:52:54.0296 2592 RpcLocator - ok
23:52:54.0359 2592 RpcSs (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
23:52:54.0500 2592 RpcSs - ok
23:52:54.0515 2592 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
23:52:54.0671 2592 RSVP - ok
23:52:54.0687 2592 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
23:52:54.0812 2592 SamSs - ok
23:52:54.0828 2592 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
23:52:54.0968 2592 SCardSvr - ok
23:52:55.0000 2592 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
23:52:55.0140 2592 Schedule - ok
23:52:55.0156 2592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:52:55.0281 2592 Secdrv - ok
23:52:55.0281 2592 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
23:52:55.0406 2592 seclogon - ok
23:52:55.0421 2592 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
23:52:55.0562 2592 SENS - ok
23:52:55.0578 2592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:52:55.0703 2592 serenum - ok
23:52:55.0734 2592 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
23:52:55.0875 2592 Serial - ok
23:52:55.0890 2592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:52:56.0031 2592 Sfloppy - ok
23:52:56.0078 2592 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
23:52:56.0250 2592 SharedAccess - ok
23:52:56.0281 2592 ShellHWDetection (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
23:52:56.0406 2592 ShellHWDetection - ok
23:52:56.0406 2592 Simbad - ok
23:52:56.0406 2592 Sparrow - ok
23:52:56.0437 2592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:52:56.0546 2592 splitter - ok
23:52:56.0562 2592 Spooler (39356a9cdb6753a6d13a4072a9f5a4bb) C:\WINDOWS\system32\spoolsv.exe
23:52:56.0703 2592 Spooler - ok
23:52:56.0718 2592 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
23:52:56.0859 2592 sr - ok
23:52:56.0875 2592 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
23:52:57.0015 2592 srservice - ok
23:52:57.0046 2592 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
23:52:57.0171 2592 Srv - ok
23:52:57.0203 2592 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
23:52:57.0328 2592 SSDPSRV - ok
23:52:57.0375 2592 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
23:52:57.0515 2592 stisvc - ok
23:52:57.0531 2592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:52:57.0671 2592 swenum - ok
23:52:57.0671 2592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:52:57.0796 2592 swmidi - ok
23:52:57.0796 2592 SwPrv - ok
23:52:57.0812 2592 symc810 - ok
23:52:57.0812 2592 symc8xx - ok
23:52:57.0828 2592 sym_hi - ok
23:52:57.0828 2592 sym_u3 - ok
23:52:57.0843 2592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:52:57.0968 2592 sysaudio - ok
23:52:58.0000 2592 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
23:52:58.0125 2592 SysmonLog - ok
23:52:58.0171 2592 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
23:52:58.0312 2592 TapiSrv - ok
23:52:58.0375 2592 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:52:58.0531 2592 Tcpip - ok
23:52:58.0546 2592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:52:58.0671 2592 TDPIPE - ok
23:52:58.0687 2592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:52:58.0796 2592 TDTCP - ok
23:52:58.0812 2592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:52:58.0953 2592 TermDD - ok
23:52:59.0000 2592 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
23:52:59.0140 2592 TermService - ok
23:52:59.0171 2592 Themes (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
23:52:59.0296 2592 Themes - ok
23:52:59.0296 2592 TosIde - ok
23:52:59.0312 2592 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
23:52:59.0468 2592 TrkWks - ok
23:52:59.0484 2592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:52:59.0609 2592 Udfs - ok
23:52:59.0609 2592 ultra - ok
23:52:59.0671 2592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:52:59.0812 2592 Update - ok
23:52:59.0859 2592 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
23:53:00.0000 2592 upnphost - ok
23:53:00.0015 2592 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
23:53:00.0140 2592 UPS - ok
23:53:00.0171 2592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:53:00.0296 2592 usbccgp - ok
23:53:00.0312 2592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:53:00.0453 2592 usbehci - ok
23:53:00.0453 2592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:53:00.0578 2592 usbhub - ok
23:53:00.0593 2592 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:53:00.0718 2592 usbohci - ok
23:53:00.0718 2592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:53:00.0843 2592 usbprint - ok
23:53:00.0843 2592 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:53:00.0984 2592 usbstor - ok
23:53:01.0000 2592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:53:01.0109 2592 VgaSave - ok
23:53:01.0125 2592 ViaIde - ok
23:53:01.0140 2592 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
23:53:01.0250 2592 VolSnap - ok
23:53:01.0328 2592 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
23:53:01.0484 2592 VSS - ok
23:53:01.0515 2592 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
23:53:01.0656 2592 W32Time - ok
23:53:01.0671 2592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:53:01.0796 2592 Wanarp - ok
23:53:01.0875 2592 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:53:01.0906 2592 Wdf01000 - ok
23:53:01.0906 2592 WDICA - ok
23:53:01.0937 2592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:53:02.0062 2592 wdmaud - ok
23:53:02.0078 2592 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
23:53:02.0218 2592 WebClient - ok
23:53:02.0281 2592 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:53:02.0437 2592 winmgmt - ok
23:53:02.0468 2592 WmdmPmSN (6e18978b749f0696a774de3f2cb142dd) C:\WINDOWS\system32\mspmsnsv.dll
23:53:02.0593 2592 WmdmPmSN - ok
23:53:02.0609 2592 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:53:02.0734 2592 WmiAcpi - ok
23:53:02.0765 2592 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:53:02.0906 2592 WmiApSrv - ok
23:53:03.0093 2592 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
23:53:03.0156 2592 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
23:53:03.0156 2592 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
23:53:03.0171 2592 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:53:03.0171 2592 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
23:53:03.0171 2592 WpdUsb - detected UnsignedFile.Multi.Generic (1)
23:53:03.0390 2592 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:53:03.0453 2592 WPFFontCache_v0400 - ok
23:53:03.0500 2592 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
23:53:03.0640 2592 wscsvc - ok
23:53:03.0656 2592 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
23:53:03.0796 2592 wuauserv - ok
23:53:03.0828 2592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:53:03.0859 2592 WudfPf - ok
23:53:03.0890 2592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:53:03.0921 2592 WudfRd - ok
23:53:03.0937 2592 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:53:03.0984 2592 WudfSvc - ok
23:53:04.0062 2592 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
23:53:04.0218 2592 WZCSVC - ok
23:53:04.0281 2592 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
23:53:04.0406 2592 xmlprov - ok
23:53:04.0421 2592 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:53:05.0140 2592 \Device\Harddisk0\DR0 - ok
23:53:05.0156 2592 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk6\DR16
23:53:05.0796 2592 \Device\Harddisk6\DR16 - ok
23:53:05.0812 2592 Boot (0x1200) (88a50d60ac3c15f926768047f144de3a) \Device\Harddisk0\DR0\Partition0
23:53:05.0812 2592 \Device\Harddisk0\DR0\Partition0 - ok
23:53:05.0812 2592 Boot (0x1200) (95c76a34d47ed73d32d18ed1885028e2) \Device\Harddisk0\DR0\Partition1
23:53:05.0812 2592 \Device\Harddisk0\DR0\Partition1 - ok
23:53:05.0843 2592 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition2
23:53:05.0843 2592 \Device\Harddisk0\DR0\Partition2 - ok
23:53:05.0843 2592 Boot (0x1200) (e3f1f6e395da23e455c3cd33cd89cd12) \Device\Harddisk6\DR16\Partition0
23:53:05.0843 2592 \Device\Harddisk6\DR16\Partition0 - ok
23:53:05.0843 2592 ============================================================
23:53:05.0843 2592 Scan finished
23:53:05.0843 2592 ============================================================
23:53:05.0953 3612 Detected object count: 4
23:53:05.0953 3612 Actual detected object count: 4
23:53:42.0593 3612 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
23:53:42.0593 3612 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:53:42.0593 3612 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
23:53:42.0593 3612 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:53:42.0593 3612 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:53:42.0593 3612 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:53:42.0593 3612 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
23:53:42.0593 3612 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:55:31.0375 3728 ============================================================
23:55:31.0375 3728 Scan started
23:55:31.0375 3728 Mode: Manual; SigCheck; TDLFS;
23:55:31.0375 3728 ============================================================
23:55:31.0984 3728 Abiosdsk - ok
23:55:31.0984 3728 abp480n5 - ok
23:55:32.0046 3728 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:55:32.0187 3728 ACPI - ok
23:55:32.0203 3728 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:55:32.0296 3728 ACPIEC - ok
23:55:32.0375 3728 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:55:32.0390 3728 AdobeFlashPlayerUpdateSvc - ok
23:55:32.0390 3728 adpu160m - ok
23:55:32.0437 3728 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:55:32.0500 3728 aec - ok
23:55:32.0531 3728 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
23:55:32.0625 3728 AFD - ok
23:55:32.0625 3728 Aha154x - ok
23:55:32.0625 3728 aic78u2 - ok
23:55:32.0625 3728 aic78xx - ok
23:55:32.0656 3728 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
23:55:32.0750 3728 Alerter - ok
23:55:32.0765 3728 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
23:55:32.0859 3728 ALG - ok
23:55:32.0859 3728 AliIde - ok
23:55:32.0859 3728 amsint - ok
23:55:32.0859 3728 AppMgmt - ok
23:55:32.0875 3728 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:55:32.0937 3728 Arp1394 - ok
23:55:32.0953 3728 asc - ok
23:55:32.0953 3728 asc3350p - ok
23:55:32.0953 3728 asc3550 - ok
23:55:33.0000 3728 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:55:33.0015 3728 aspnet_state - ok
23:55:33.0031 3728 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:55:33.0093 3728 AsyncMac - ok
23:55:33.0109 3728 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:55:33.0187 3728 atapi - ok
23:55:33.0187 3728 Atdisk - ok
23:55:33.0203 3728 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:55:33.0281 3728 Atmarpc - ok
23:55:33.0296 3728 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
23:55:33.0375 3728 AudioSrv - ok
23:55:33.0406 3728 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:55:33.0484 3728 audstub - ok
23:55:33.0500 3728 avmeject (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys
23:55:33.0515 3728 avmeject ( UnsignedFile.Multi.Generic ) - warning
23:55:33.0515 3728 avmeject - detected UnsignedFile.Multi.Generic (1)
23:55:33.0531 3728 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:55:33.0625 3728 Beep - ok
23:55:33.0718 3728 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
23:55:33.0796 3728 BITS - ok
23:55:33.0812 3728 bizVSerial (66f655b08eed3230e059d197c8a1969b) C:\WINDOWS\system32\drivers\bizVSerialNT.sys
23:55:33.0828 3728 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
23:55:33.0828 3728 bizVSerial - detected UnsignedFile.Multi.Generic (1)
23:55:33.0843 3728 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
23:55:33.0921 3728 Browser - ok
23:55:33.0937 3728 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
23:55:33.0968 3728 BrScnUsb - ok
23:55:33.0984 3728 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:55:34.0046 3728 cbidf2k - ok
23:55:34.0046 3728 cd20xrnt - ok
23:55:34.0093 3728 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:55:34.0171 3728 Cdaudio - ok
23:55:34.0203 3728 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:55:34.0281 3728 Cdfs - ok
23:55:34.0296 3728 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:55:34.0359 3728 Cdrom - ok
23:55:34.0375 3728 Changer - ok
23:55:34.0375 3728 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
23:55:34.0437 3728 CiSvc - ok
23:55:34.0515 3728 cjpcsc (ed81e81752ca817afa740c14ad05bc6c) C:\WINDOWS\system32\cjpcsc.exe
23:55:34.0531 3728 cjpcsc - ok
23:55:34.0562 3728 cjusb (b0dfc4adb1ff150ac466f3dad323196a) C:\WINDOWS\system32\DRIVERS\cjusb.sys
23:55:34.0562 3728 cjusb - ok
23:55:34.0562 3728 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
23:55:34.0625 3728 ClipSrv - ok
23:55:34.0687 3728 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:34.0703 3728 clr_optimization_v2.0.50727_32 - ok
23:55:34.0734 3728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:34.0734 3728 clr_optimization_v4.0.30319_32 - ok
23:55:34.0734 3728 CmdIde - ok
23:55:34.0750 3728 COMSysApp - ok
23:55:34.0750 3728 Cpqarray - ok
23:55:34.0781 3728 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
23:55:34.0859 3728 CryptSvc - ok
23:55:34.0875 3728 dac2w2k - ok
23:55:34.0890 3728 dac960nt - ok
23:55:34.0953 3728 DcomLaunch (e970c2296916bf4a2f958680016fe312) C:\WINDOWS\system32\rpcss.dll
23:55:35.0031 3728 DcomLaunch - ok
23:55:35.0062 3728 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
23:55:35.0156 3728 Dhcp - ok
23:55:35.0171 3728 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:55:35.0234 3728 Disk - ok
23:55:35.0234 3728 dmadmin - ok
23:55:35.0328 3728 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
23:55:35.0406 3728 dmboot - ok
23:55:35.0453 3728 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
23:55:35.0531 3728 dmio - ok
23:55:35.0562 3728 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:55:35.0656 3728 dmload - ok
23:55:35.0671 3728 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
23:55:35.0750 3728 dmserver - ok
23:55:35.0765 3728 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:55:35.0843 3728 DMusic - ok
23:55:35.0843 3728 Dnscache (8c9ed3b2834aae63081ab2da831c6fe9) C:\WINDOWS\System32\dnsrslvr.dll
23:55:35.0906 3728 Dnscache - ok
23:55:35.0953 3728 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
23:55:36.0031 3728 Dot3svc - ok
23:55:36.0031 3728 dpti2o - ok
23:55:36.0031 3728 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:55:36.0156 3728 drmkaud - ok
23:55:36.0171 3728 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
23:55:36.0296 3728 EapHost - ok
23:55:36.0328 3728 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
23:55:36.0453 3728 ERSvc - ok
23:55:36.0500 3728 Eventlog (4bb6a83640f1d1792ad21ce767b621c6) C:\WINDOWS\system32\services.exe
23:55:36.0640 3728 Eventlog - ok
23:55:36.0656 3728 EventSystem (0f3edaee1ef97cf3db2be23a7289b78c) C:\WINDOWS\system32\es.dll
23:55:36.0781 3728 EventSystem - ok
23:55:36.0828 3728 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:55:36.0968 3728 Fastfat - ok
23:55:37.0015 3728 FastUserSwitchingCompatibility (40602ebfbe06aa075c8e4560743f6883) C:\WINDOWS\System32\shsvcs.dll
23:55:37.0156 3728 FastUserSwitchingCompatibility - ok
23:55:37.0171 3728 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:55:37.0296 3728 Fdc - ok
23:55:37.0312 3728 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
23:55:37.0453 3728 Fips - ok
23:55:37.0468 3728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:55:37.0593 3728 Flpydisk - ok
23:55:37.0640 3728 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:55:37.0765 3728 FltMgr - ok
23:55:37.0859 3728 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:37.0859 3728 FontCache3.0.0.0 - ok
23:55:37.0875 3728 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:55:38.0031 3728 Fs_Rec - ok
23:55:38.0062 3728 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:55:38.0203 3728 Ftdisk - ok
23:55:38.0250 3728 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
23:55:38.0265 3728 FWLANUSB - ok
23:55:38.0281 3728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:55:38.0421 3728 Gpc - ok
23:55:38.0437 3728 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:55:38.0578 3728 HDAudBus - ok
23:55:38.0578 3728 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:55:38.0703 3728 helpsvc - ok
23:55:38.0703 3728 HidServ - ok
23:55:38.0734 3728 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:55:38.0875 3728 HidUsb - ok
23:55:38.0890 3728 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
23:55:39.0015 3728 hkmsvc - ok
23:55:39.0015 3728 hpn - ok
23:55:39.0078 3728 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
23:55:39.0203 3728 HTTP - ok
23:55:39.0234 3728 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
23:55:39.0375 3728 HTTPFilter - ok
23:55:39.0375 3728 i2omgmt - ok
23:55:39.0375 3728 i2omp - ok
23:55:39.0390 3728 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:55:39.0515 3728 i8042prt - ok
23:55:39.0656 3728 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:39.0718 3728 idsvc - ok
23:55:39.0750 3728 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:55:39.0859 3728 Imapi - ok
23:55:39.0906 3728 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
23:55:40.0031 3728 ImapiService - ok
23:55:40.0031 3728 ini910u - ok
23:55:40.0609 3728 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:55:40.0812 3728 IntcAzAudAddService - ok
23:55:40.0937 3728 IntelIde - ok
23:55:40.0968 3728 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:55:41.0093 3728 Ip6Fw - ok
23:55:41.0125 3728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:55:41.0265 3728 IpFilterDriver - ok
23:55:41.0296 3728 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:55:41.0406 3728 IpInIp - ok
23:55:41.0453 3728 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:55:41.0578 3728 IpNat - ok
23:55:41.0593 3728 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:55:41.0718 3728 IPSec - ok
23:55:41.0734 3728 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:55:41.0859 3728 IRENUM - ok
23:55:41.0890 3728 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:55:42.0218 3728 isapnp - ok
23:55:42.0296 3728 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
23:55:42.0312 3728 JavaQuickStarterService - ok
23:55:42.0312 3728 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:55:42.0453 3728 Kbdclass - ok
23:55:42.0484 3728 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:55:42.0625 3728 kmixer - ok
23:55:42.0625 3728 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
23:55:42.0750 3728 KSecDD - ok
23:55:42.0781 3728 lanmanserver (d6eb4916b203cbe525f8eff5fd5ab16c) C:\WINDOWS\System32\srvsvc.dll
23:55:42.0906 3728 lanmanserver - ok
23:55:42.0953 3728 lanmanworkstation (c0db1e9367681ecd7ecca9615c1d0f9b) C:\WINDOWS\System32\wkssvc.dll
23:55:43.0078 3728 lanmanworkstation - ok
23:55:43.0078 3728 lbrtfdc - ok
23:55:43.0093 3728 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
23:55:43.0218 3728 LmHosts - ok
23:55:43.0250 3728 mbamchameleon (6c1b3c47915a8bf6bd752c9d476b1ca5) C:\WINDOWS\system32\drivers\mbamchameleon.sys
23:55:43.0265 3728 mbamchameleon - ok
23:55:43.0281 3728 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
23:55:43.0421 3728 Messenger - ok
23:55:43.0437 3728 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
Geändert von blubberubb (04.08.2012 um 22:57 Uhr) |
|
05.08.2012, 14:27
| #23 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup Blabbers /xsecva usw. - was tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 21:51
| #24 |
| | Pup Blabbers /xsecva usw. - was tun? Hi Arne ich such mich dusselig...combofix sagt mir Antivir läuft (wie auch das SIcherheitscenter) Aber es gibt nix wo ich es ausschalten kann...nicht im Autostart, nicht unter Porgramme, kein Prozess im Task-Manager...nichts wenns läuft muss es doch irgendwo sein  was soll ich tun? |
|
06.08.2012, 13:36
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup Blabbers /xsecva usw. - was tun? Das ist ein alter Bug von AntiVir! Wenn es deaktiviert ist kannst du diese Meldung ignorieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 14:27
| #26 |
| | Pup Blabbers /xsecva usw. - was tun? so da kommt der log von combofix Code:
ATTFilter ComboFix 12-08-05.02 - Petra 06.08.2012 15:15:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.3455.2924 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Petra\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
L:\autorun.inf
L:\Setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-05 09:28 . 2012-08-05 09:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-05 09:28 . 2012-08-05 09:28 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-04 09:23 . 2012-08-04 09:23 -------- d-----w- c:\windows\mui
2012-08-04 09:23 . 2012-08-04 09:23 -------- d-----w- c:\windows\msapps
2012-08-04 09:23 . 2012-08-04 09:23 -------- d-----w- c:\windows\java
2012-08-04 09:23 . 2012-08-04 09:23 -------- d-----w- c:\windows\Connection Wizard
2012-08-04 09:23 . 2012-08-04 09:23 -------- d-----w- c:\windows\Config
2012-08-04 09:23 . 2012-08-04 09:23 -------- d-----w- c:\windows\addins
2012-08-04 09:12 . 2008-04-14 05:52 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-08-04 09:12 . 2008-04-14 05:27 93184 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-08-04 09:11 . 2008-04-14 05:52 294912 ------w- c:\programme\Windows Media Player\dlimport.exe
2012-08-04 09:11 . 2008-04-14 05:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-08-04 09:08 . 2006-12-28 22:31 19569 ----a-w- c:\windows\003119_.tmp
2012-08-04 08:03 . 2004-08-04 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2012-08-04 08:02 . 2004-08-04 12:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2012-08-04 08:01 . 2003-03-24 14:52 217088 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2012-08-04 08:00 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-04 08:00 . 2004-08-04 12:00 16384 ----a-w- c:\programme\Internet Explorer\Connection Wizard\isignup.exe
2012-08-04 07:46 . 2012-08-04 08:06 -------- d-----w- c:\windows\NV1060776.TMP
2012-08-04 07:42 . 2012-08-04 07:42 -------- d-----r- c:\dokumente und einstellungen\Default User\Eigene Dateien
2012-08-04 07:38 . 2004-08-04 12:00 14043 ----a-r- c:\windows\SET47.tmp
2012-08-04 07:38 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET3B.tmp
2012-08-04 07:38 . 2004-08-04 12:00 1014663 ----a-r- c:\windows\SET38.tmp
2012-08-04 07:30 . 2004-08-04 12:00 13824 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-04 07:30 . 2004-08-04 12:00 13824 ----a-w- c:\windows\system32\irclass.dll
2012-08-04 07:30 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-04 07:30 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-04 07:30 . 2004-08-04 12:00 14043 ----a-r- c:\windows\SETF2.tmp
2012-08-04 07:30 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SETE6.tmp
2012-08-04 07:30 . 2004-08-04 12:00 1014663 ----a-r- c:\windows\SETE3.tmp
2012-08-03 22:51 . 2008-04-13 16:44 2560 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\USMT\iconlib.dll
2012-08-03 22:30 . 2012-08-03 22:30 -------- d-----w- C:\_OTL
2012-08-03 21:31 . 2012-08-03 21:31 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-03 20:54 . 2012-08-03 20:54 -------- d-sh--w- c:\dokumente und einstellungen\Petra\IECompatCache
2012-08-03 07:49 . 2012-08-03 07:49 -------- d-sh--w- c:\dokumente und einstellungen\kids\IETldCache
2012-08-02 21:58 . 2012-08-02 21:58 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-02 21:40 . 2007-03-28 16:27 908504 ----a-w- c:\programme\MSN\MSNCoreFiles\Install\msnsusii.exe
2012-08-02 21:40 . 2007-03-28 16:26 11089384 ----a-w- c:\programme\MSN\MSNCoreFiles\Install\MSN9Components\msncli.exe
2012-08-02 21:40 . 2007-03-28 16:25 888808 ----a-w- c:\programme\MSN\MSNCoreFiles\Install\MSN9Components\digcore.exe
2012-08-02 21:36 . 2012-08-02 21:36 -------- d-----w- C:\0a647355c45c05c22a91d2
2012-08-01 00:04 . 2012-08-01 00:04 -------- d-----w- c:\dokumente und einstellungen\Petra\Anwendungsdaten\ElevatedDiagnostics
2012-07-31 21:35 . 2012-07-31 21:35 -------- d-sh--w- c:\dokumente und einstellungen\Petra\PrivacIE
2012-07-31 21:34 . 2012-07-31 21:34 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache
2012-07-31 21:34 . 2012-07-31 21:34 -------- d-sh--w- c:\dokumente und einstellungen\Petra\IETldCache
2012-07-31 21:29 . 2012-07-31 21:30 -------- dc-h--w- c:\windows\ie8
2012-07-30 18:55 . 2012-07-30 18:55 -------- d-----w- c:\programme\ESET
2012-07-29 23:03 . 2012-07-30 01:22 -------- d-----w- c:\dokumente und einstellungen\Petra\Anwendungsdaten\PhotoScape
2012-07-29 21:51 . 2012-07-29 21:51 -------- d--h--w- c:\windows\PIF
2012-07-21 04:34 . 2012-07-21 04:34 -------- d-----w- c:\dokumente und einstellungen\kids\Anwendungsdaten\Nokia Multimedia Player
2012-07-12 11:47 . 2012-08-04 09:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 09:28 . 2011-02-28 09:19 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-04 09:08 . 2011-07-07 14:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 06:27 . 2012-02-09 11:23 1324 ----a-w- c:\dokumente und einstellungen\kids\Lokale Einstellungen\Anwendungsdaten\d3d9caps.tmp
2012-07-03 11:46 . 2012-06-26 21:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-04 15:35 . 2011-02-27 20:32 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 15:35 . 2011-02-28 18:11 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 18:24 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:18 . 2011-02-28 18:11 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-28 18:11 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-18 19:21 . 2011-12-07 10:58 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\kids\Startmenü\Programme\Autostart\
OpenOffice.org 3.3.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Petra^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk]
path=c:\dokumente und einstellungen\Petra\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\programme\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [27.02.2011 23:48 14949]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [27.02.2011 23:48 514128]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [27.02.2011 22:44 265088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [01.03.2011 08:25 39456]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12.07.2012 13:47 250056]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [27.02.2011 22:45 4352]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [27.02.2011 23:48 28144]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [02.08.2012 23:58 35144]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [03.05.2012 09:29 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 09:08]
.
2012-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube Download - c:\dokumente und einstellungen\Petra\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Petra\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: chip.de\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Petra\Anwendungsdaten\Mozilla\Firefox\Profiles\v8mrq0fs.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 15:18
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\CLBCATQ.DLL
.
Zeit der Fertigstellung: 2012-08-06 15:20:30
ComboFix-quarantined-files.txt 2012-08-06 13:20
.
Vor Suchlauf: 6 Verzeichnis(se), 245.131.640.832 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 245.488.398.336 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - CD554957FC1E19BCFF7681D1BBCF2364
|
|
06.08.2012, 20:17
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup Blabbers /xsecva usw. - was tun? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\windows\NV1060776.TMP
C:\0a647355c45c05c22a91d2
File::
c:\windows\003119_.tmp
c:\windows\SET47.tmp
c:\windows\SET3B.tmp
c:\windows\SET38.tmp
c:\windows\SETF2.tmp
c:\windows\SETE6.tmp
c:\windows\SETE3.tmp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 21:30
| #28 |
| | Pup Blabbers /xsecva usw. - was tun? so hoffe dass ist so richtig datei war zu groß |
|
07.08.2012, 20:55
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Pup Blabbers /xsecva usw. - was tun? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2012, 23:23
| #30 |
| | Pup Blabbers /xsecva usw. - was tun? so GMER ging mal gar nicht also osam und aswmvr Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:36:09 on 07.08.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "cjtpl.cpl" - " REINER SCT" - C:\WINDOWS\system32\cjtpl.cpl "Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\DOKUME~1\Petra\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Franson VSerial" (bizVSerial) - "franson.biz" - C:\WINDOWS\System32\drivers\bizVSerialNT.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "kwtyyuog" (kwtyyuog) - ? - C:\DOKUME~1\Petra\LOKALE~1\Temp\kwtyyuog.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbamchameleon" (mbamchameleon) - ? - C:\WINDOWS\system32\drivers\mbamchameleon.sys (File found, but it contains no detailed information) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WpdUsb" (WpdUsb) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wpdusb.sys [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Internet Explorer Version Update" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - D:\Programme\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internetverknüpfung" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll {640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\Audiodev.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341378580046 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Petra\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" "BrMfcWnd" - "Brother Industries, Ltd." - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "ControlCenter3" - "Brother Industries, Ltd." - C:\Programme\Brother\ControlCenter3\brctrcen.exe /autorun "IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" "PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll (File not found) "FRITZ!fax Port Monitor" - ? - FritzVistaMon.dll (File not found) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "cyberJack PC/SC COM Service " (cjpcsc) - "REINER SCT" - C:\WINDOWS\system32\cjpcsc.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 23:50:33
-----------------------------
23:50:33.640 OS Version: Windows 5.1.2600 Service Pack 3
23:50:33.640 Number of processors: 2 586 0x203
23:50:33.640 ComputerName: BRAUSEZWERG UserName: Petra
23:50:34.828 Initialize success
23:52:39.234 AVAST engine defs: 12080701
23:53:57.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
23:53:57.203 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 3
23:53:57.265 Disk 0 MBR read successfully
23:53:57.265 Disk 0 MBR scan
23:53:57.296 Disk 0 Windows XP default MBR code
23:53:57.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250003 MB offset 63
23:53:57.312 Disk 0 Partition - 00 0F Extended LBA 360466 MB offset 512007615
23:53:57.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 180001 MB offset 512007678
23:53:57.390 Disk 0 Partition - 00 05 Extended 180464 MB offset 880651170
23:53:57.453 Disk 0 Partition 3 00 0E FAT16 LBA 180464 MB offset 880651233
23:53:57.484 Disk 0 scanning sectors +1250242560
23:53:57.718 Disk 0 scanning C:\WINDOWS\system32\drivers
23:54:43.343 Service scanning
23:54:51.140 Modules scanning
23:55:50.125 Disk 0 trace - called modules:
23:55:50.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:55:50.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6dfab8]
23:55:50.187 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a6a4f18]
23:55:50.187 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8a688d98]
23:55:51.390 AVAST engine scan C:\WINDOWS
23:57:01.656 AVAST engine scan C:\WINDOWS\system32
00:08:58.546 AVAST engine scan C:\WINDOWS\system32\drivers
00:10:45.875 AVAST engine scan C:\Dokumente und Einstellungen\Petra
00:18:23.140 AVAST engine scan C:\Dokumente und Einstellungen\All Users
00:19:00.078 Scan finished successfully
00:20:44.171 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Petra\Desktop\MBR.dat"
00:20:44.171 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Petra\Desktop\aswMBR.txt"
|
|
| Themen zu Pup Blabbers /xsecva usw. - was tun? |
| .dll, 00000008.@, administrator, anti-malware, autostart, dateien, desktop.ini, explorer, folge, gelöscht, keine updates, löschen, malwarebytes, microsoft, programme, pup blabbers, quarantäne, recycler, rootkit.zaccess, service pack 3, sicherheitswarnung, software, speicher, system volume information, trojan.0access, trojan.agent, trojan.agent.bvxgen, trojan.midhos, updates, version, was tun?, _restore |
Linear-Darstellung
