| |
| |||||||
Log-Analyse und Auswertung: Keine Ahnung welcher Trojaner auf welchem PC - abuse Team TelekomWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.10.2012, 22:30
| #1 |
 |  Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Hallo zusammen, auch ich habe von der Telekom ein Hinweisschreiben über die mißbräuchliche Benutzung meines Internetzugangs erhalten. Da in meiner Familie aber von fünf verschiedenen Rechnern aus aufs Internet zugegriffen wird, habe ich momentan keine Idee welche(r) PC(s) der (die) Verursacher ist (sind). Ich poste der Reihe nach von jedem die Logs und hoffe ihr könnt mir bei der Identifizierung helfen. Gruß, Hans-Jürgen Anbei das MBAM.LOG vom zweiten in Frage kommenden Kandidat. Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.28.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Hans-Jürgen :: ROSENLAP [Administrator] 28.10.2012 22:14:52 mbam-log-2012-10-28 (23-50-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355730 Laufzeit: 1 Stunde(n), 29 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71} (Trojan.WebMoner) -> Keine Aktion durchgeführt. HKCR\java-exam-ebook.eProtocol (Trojan.WebMoner) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Programme\Tools\Viewer\ProjectViewer\VMStarter.exe (Trojan.Zbot) -> Keine Aktion durchgeführt. (Ende) |
|
30.10.2012, 11:14
| #2 |
| /// TB-Ausbilder   | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Wir bereinigen pro Thema immer nur ein Rechner, da es sonst zu unübersichtlich wird. Ich bin aber gerne bereit, alle fünf Rechner nacheinander mit dir durchzugehen und zu bereinigen. Entscheide dich für einen einzigen Rechner, mit dem du die 1. Bereinigung starten möchtest, wir beschränken uns zuerst nur auf diesen einen Rechner! Führe nur auf diesem 1. Rechner folgende Schritte aus: Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
30.10.2012, 11:44
| #3 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Danke schonmal, dass Du mir hilfst. Ich werde nachher direkt loslegen.
__________________Attach.txt im Anhang hier die DDS.txt Code:
ATTFilter DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by Birgit at 12:27:33 on 2012-10-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.182 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Programme\Microsoft Security Client\MsMpEng.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\Programme\Soluto\SolutoService.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Globus Fotoservice\dd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Epson Software\Event Manager\EEventManager.exe
c:\programme\tools\cd_dvd\magicdisc\magicdisc.exe
C:\Programme\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\programme\soluto\soluto.exe /userinit
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\programme\epson software\easy photo print\EPTBL.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\programme\epson software\easy photo print\EPTBL.dll
EB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\programme\toshiba\toscdspd\toscdspd.exe
uRun: [EPSON SX525WD Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigae.exe /fu "c:\windows\temp\E_S7C.tmp" /EF "HKCU"
uRun: [Epson Stylus SX525WD(Netzwerk)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigae.exe /fu "c:\windows\temp\E_S3A.tmp" /EF "HKCU"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Device Detection] c:\programme\globus fotoservice\dd.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.15) Gecko/2009101601 Firefox/3.0.15 (.NET CLR 3.5.30729)" -"hxxp://www.diddl.de/appgen/index.php?cl=depesche&cp=onlinegames&SESSIONID=789386692225afbd13dada3a6cbdfb62&gamesymbol=ACROBAT&cmd=stog_c&gat=Diddls%20Schneemann-Spiel&gaf=schneemannspiel.dir&w=580&h=420&bgcol=FFEF02&SESSIONID=789386692225afbd13dada3a6cbdfb62"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Apoint] c:\programme\apoint2k\Apoint.exe
mRun: [HWSetup] c:\programme\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [TPNF] c:\programme\toshiba\touchpad\TPTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [Tvs] c:\programme\toshiba\tvs\TvsTray.exe
mRun: [IntelZeroConfig] "c:\programme\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\programme\gemeinsame dateien\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokumente und einstellungen\birgit\startmenü\programme\autostart\netconnect.cmd
StartupFolder: c:\dokume~1\birgit\startm~1\progra~1\autost~1\openof~1.lnk - c:\programme\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\birgit\anwendungsdaten\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{1C1DC016-1A03-4BC9-A87D-DC390ECD3555} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A161A9AF-F954-4436-A0B3-5FEE46B1BC9A} : NameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\birgit\anwendungsdaten\mozilla\firefox\profiles\vp2ygp3k.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\programme\bild\google\picasa3\npPicasa3.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\programme\quicktime alternative\plugins\npqtplugin8.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
FF - ExtSQL: !HIDDEN! 2009-10-17 12:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-8-28 51144]
R1 MpKsl157d066b;MpKsl157d066b;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{258609c5-f40b-4a89-8c63-73544e290473}\MpKsl157d066b.sys [2012-10-30 29904]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programme\gemeinsame dateien\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 SolutoService;Soluto PCGenome Core Service;c:\programme\soluto\SolutoService.exe [2012-8-28 598032]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-4-18 98816]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;c:\programme\epson\epsoncustomerresearchparticipation\EPCP.exe [2010-9-29 547968]
R3 NETwLx32; Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows XP 32-Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-5-20 6609920]
S2 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2012-7-13 160944]
S3 LcAgent;LC Remote Agent; [x]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-4-26 115168]
S3 PL2501NW;Hi-Speed USB-USB Network Adapter;c:\windows\system32\drivers\PL2501NW.sys [2009-2-14 11520]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2009-2-14 7936]
S4 ICQ Service;ICQ Service; [x]
.
=============== Created Last 30 ================
.
2012-10-30 10:56:55 29904 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{258609c5-f40b-4a89-8c63-73544e290473}\MpKsl157d066b.sys
2012-10-29 20:25:49 56200 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{258609c5-f40b-4a89-8c63-73544e290473}\offreg.dll
2012-10-29 20:23:45 6918632 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{258609c5-f40b-4a89-8c63-73544e290473}\mpengine.dll
2012-10-28 20:45:32 6918632 ------w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-27 11:02:59 917984 ----a-w- c:\programme\mozilla firefox\firefox.exe
2012-10-27 11:02:59 258528 ----a-w- c:\programme\mozilla firefox\freebl3.dll
2012-10-27 11:02:59 2560480 ----a-w- c:\programme\mozilla firefox\gkmedias.dll
2012-10-27 11:02:58 73696 ----a-w- c:\programme\mozilla firefox\breakpadinjector.dll
2012-10-27 11:02:58 5164704 ----a-w- c:\programme\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-10-27 11:02:58 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2012-10-27 11:02:58 2106216 ----a-w- c:\programme\mozilla firefox\D3DCompiler_43.dll
2012-10-27 11:02:58 1998168 ----a-w- c:\programme\mozilla firefox\d3dx9_43.dll
2012-10-27 11:02:58 18912 ----a-w- c:\programme\mozilla firefox\AccessibleMarshal.dll
2012-10-27 11:02:58 116192 ----a-w- c:\programme\mozilla firefox\crashreporter.exe
2012-10-10 06:03:00 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-10-10 06:03:00 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05:48 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 13:32:58 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26:54 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26:54 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 12:29:36,51 ===============
Geändert von Eytsch (30.10.2012 um 12:28 Uhr) |
|
30.10.2012, 12:32
| #4 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom hier die Daten vom Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:40 on 30/10/2012 (Birgit)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
30.10.2012, 12:42
| #5 |
| /// TB-Ausbilder | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Servus, fehlen noch die Logdateien von aswMBR und TDSSKiller vom diesem ersten Rechner.  |
|
30.10.2012, 13:41
| #6 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Sorry, ich muss zwischenzeitlich noch ein wenig arbeiten. Und der Download des Scanners war über WLAN auch nicht gerade schnell. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-30 12:43:05
-----------------------------
12:43:05.656 OS Version: Windows 5.1.2600 Service Pack 3
12:43:05.656 Number of processors: 2 586 0xE08
12:43:05.656 ComputerName: ROSENBIRGIT UserName: Birgit
12:43:08.937 Initialize success
12:58:49.187 AVAST engine defs: 12103000
13:04:47.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:04:47.312 Disk 0 Vendor: HTS541080G9SA00 MB4OC60R Size: 76319MB BusType: 3
13:04:47.328 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
13:04:47.328 Disk 1 Vendor: ( Size: 982MB BusType: 12
13:04:47.359 Disk 0 MBR read successfully
13:04:47.359 Disk 0 MBR scan
13:04:48.125 Disk 0 unknown MBR code
13:04:48.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
13:04:49.015 Disk 0 scanning sectors +156296385
13:04:49.656 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:26.109 Service scanning
13:05:48.359 Service MpKsl157d066b c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{258609C5-F40B-4A89-8C63-73544E290473}\MpKsl157d066b.sys **LOCKED** 32
13:06:12.203 Modules scanning
13:06:21.328 Disk 0 trace - called modules:
13:06:21.359 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:06:21.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ef6ab8]
13:06:21.359 3 CLASSPNP.SYS[f78acfd7] -> nt!IofCallDriver -> \Device\00000077[0x86f4f338]
13:06:21.359 5 ACPI.sys[f7802620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f74d98]
13:06:23.234 AVAST engine scan C:\WINDOWS
13:06:50.000 AVAST engine scan C:\WINDOWS\system32
13:12:58.015 AVAST engine scan C:\WINDOWS\system32\drivers
13:13:27.781 AVAST engine scan C:\Dokumente und Einstellungen\Birgit
13:35:40.265 AVAST engine scan C:\Dokumente und Einstellungen\All Users
13:39:42.796 Scan finished successfully
13:47:47.125 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Birgit\Desktop\MBR.dat"
13:47:47.328 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Birgit\Desktop\aswMBR.txt"
Code:
ATTFilter 13:52:19.0843 4080 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:52:20.0125 4080 ============================================================
13:52:20.0125 4080 Current date / time: 2012/10/30 13:52:20.0125
13:52:20.0125 4080 SystemInfo:
13:52:20.0125 4080
13:52:20.0125 4080 OS Version: 5.1.2600 ServicePack: 3.0
13:52:20.0125 4080 Product type: Workstation
13:52:20.0125 4080 ComputerName: ROSENBIRGIT
13:52:20.0125 4080 UserName: Birgit
13:52:20.0125 4080 Windows directory: C:\WINDOWS
13:52:20.0125 4080 System windows directory: C:\WINDOWS
13:52:20.0125 4080 Processor architecture: Intel x86
13:52:20.0125 4080 Number of processors: 2
13:52:20.0125 4080 Page size: 0x1000
13:52:20.0125 4080 Boot type: Normal boot
13:52:20.0125 4080 ============================================================
13:52:22.0968 4080 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:52:22.0968 4080 ============================================================
13:52:22.0968 4080 \Device\Harddisk0\DR0:
13:52:22.0968 4080 MBR partitions:
13:52:22.0968 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
13:52:22.0968 4080 ============================================================
13:52:23.0015 4080 C: <-> \Device\Harddisk0\DR0\Partition1
13:52:23.0015 4080 ============================================================
13:52:23.0015 4080 Initialize success
13:52:23.0015 4080 ============================================================
13:52:38.0812 3288 ============================================================
13:52:38.0812 3288 Scan started
13:52:38.0812 3288 Mode: Manual;
13:52:38.0812 3288 ============================================================
13:52:39.0203 3288 ================ Scan system memory ========================
13:52:39.0203 3288 System memory - ok
13:52:39.0203 3288 ================ Scan services =============================
13:52:39.0421 3288 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Programme\Gemeinsame Dateien\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
13:52:39.0437 3288 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
13:52:39.0625 3288 Abiosdsk - ok
13:52:39.0625 3288 abp480n5 - ok
13:52:39.0671 3288 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07 C:\WINDOWS\system32\drivers\ACEDRV07.sys
13:52:39.0687 3288 ACEDRV07 - ok
13:52:39.0734 3288 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:52:39.0750 3288 ACPI - ok
13:52:39.0750 3288 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:52:39.0750 3288 ACPIEC - ok
13:52:39.0765 3288 adpu160m - ok
13:52:39.0781 3288 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:52:39.0796 3288 aec - ok
13:52:39.0843 3288 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:52:39.0843 3288 AFD - ok
13:52:39.0937 3288 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:52:39.0968 3288 AgereSoftModem - ok
13:52:39.0984 3288 Aha154x - ok
13:52:39.0984 3288 aic78u2 - ok
13:52:40.0000 3288 aic78xx - ok
13:52:40.0031 3288 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:52:40.0046 3288 Alerter - ok
13:52:40.0078 3288 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
13:52:40.0078 3288 ALG - ok
13:52:40.0078 3288 AliIde - ok
13:52:40.0093 3288 amsint - ok
13:52:40.0140 3288 [ 87EC3FDCAF6C5052E2E72B861DEDD3D3 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
13:52:40.0140 3288 ApfiltrService - ok
13:52:40.0218 3288 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:52:40.0218 3288 Apple Mobile Device - ok
13:52:40.0234 3288 AppMgmt - ok
13:52:40.0265 3288 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:52:40.0281 3288 Arp1394 - ok
13:52:40.0281 3288 asc - ok
13:52:40.0296 3288 asc3350p - ok
13:52:40.0296 3288 asc3550 - ok
13:52:40.0390 3288 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:52:40.0453 3288 aspnet_state - ok
13:52:40.0468 3288 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:52:40.0484 3288 AsyncMac - ok
13:52:40.0500 3288 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:52:40.0500 3288 atapi - ok
13:52:40.0515 3288 Atdisk - ok
13:52:40.0546 3288 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:52:40.0546 3288 Atmarpc - ok
13:52:40.0578 3288 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:52:40.0578 3288 AudioSrv - ok
13:52:40.0593 3288 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:52:40.0593 3288 audstub - ok
13:52:40.0609 3288 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:52:40.0625 3288 Beep - ok
13:52:40.0656 3288 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:52:40.0687 3288 BITS - ok
13:52:40.0765 3288 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
13:52:40.0765 3288 Bonjour Service - ok
13:52:40.0828 3288 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
13:52:40.0828 3288 Brother XP spl Service - ok
13:52:40.0859 3288 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
13:52:40.0875 3288 Browser - ok
13:52:40.0890 3288 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:52:40.0890 3288 cbidf2k - ok
13:52:40.0906 3288 cd20xrnt - ok
13:52:40.0921 3288 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:52:40.0921 3288 Cdaudio - ok
13:52:40.0953 3288 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:52:40.0953 3288 Cdfs - ok
13:52:40.0984 3288 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:52:40.0984 3288 Cdrom - ok
13:52:41.0062 3288 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
13:52:41.0062 3288 CFSvcs - ok
13:52:41.0062 3288 Changer - ok
13:52:41.0109 3288 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:52:41.0109 3288 CiSvc - ok
13:52:41.0125 3288 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:52:41.0125 3288 ClipSrv - ok
13:52:41.0171 3288 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:52:41.0250 3288 clr_optimization_v2.0.50727_32 - ok
13:52:41.0265 3288 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:52:41.0265 3288 CmBatt - ok
13:52:41.0281 3288 CmdIde - ok
13:52:41.0296 3288 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:52:41.0296 3288 Compbatt - ok
13:52:41.0296 3288 COMSysApp - ok
13:52:41.0312 3288 Cpqarray - ok
13:52:41.0375 3288 cpuz135 - ok
13:52:41.0421 3288 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:52:41.0421 3288 CryptSvc - ok
13:52:41.0437 3288 dac2w2k - ok
13:52:41.0437 3288 dac960nt - ok
13:52:41.0500 3288 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:52:41.0515 3288 DcomLaunch - ok
13:52:41.0562 3288 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:52:41.0562 3288 Dhcp - ok
13:52:41.0578 3288 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:52:41.0578 3288 Disk - ok
13:52:41.0578 3288 dmadmin - ok
13:52:41.0640 3288 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:52:41.0656 3288 dmboot - ok
13:52:41.0687 3288 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:52:41.0687 3288 dmio - ok
13:52:41.0718 3288 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:52:41.0718 3288 dmload - ok
13:52:41.0734 3288 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:52:41.0734 3288 dmserver - ok
13:52:41.0765 3288 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:52:41.0765 3288 DMusic - ok
13:52:41.0796 3288 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:52:41.0796 3288 Dnscache - ok
13:52:41.0843 3288 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:52:41.0843 3288 Dot3svc - ok
13:52:41.0843 3288 dpti2o - ok
13:52:41.0875 3288 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:52:41.0875 3288 drmkaud - ok
13:52:41.0921 3288 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:52:41.0921 3288 EapHost - ok
13:52:41.0953 3288 [ 01857B94BD3F8C99188862D026C925C0 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
13:52:41.0953 3288 EMSCR - ok
13:52:42.0031 3288 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
13:52:42.0046 3288 EpsonBidirectionalService - ok
13:52:42.0109 3288 [ A14644165086B9D9BEC1461F90A4423B ] EpsonCustomerResearchParticipation C:\Programme\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
13:52:42.0109 3288 EpsonCustomerResearchParticipation - ok
13:52:42.0156 3288 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:52:42.0156 3288 ERSvc - ok
13:52:42.0171 3288 [ 5983F3F91487C2A2A514C17245A0E25D ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
13:52:42.0171 3288 ESDCR - ok
13:52:42.0187 3288 [ 1C70A634FE223735CBC75E020B6013FD ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
13:52:42.0187 3288 ESMCR - ok
13:52:42.0218 3288 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
13:52:42.0234 3288 Eventlog - ok
13:52:42.0281 3288 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
13:52:42.0281 3288 EventSystem - ok
13:52:42.0406 3288 [ 8759748B9A5FA3C1257A22EFED056B83 ] EvtEng C:\Programme\Intel\WiFi\bin\EvtEng.exe
13:52:42.0421 3288 EvtEng - ok
13:52:42.0453 3288 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:52:42.0453 3288 Fastfat - ok
13:52:42.0500 3288 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:52:42.0500 3288 FastUserSwitchingCompatibility - ok
13:52:42.0531 3288 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:52:42.0531 3288 Fdc - ok
13:52:42.0562 3288 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:52:42.0562 3288 Fips - ok
13:52:42.0578 3288 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:52:42.0578 3288 Flpydisk - ok
13:52:42.0593 3288 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:52:42.0593 3288 FltMgr - ok
13:52:42.0656 3288 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:52:42.0656 3288 FontCache3.0.0.0 - ok
13:52:42.0687 3288 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:52:42.0687 3288 Fs_Rec - ok
13:52:42.0703 3288 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:52:42.0703 3288 Ftdisk - ok
13:52:42.0734 3288 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:52:42.0734 3288 GEARAspiWDM - ok
13:52:42.0781 3288 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:52:42.0781 3288 Gpc - ok
13:52:42.0890 3288 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
13:52:42.0890 3288 gusvc - ok
13:52:42.0921 3288 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:52:42.0921 3288 HDAudBus - ok
13:52:42.0968 3288 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:52:42.0968 3288 helpsvc - ok
13:52:42.0984 3288 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
13:52:42.0984 3288 HidServ - ok
13:52:43.0015 3288 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:52:43.0015 3288 HidUsb - ok
13:52:43.0078 3288 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:52:43.0078 3288 hkmsvc - ok
13:52:43.0078 3288 hpn - ok
13:52:43.0125 3288 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:52:43.0125 3288 HTTP - ok
13:52:43.0171 3288 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:52:43.0171 3288 HTTPFilter - ok
13:52:43.0218 3288 [ 07853191B1BDEE5B39BE4CFCFE3B9AD4 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
13:52:43.0218 3288 hwdatacard - ok
13:52:43.0234 3288 i2omgmt - ok
13:52:43.0234 3288 i2omp - ok
13:52:43.0265 3288 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:52:43.0265 3288 i8042prt - ok
13:52:43.0375 3288 [ DA91F5385CFC8BA0F110F2FDE112B563 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:52:43.0406 3288 ialm - ok
13:52:43.0500 3288 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:52:43.0531 3288 idsvc - ok
13:52:43.0546 3288 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:52:43.0546 3288 Imapi - ok
13:52:43.0593 3288 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
13:52:43.0609 3288 ImapiService - ok
13:52:43.0609 3288 ini910u - ok
13:52:43.0812 3288 [ 71AE838A88B07268D732F596FC17CED5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:52:43.0906 3288 IntcAzAudAddService - ok
13:52:43.0906 3288 IntelIde - ok
13:52:43.0953 3288 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:52:43.0953 3288 intelppm - ok
13:52:43.0984 3288 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:52:43.0984 3288 Ip6Fw - ok
13:52:44.0015 3288 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:52:44.0015 3288 IpFilterDriver - ok
13:52:44.0015 3288 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:52:44.0015 3288 IpInIp - ok
13:52:44.0046 3288 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:52:44.0062 3288 IpNat - ok
13:52:44.0125 3288 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
13:52:44.0140 3288 iPod Service - ok
13:52:44.0171 3288 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:52:44.0171 3288 IPSec - ok
13:52:44.0187 3288 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:52:44.0187 3288 IRENUM - ok
13:52:44.0218 3288 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:52:44.0218 3288 isapnp - ok
13:52:44.0234 3288 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
13:52:44.0234 3288 Iviaspi - ok
13:52:44.0421 3288 [ 77AC10DB097DFD0CD3071465B644D0AB ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
13:52:44.0437 3288 JavaQuickStarterService - ok
13:52:44.0453 3288 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:52:44.0453 3288 Kbdclass - ok
13:52:44.0484 3288 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:52:44.0484 3288 kbdhid - ok
13:52:44.0500 3288 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:52:44.0500 3288 kmixer - ok
13:52:44.0531 3288 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:52:44.0531 3288 KSecDD - ok
13:52:44.0562 3288 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:52:44.0578 3288 lanmanserver - ok
13:52:44.0609 3288 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:52:44.0625 3288 lanmanworkstation - ok
13:52:44.0625 3288 lbrtfdc - ok
13:52:44.0671 3288 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:52:44.0671 3288 LmHosts - ok
13:52:44.0718 3288 [ CF156A4797551F88FEA61567E052DCEC ] mcdbus C:\WINDOWS\system32\DRIVERS\mcdbus.sys
13:52:44.0718 3288 mcdbus - ok
13:52:44.0734 3288 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:52:44.0734 3288 Messenger - ok
13:52:44.0765 3288 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:52:44.0765 3288 mnmdd - ok
13:52:44.0796 3288 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:52:44.0812 3288 mnmsrvc - ok
13:52:44.0843 3288 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:52:44.0843 3288 Modem - ok
13:52:44.0859 3288 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:52:44.0859 3288 Mouclass - ok
13:52:44.0906 3288 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:52:44.0906 3288 mouhid - ok
13:52:44.0921 3288 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:52:44.0937 3288 MountMgr - ok
13:52:44.0984 3288 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:52:44.0984 3288 MozillaMaintenance - ok
13:52:45.0031 3288 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:52:45.0046 3288 MpFilter - ok
13:52:45.0171 3288 [ A69630D039C38018689190234F866D77 ] MpKsl157d066b c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{258609C5-F40B-4A89-8C63-73544E290473}\MpKsl157d066b.sys
13:52:45.0171 3288 MpKsl157d066b - ok
13:52:45.0171 3288 mraid35x - ok
13:52:45.0187 3288 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:52:45.0187 3288 MRxDAV - ok
13:52:45.0234 3288 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:52:45.0250 3288 MRxSmb - ok
13:52:45.0281 3288 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:52:45.0281 3288 MSDTC - ok
13:52:45.0296 3288 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:52:45.0296 3288 Msfs - ok
13:52:45.0296 3288 MSIServer - ok
13:52:45.0343 3288 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:52:45.0359 3288 MSKSSRV - ok
13:52:45.0437 3288 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
13:52:45.0437 3288 MsMpSvc - ok
13:52:45.0640 3288 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:52:45.0640 3288 MSPCLOCK - ok
13:52:45.0656 3288 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:52:45.0656 3288 MSPQM - ok
13:52:45.0687 3288 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:52:45.0703 3288 mssmbios - ok
13:52:45.0718 3288 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:52:45.0718 3288 Mup - ok
13:52:45.0750 3288 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
13:52:45.0765 3288 napagent - ok
13:52:45.0796 3288 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:52:45.0812 3288 NDIS - ok
13:52:45.0859 3288 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:52:45.0859 3288 NdisTapi - ok
13:52:45.0859 3288 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:52:45.0875 3288 Ndisuio - ok
13:52:45.0875 3288 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:52:45.0875 3288 NdisWan - ok
13:52:45.0890 3288 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:52:45.0906 3288 NDProxy - ok
13:52:45.0906 3288 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:52:45.0906 3288 NetBIOS - ok
13:52:45.0921 3288 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:52:45.0937 3288 NetBT - ok
13:52:45.0968 3288 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
13:52:45.0968 3288 NetDDE - ok
13:52:45.0968 3288 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:52:45.0984 3288 NetDDEdsdm - ok
13:52:46.0000 3288 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
13:52:46.0000 3288 Netdevio - ok
13:52:46.0046 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:52:46.0046 3288 Netlogon - ok
13:52:46.0062 3288 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
13:52:46.0078 3288 Netman - ok
13:52:46.0109 3288 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:52:46.0109 3288 NetTcpPortSharing - ok
13:52:46.0218 3288 [ 88100EBDD10309FBD445EF8E42452EAE ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
13:52:46.0265 3288 NETw4x32 - ok
13:52:46.0593 3288 [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
13:52:46.0843 3288 NETwLx32 - ok
13:52:46.0875 3288 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:52:46.0875 3288 NIC1394 - ok
13:52:46.0906 3288 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:52:46.0921 3288 Nla - ok
13:52:46.0937 3288 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:52:46.0937 3288 nm - ok
13:52:46.0968 3288 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:52:46.0968 3288 Npfs - ok
13:52:47.0000 3288 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:52:47.0015 3288 Ntfs - ok
13:52:47.0031 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:52:47.0046 3288 NtLmSsp - ok
13:52:47.0093 3288 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:52:47.0109 3288 NtmsSvc - ok
13:52:47.0140 3288 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:52:47.0140 3288 Null - ok
13:52:47.0171 3288 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:52:47.0171 3288 NwlnkFlt - ok
13:52:47.0187 3288 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:52:47.0187 3288 NwlnkFwd - ok
13:52:47.0187 3288 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:52:47.0187 3288 ohci1394 - ok
13:52:47.0218 3288 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:52:47.0218 3288 Parport - ok
13:52:47.0218 3288 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:52:47.0218 3288 PartMgr - ok
13:52:47.0234 3288 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:52:47.0234 3288 ParVdm - ok
13:52:47.0250 3288 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:52:47.0250 3288 PCI - ok
13:52:47.0250 3288 PCIDump - ok
13:52:47.0265 3288 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:52:47.0265 3288 PCIIde - ok
13:52:47.0265 3288 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:52:47.0281 3288 Pcmcia - ok
13:52:47.0281 3288 PDCOMP - ok
13:52:47.0281 3288 PDFRAME - ok
13:52:47.0296 3288 PDRELI - ok
13:52:47.0296 3288 PDRFRAME - ok
13:52:47.0312 3288 perc2 - ok
13:52:47.0312 3288 perc2hib - ok
13:52:47.0359 3288 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
13:52:47.0359 3288 Pfc - ok
13:52:47.0390 3288 [ A60E4B298B4AF1C7B052C1D5286406AE ] PL2501NW C:\WINDOWS\system32\DRIVERS\PL2501NW.sys
13:52:47.0390 3288 PL2501NW - ok
13:52:47.0390 3288 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
13:52:47.0406 3288 PlugPlay - ok
13:52:47.0421 3288 [ 46329BFF07991DC6675834DC84750BEC ] PLUsbbc2 C:\WINDOWS\system32\Drivers\usbbc2.sys
13:52:47.0421 3288 PLUsbbc2 - ok
13:52:47.0421 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:52:47.0437 3288 PolicyAgent - ok
13:52:47.0453 3288 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:52:47.0468 3288 PptpMiniport - ok
13:52:47.0468 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:52:47.0468 3288 ProtectedStorage - ok
13:52:47.0500 3288 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:52:47.0500 3288 PSched - ok
13:52:47.0500 3288 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:52:47.0500 3288 Ptilink - ok
13:52:47.0515 3288 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:52:47.0515 3288 PxHelp20 - ok
13:52:47.0515 3288 ql1080 - ok
13:52:47.0531 3288 Ql10wnt - ok
13:52:47.0531 3288 ql12160 - ok
13:52:47.0546 3288 ql1240 - ok
13:52:47.0546 3288 ql1280 - ok
13:52:47.0546 3288 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:52:47.0546 3288 RasAcd - ok
13:52:47.0593 3288 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:52:47.0609 3288 RasAuto - ok
13:52:47.0625 3288 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:52:47.0625 3288 Rasl2tp - ok
13:52:47.0671 3288 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:52:47.0671 3288 RasMan - ok
13:52:47.0687 3288 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:52:47.0687 3288 RasPppoe - ok
13:52:47.0687 3288 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:52:47.0687 3288 Raspti - ok
13:52:47.0703 3288 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:52:47.0718 3288 Rdbss - ok
13:52:47.0718 3288 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:52:47.0718 3288 RDPCDD - ok
13:52:47.0781 3288 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:52:47.0781 3288 RDPWD - ok
13:52:47.0812 3288 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:52:47.0812 3288 RDSessMgr - ok
13:52:47.0812 3288 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:52:47.0812 3288 redbook - ok
13:52:47.0921 3288 [ 3A4959BA4774A55199AC4AE7FFD71924 ] RegSrvc C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
13:52:47.0937 3288 RegSrvc - ok
13:52:47.0968 3288 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:52:47.0968 3288 RemoteAccess - ok
13:52:48.0015 3288 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:52:48.0015 3288 RpcLocator - ok
13:52:48.0046 3288 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:52:48.0046 3288 RpcSs - ok
13:52:48.0109 3288 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:52:48.0109 3288 RSVP - ok
13:52:48.0156 3288 [ 6BB86099E1B4F9994D4F733F0C9E4C22 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:52:48.0156 3288 RTL8023xp - ok
13:52:48.0156 3288 [ 6BB86099E1B4F9994D4F733F0C9E4C22 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:52:48.0156 3288 RTLE8023xp - ok
13:52:48.0234 3288 [ 1FD4A7B6087C98BC27344BD3973F2031 ] S24EventMonitor C:\Programme\Intel\WiFi\bin\S24EvMon.exe
13:52:48.0265 3288 S24EventMonitor - ok
13:52:48.0296 3288 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
13:52:48.0296 3288 s24trans - ok
13:52:48.0343 3288 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:52:48.0343 3288 SamSs - ok
13:52:48.0390 3288 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:52:48.0390 3288 SCardSvr - ok
13:52:48.0437 3288 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:52:48.0453 3288 Schedule - ok
13:52:48.0484 3288 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
13:52:48.0484 3288 sdbus - ok
13:52:48.0515 3288 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:52:48.0515 3288 Secdrv - ok
13:52:48.0546 3288 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
13:52:48.0546 3288 seclogon - ok
13:52:48.0546 3288 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
13:52:48.0562 3288 SENS - ok
13:52:48.0593 3288 [ 2EC41A96D0DC98BD119BF325E0B9F392 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
13:52:48.0593 3288 Ser2pl - ok
13:52:48.0625 3288 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:52:48.0625 3288 Serenum - ok
13:52:48.0656 3288 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
13:52:48.0656 3288 Serial - ok
13:52:48.0671 3288 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
13:52:48.0687 3288 sffdisk - ok
13:52:48.0687 3288 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
13:52:48.0687 3288 sffp_sd - ok
13:52:48.0718 3288 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:52:48.0718 3288 Sfloppy - ok
13:52:48.0765 3288 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:52:48.0765 3288 SharedAccess - ok
13:52:48.0796 3288 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:52:48.0796 3288 ShellHWDetection - ok
13:52:48.0812 3288 Simbad - ok
13:52:48.0859 3288 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
13:52:48.0875 3288 SkypeUpdate - ok
13:52:48.0906 3288 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\WINDOWS\system32\DRIVERS\Soluto.sys
13:52:48.0906 3288 Soluto - ok
13:52:49.0000 3288 [ 3971E30B64AF2EF61F8F68E41586517B ] SolutoService C:\Programme\Soluto\SolutoService.exe
13:52:49.0015 3288 SolutoService - ok
13:52:49.0031 3288 Sparrow - ok
13:52:49.0046 3288 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:52:49.0046 3288 splitter - ok
13:52:49.0093 3288 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:52:49.0093 3288 Spooler - ok
13:52:49.0109 3288 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:52:49.0109 3288 sr - ok
13:52:49.0156 3288 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:52:49.0156 3288 srservice - ok
13:52:49.0203 3288 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:52:49.0203 3288 Srv - ok
13:52:49.0234 3288 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:52:49.0234 3288 SSDPSRV - ok
13:52:49.0312 3288 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:52:49.0312 3288 stisvc - ok
13:52:49.0359 3288 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:52:49.0359 3288 swenum - ok
13:52:49.0375 3288 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:52:49.0375 3288 swmidi - ok
13:52:49.0375 3288 SwPrv - ok
13:52:49.0390 3288 symc810 - ok
13:52:49.0390 3288 symc8xx - ok
13:52:49.0437 3288 SYMIDSCO - ok
13:52:49.0437 3288 sym_hi - ok
13:52:49.0453 3288 sym_u3 - ok
13:52:49.0468 3288 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:52:49.0484 3288 sysaudio - ok
13:52:49.0500 3288 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:52:49.0515 3288 SysmonLog - ok
13:52:49.0531 3288 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:52:49.0546 3288 TapiSrv - ok
13:52:49.0578 3288 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:52:49.0578 3288 Tcpip - ok
13:52:49.0625 3288 [ CC1D7BC6A3632C55EE6D8877E9B936F3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
13:52:49.0625 3288 tdcmdpst - ok
13:52:49.0671 3288 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:52:49.0671 3288 TDPIPE - ok
13:52:49.0671 3288 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:52:49.0671 3288 TDTCP - ok
13:52:49.0703 3288 [ EAB2AB0EE3605F5588D2B55EC06F2990 ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
13:52:49.0718 3288 tdudf - ok
13:52:49.0718 3288 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:52:49.0718 3288 TermDD - ok
13:52:49.0750 3288 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:52:49.0765 3288 TermService - ok
13:52:49.0781 3288 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:52:49.0781 3288 Themes - ok
13:52:49.0828 3288 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
13:52:49.0828 3288 TODDSrv - ok
13:52:49.0843 3288 TosIde - ok
13:52:49.0843 3288 [ 0E1A5AF6E6305E6DC7A69B814F35EADD ] TPwSav C:\WINDOWS\system32\Drivers\TPwSav.sys
13:52:49.0843 3288 TPwSav - ok
13:52:49.0890 3288 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:52:49.0890 3288 TrkWks - ok
13:52:49.0906 3288 [ 96A2F44963346E3213E91E84038CD2CC ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
13:52:49.0906 3288 Tvs - ok
13:52:49.0921 3288 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:52:49.0921 3288 Udfs - ok
13:52:49.0921 3288 ultra - ok
13:52:49.0984 3288 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:52:49.0984 3288 Update - ok
13:52:50.0015 3288 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:52:50.0031 3288 upnphost - ok
13:52:50.0046 3288 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
13:52:50.0046 3288 UPS - ok
13:52:50.0078 3288 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:52:50.0078 3288 USBAAPL - ok
13:52:50.0109 3288 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:52:50.0125 3288 usbccgp - ok
13:52:50.0140 3288 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:52:50.0140 3288 usbehci - ok
13:52:50.0187 3288 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:52:50.0203 3288 usbhub - ok
13:52:50.0218 3288 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:52:50.0218 3288 usbprint - ok
13:52:50.0265 3288 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:52:50.0265 3288 usbscan - ok
13:52:50.0296 3288 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:52:50.0296 3288 USBSTOR - ok
13:52:50.0343 3288 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:52:50.0343 3288 usbuhci - ok
13:52:50.0359 3288 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:52:50.0359 3288 VgaSave - ok
13:52:50.0359 3288 ViaIde - ok
13:52:50.0375 3288 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:52:50.0375 3288 VolSnap - ok
13:52:50.0437 3288 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:52:50.0437 3288 VSS - ok
13:52:50.0468 3288 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
13:52:50.0484 3288 W32Time - ok
13:52:50.0562 3288 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
13:52:50.0609 3288 w39n51 - ok
13:52:50.0640 3288 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:52:50.0640 3288 Wanarp - ok
13:52:50.0656 3288 WDICA - ok
13:52:50.0671 3288 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:52:50.0687 3288 wdmaud - ok
13:52:50.0703 3288 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:52:50.0703 3288 WebClient - ok
13:52:50.0781 3288 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:52:50.0781 3288 winmgmt - ok
13:52:50.0828 3288 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:52:50.0828 3288 WmdmPmSN - ok
13:52:50.0875 3288 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:52:50.0875 3288 WmiApSrv - ok
13:52:50.0968 3288 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
13:52:51.0000 3288 WMPNetworkSvc - ok
13:52:51.0046 3288 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:52:51.0046 3288 wscsvc - ok
13:52:51.0046 3288 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:52:51.0062 3288 wuauserv - ok
13:52:51.0078 3288 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:52:51.0093 3288 WudfPf - ok
13:52:51.0125 3288 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:52:51.0140 3288 WudfRd - ok
13:52:51.0156 3288 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:52:51.0171 3288 WudfSvc - ok
13:52:51.0218 3288 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:52:51.0234 3288 WZCSVC - ok
13:52:51.0265 3288 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:52:51.0265 3288 xmlprov - ok
13:52:51.0281 3288 ================ Scan global ===============================
13:52:51.0359 3288 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
13:52:51.0390 3288 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:52:51.0406 3288 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:52:51.0421 3288 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
13:52:51.0437 3288 [Global] - ok
13:52:51.0437 3288 ================ Scan MBR ==================================
13:52:51.0453 3288 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
13:52:51.0703 3288 \Device\Harddisk0\DR0 - ok
13:52:51.0703 3288 ================ Scan VBR ==================================
13:52:51.0718 3288 [ AC8B385EA7F9C6ADDD8BCB376A1C8B8E ] \Device\Harddisk0\DR0\Partition1
13:52:51.0718 3288 \Device\Harddisk0\DR0\Partition1 - ok
13:52:51.0718 3288 ============================================================
13:52:51.0718 3288 Scan finished
13:52:51.0718 3288 ============================================================
13:52:51.0734 0728 Detected object count: 0
13:52:51.0734 0728 Actual detected object count: 0
|
|
30.10.2012, 17:07
| #7 |
| /// TB-Ausbilder | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Servus, DeFogger bitte schließen. Wir machen noch ein paar Kontrollsuchläufe auf dem 1. Rechner: Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
30.10.2012, 23:06
| #8 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Nachfolgend erst mal das MBAM.LOG, da der Laptop beim ESET abgestürzt ist. Hintergrund scheint mit hier aber ein Wärmefehler auf der Platine, da dies auch bei jeder Bildbearbeitung mit extensiven Festplattenzugriffen sporadisch auftaucht. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.30.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Birgit :: ROSENBIRGIT [Administrator] 30.10.2012 20:27:13 mbam-log-2012-10-30 (20-27-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 320186 Laufzeit: 10 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Nachdem der ESET den Rechner zum zweiten Mal zum Absturz gebracht hat hier jetzt noch das Log vom Security Check Code:
ATTFilter Results of screen317's Security Check version 0.99.54 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` ESET Online Scanner v3 Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Eusing Free Registry Cleaner Java(TM) 6 Update 18 Java(TM) 6 Update 7 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.3.300.257 Adobe Reader 7 Adobe Reader out of Date! Mozilla Firefox (16.0.2) Mozilla Thunderbird (15.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` |
|
31.10.2012, 19:06
| #9 |
| /// TB-Ausbilder | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Servus, ein paar letzte Schritte für deinen 1. Rechner: Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 3 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 4 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 6 Starte bitte OTL und klicke auf Bereinigung. Du wirst zu einem Neustart aufgefordert. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte ein verwendetes Programm nach dem Neustart noch verhanden sein, bitte mit Rechtsklick --> Löschen manuell entfernen. Schritt 7 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind für den 1. Rechner. Wenn du möchtest, können wir uns nun um den 2. Rechner kümmern. |
|
01.11.2012, 00:56
| #10 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Danke schön, das ist ja ein schönes Ergebnis. Kommen wir jetzt zu Rechner 2 und nochmal danke für Deine Hilfe [CODE] . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 01.10.2005 10:43:21
System Uptime: 31.10.2012 07:39:48 (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) M processor 1.73GHz | mFCPGA | 1728/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 40,628 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394-Netzwerkadapter
Device ID: V1394\NIC1394\D128E2CD80DA0
Manufacturer: Microsoft
Name: 1394-Netzwerkadapter #3
PNP Device ID: V1394\NIC1394\D128E2CD80DA0
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0000
Service: tap0801
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
==== System Restore Points ===================
.
RP233: 13.08.2012 21:51:46 - Software Distribution Service 3.0
RP234: 15.08.2012 12:19:00 - Software Distribution Service 3.0
RP235: 16.08.2012 10:00:19 - Software Distribution Service 3.0
RP236: 16.08.2012 13:33:09 - Software Distribution Service 3.0
RP237: 20.08.2012 19:02:04 - Software Distribution Service 3.0
RP238: 20.08.2012 20:23:30 - DDBAC wird installiert
RP239: 21.08.2012 19:51:41 - Software Distribution Service 3.0
RP240: 24.08.2012 08:08:02 - Software Distribution Service 3.0
RP241: 25.08.2012 10:23:59 - Systemprüfpunkt
RP242: 26.08.2012 19:01:44 - Systemprüfpunkt
RP243: 27.08.2012 16:03:02 - Software Distribution Service 3.0
RP244: 27.08.2012 19:52:23 - Installation eines unsignierten Treibers
RP245: 29.08.2012 21:50:43 - Software Distribution Service 3.0
RP246: 31.08.2012 17:00:47 - Software Distribution Service 3.0
RP247: 10.09.2012 17:43:51 - Software Distribution Service 3.0
RP248: 12.09.2012 18:19:03 - Software Distribution Service 3.0
RP249: 12.09.2012 23:30:06 - Software Distribution Service 3.0
RP250: 16.09.2012 19:39:49 - Software Distribution Service 3.0
RP251: 16.09.2012 21:36:49 - Software Distribution Service 3.0
RP252: 24.09.2012 20:43:05 - Software Distribution Service 3.0
RP253: 24.09.2012 21:04:47 - Software Distribution Service 3.0
RP254: 25.09.2012 23:13:59 - Entfernt Ulead VideoStudio
RP255: 25.09.2012 23:15:02 - Removed USB2.0 Grabber
RP256: 25.09.2012 23:19:47 - Removed CAS Interface Studio 8.6.
RP257: 25.09.2012 23:26:16 - Removed Nokia Software Updater.
RP258: 26.09.2012 21:07:49 - Software Distribution Service 3.0
RP259: 28.09.2012 07:42:11 - Software Distribution Service 3.0
RP260: 03.10.2012 19:16:29 - Software Distribution Service 3.0
RP261: 03.10.2012 21:48:20 - Software Distribution Service 3.0
RP262: 04.10.2012 20:40:01 - Software Distribution Service 3.0
RP263: 08.10.2012 14:20:01 - Software Distribution Service 3.0
RP264: 10.10.2012 21:17:07 - Software Distribution Service 3.0
RP265: 10.10.2012 23:29:11 - Software Distribution Service 3.0
RP266: 11.10.2012 21:53:03 - Software Distribution Service 3.0
RP267: 13.10.2012 08:59:04 - Software Distribution Service 3.0
RP268: 16.10.2012 00:21:15 - Software Distribution Service 3.0
RP269: 17.10.2012 08:25:48 - Software Distribution Service 3.0
RP270: 22.10.2012 08:33:09 - Software Distribution Service 3.0
RP271: 28.10.2012 21:33:50 - Software Distribution Service 3.0
RP272: 30.10.2012 12:33:17 - Systemprüfpunkt
RP273: 31.10.2012 09:36:17 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0 - Deutsch
AllDup 2.1.10
Android SDK Tools
Anti-Twin (Installation 25.12.2008)
Apple Software Update
Arena 1.1 / SOS 5.1 for Arena
ATI - Dienstprogramm zur Deinstallation der Software
ATI Control Panel
ATI Display Driver
Audio Video Suite 1.7
Audiograbber 1.83 SE
AVS Disc Creator version 3.5
AVS Registry Cleaner version 1.1
AVS System Info
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Cadifra UML Editor 1.3.1
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
ChangeFileName 2005
Cisco Systems VPN Client 4.6.00.0049
Citrix Online Plug-in - Web
Citrix Online Plug-in (DV)
Citrix Online Plug-in (HDX)
Citrix Online Plug-in (USB)
Citrix Online Plug-in (Web)
CK Escape 1.2
Compatibility Pack für 2007 Office System
Das Interaktive Kartenwerk. Deutschland
DDBAC
DeepBurner v1.7.1.213
Der Schreibtrainer 3.7
DF HEXEditor 1.1
FaJo XP File Security Extension v1.2
Fiddler2
FLV Player 1.3.3
FreeCommander 2009.02a
Garmin POI Loader
Garmin WebUpdater
Google Video Player
HBCI-Modul für Money 99 V2000
HBCI-Modul für Money 99 Version 2000 4.0.1.4
HDClone 4 Free Edition
Hi-Speed USB Bridge-Network Cable
Hotfix für Windows XP (KB2756822)
Hotfix für Windows XP (KB952287)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB971276-v3)
Hotfix for Windows XP (KB976002-v5)
HUAWEI DataCard Driver 3.10.02.00
InfoRapid KnowledgeMap
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi-Software
Interlok driver setup x32
InterVideo WinDVD for TOSHIBA
IrfanView (remove only)
ISO Recorder
J2SE Runtime Environment 5.0 Update 21
Java 2 SDK, SE v1.4.2_08
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6
KeePass Password Safe 1.15
LibreOffice 3.3
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes Anti-Malware Version 1.65.1.1000
MapSource
MapSource - Trip & Waypoint Manager v2
MaxDB
MetaFrame Presentation Server Webclient für Win32
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 99
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Visio Viewer 2007
Microsoft Outlook-Sicherung für Persönliche Ordner
Microsoft Outlook 2002
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobile Connection Manager
Mobile Partner
Mobile Partner Manager
Mozilla Firefox 15.0.1 (x86 de)
Mozilla Maintenance Service
Mozilla Thunderbird 15.0.1 (x86 de)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4.0 redistributable
MySQL Tools for 5.0
MySQL Workbench 5.0 OSS
Nokia Connectivity Cable Driver
Nokia PC Suite
OODIX_32
OpenVPN 2.0-gui-1.0
Palm Desktop
PantsOff 2.0
PC Connectivity Solution
PDF-XChange 3
PdfGrabber 5.0
PerformanceTest v7.0
Peter's XML Editor
Phase 5 HTML-Editor
phonostar-Player Version 2.01.4
PokerStars
Power DVD Player
Primo
QuickTime
RealPlayer
Remote Control USB Driver
Rheinland-Pfalz Saarland 2.0
Runtime
SAP GUI 7.10
SAPsetup System Update
Screenshot Captor 2.07.01
SD Secure Module
Search Settings 1.2
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2675157)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2699988)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2722913)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2744842)
Sicherheitsupdate für Windows XP (KB2724197)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Skype™ 5.10
SMA USB Bus Direct Driver
SMSC IrCC V5.1.3600.5
soapUI 3.0.1 3.0.1
Soluto
SoundMAX
SpeedFan (remove only)
SyncToy 2.1 (x86)
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
TOSHIBA Assist
TOSHIBA Benutzerhandbücher
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC-Diagnose-Tool
TOSHIBA Power Saver
TOSHIBA SD-Speicherkarten-Formatierung
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zoom-Dienstprogramm
Touch and Launch
Turbo Lister 2
Update für Windows XP (KB2661254-v2)
Update für Windows XP (KB2749655)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoLAN VLC media player 0.8.6d
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WEB.DE Club SmartFax
WEB.DE SmartDrive Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9-Reihe
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR Archivierer
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
.
==== End Of File ===========================
Code:
ATTFilter DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by Hans-Jürgen at 9:37:27 on 2012-10-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.885 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Programme\Microsoft Security Client\MsMpEng.exe
C:\Programme\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DATA\xampplite\apache\bin\httpd.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\imapi.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Programme\Soluto\SolutoService.exe
C:\DATA\xampplite\apache\bin\httpd.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programme\DSL\O2\Mobile Connection Manager\ImpWiFiSvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\DSL\O2N\Mobile Partner Manager\AssistantServices.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
C:\Programme\Firefox\firefox.exe
C:\Programme\Firefox\plugin-container.exe
c:\Programme\Microsoft Security Client\MpCmdRun.exe
c:\Programme\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.139.832.0.exe
C:\WINDOWS\system32\MpSigStub.exe
C:\Programme\Tools\freeCommander\FreeCommander.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uProxyServer = 10.218.10.254:8080
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\programme\soluto\soluto.exe /userinit,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Plugin Class: {56CD20F0-7C09-11D5-A768-0050042307CE} - c:\playerie\PlayerIE.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [TOSCDSPD] c:\programme\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Nokia.PCSync] "c:\programme\nokia\nokia pc suite 7\PcSync2.exe" /NoDialog
uRun: [Skype] "c:\programme\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [TPSMain] TPSMain.exe
mRun: [SystemTray] c:\windows\system32\systray.exe
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\programme\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\programme\analog devices\soundmax\Smax4.exe /tray
mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [THotkey] c:\programme\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [PadTouch] c:\programme\toshiba\touch and launch\PadExe.exe
mRun: [IntelZeroConfig] "c:\programme\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\programme\gemeinsame dateien\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\hans-j~1\startm~1\progra~1\autost~1\bginfo.lnk - c:\programme\tools\bginfo\Bginfo.exe
StartupFolder: c:\dokumente und einstellungen\hans-jürgen\startmenü\programme\autostart\del.bat
StartupFolder: c:\dokume~1\hans-j~1\startm~1\progra~1\autost~1\winmys~1.lnk - c:\xampplite\mysql\bin\winmysqladmin.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\programme\tools\netwerk\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxps://www3.webbaukasten.ui-portal.de/applet/SWHTTPUploaderProj.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{DEE1C0C0-9E59-4642-88E1-17E4283F7FB9} : NameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\programme\citrix\ica client\IcaMimeFilter.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\programme\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\programme\gemeinsame dateien\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 193552]
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [2008-8-27 95752]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [2008-8-27 28680]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-9-10 51144]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 MpKsl452acedb;MpKsl452acedb;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a5e99b35-141d-4e2d-87d2-4a62312669a1}\MpKsl452acedb.sys [2012-10-30 29904]
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2010-12-7 21504]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [2010-7-8 26008]
R1 uiwbrdr;uiwbrdr;c:\windows\system32\drivers\uiwbrdr.SYS [2007-4-6 149120]
R2 Apache2.2;Apache2.2;c:\data\xampplite\apache\bin\httpd.exe [2010-1-6 29416]
R2 SolutoService;Soluto PCGenome Core Service;c:\programme\soluto\SolutoService.exe [2012-9-9 606224]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\programme\dsl\o2\mobile connection manager\ImpWiFiSvc.exe [2010-8-2 199600]
R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;c:\windows\system32\drivers\avmdsloe.sys [2003-6-11 39552]
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmndsl.sys [2003-6-11 38992]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [2005-10-4 37568]
R3 cpuz135;cpuz135;\??\c:\tmp\cpuz135\cpuz135_x32.sys --> c:\tmp\cpuz135\cpuz135_x32.sys [?]
R3 UI Assistant Service;UI Assistant Service;c:\programme\dsl\o2n\mobile partner manager\AssistantServices.exe [2010-12-7 246272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 XServer;XServer; [x]
S3 FDLUBASE;AVM FRITZ!Card DSL SL USB (WinXP/2000);c:\windows\system32\drivers\fdlubase.sys [2003-6-11 659200]
S3 fpcmbase;AVM ISDN-Controller FRITZ!Card PCMCIA;c:\windows\system32\drivers\fpcmbase.sys [2005-10-4 441728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\vs\ad-awarel\ad-aware\AAWService.exe [2010-9-23 1375992]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\vs\ad-awarel\ad-aware\kernexplorer.sys [2010-9-23 15264]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-7 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 NETFWDSL;AVM FRITZ!web DSL PPP; [x]
S3 PL2501NW;Hi-Speed USB-USB Network Adapter;c:\windows\system32\drivers\PL2501NW.sys [2009-2-14 11520]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2009-2-14 7936]
S3 SAP DBTech-.M760018 (quick);SAP DBTech-.M760018 (quick); [x]
S3 SAP DBTech-.M760018 (slow);SAP DBTech-.M760018 (slow); [x]
S3 SAP DBTech-.M760018 (test);SAP DBTech-.M760018 (test); [x]
S3 SAP DBTech-.M760018;SAP DBTech-.M760018; [x]
S3 SkypeUpdate;Skype Updater;c:\programme\skype\updater\Updater.exe [2012-7-13 160944]
S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [2007-7-25 29292]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-6-24 23552]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SAPOsCol;SAPOsCol; [x]
.
=============== Created Last 30 ================
.
2012-10-31 08:36:24 6918632 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{923f99bd-0c81-44c7-b3f4-5c68ae0c4ea7}\mpengine.dll
2012-10-28 23:16:14 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Norton
2012-10-28 20:33:58 6918632 ------w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-10-22 06:13:42 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 06:13:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 19:28:06 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-30 20:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05:48 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:51 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26:57 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26:57 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-04-07 06:56:37 3135488 ----a-w- c:\programme\Gemeinsame DateienDDBACSetup.msi
2008-10-08 10:18:36 626688 ----a-w- c:\programme\gemeinsame dateien\sapconsaccess.dll
2008-10-08 10:18:36 40960 ----a-w- c:\programme\gemeinsame dateien\DigitalSignature.ocx
2008-10-08 10:18:36 3125248 ----a-w- c:\programme\gemeinsame dateien\sapxlhelper.dll
2008-10-08 10:18:36 192512 ----a-w- c:\programme\gemeinsame dateien\sapconsr3.dll
.
============= FINISH: 9:39:35,15 ===============
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:44 on 31/10/2012 (Hans-Jürgen)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-31 09:46:02
-----------------------------
09:46:02.018 OS Version: Windows 5.1.2600 Service Pack 3
09:46:02.018 Number of processors: 1 586 0xD08
09:46:02.018 ComputerName: ROSENLAP UserName:
09:46:03.139 Initialize success
09:49:32.060 AVAST engine defs: 12103100
09:53:24.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:53:24.794 Disk 0 Vendor: HTS541080G9SA00 MB4OC60D Size: 76319MB BusType: 3
09:53:24.824 Disk 0 MBR read successfully
09:53:24.824 Disk 0 MBR scan
09:53:24.864 Disk 0 Windows XP default MBR code
09:53:24.864 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76112 MB offset 63
09:53:24.894 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 203 MB offset 155878695
09:53:24.924 Disk 0 scanning sectors +156296385
09:53:25.025 Disk 0 scanning C:\WINDOWS\system32\drivers
09:53:50.271 Service scanning
09:54:05.763 Service MpKslf9cb2102 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{923F99BD-0C81-44C7-B3F4-5C68AE0C4EA7}\MpKslf9cb2102.sys **LOCKED** 32
09:54:25.321 Modules scanning
09:54:45.771 Disk 0 trace - called modules:
09:54:45.791 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:54:45.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a79fab8]
09:54:45.791 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000092[0x8a779230]
09:54:45.791 5 ACPI.sys[f7579620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7c6940]
09:54:46.241 AVAST engine scan C:\WINDOWS
09:54:59.831 AVAST engine scan C:\WINDOWS\system32
10:00:38.488 AVAST engine scan C:\WINDOWS\system32\drivers
10:01:12.206 AVAST engine scan C:\Dokumente und Einstellungen\Hans-Jürgen
10:05:27.353 AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:07:51.500 Scan finished successfully
11:09:28.547 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hans-Jürgen\Desktop\MBR.dat"
11:09:28.557 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hans-Jürgen\Desktop\aswMBR.txt"
Code:
ATTFilter 00:53:09.0036 5464 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
00:53:09.0486 5464 ============================================================
00:53:09.0486 5464 Current date / time: 2012/11/01 00:53:09.0486
00:53:09.0486 5464 SystemInfo:
00:53:09.0486 5464
00:53:09.0486 5464 OS Version: 5.1.2600 ServicePack: 3.0
00:53:09.0486 5464 Product type: Workstation
00:53:09.0486 5464 ComputerName: ROSENLAP
00:53:09.0486 5464 UserName: Hans-Jürgen
00:53:09.0486 5464 Windows directory: C:\WINDOWS
00:53:09.0486 5464 System windows directory: C:\WINDOWS
00:53:09.0486 5464 Processor architecture: Intel x86
00:53:09.0486 5464 Number of processors: 1
00:53:09.0486 5464 Page size: 0x1000
00:53:09.0486 5464 Boot type: Normal boot
00:53:09.0486 5464 ============================================================
00:53:11.0619 5464 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:53:11.0629 5464 ============================================================
00:53:11.0629 5464 \Device\Harddisk0\DR0:
00:53:11.0629 5464 MBR partitions:
00:53:11.0629 5464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94A84E8
00:53:11.0629 5464 ============================================================
00:53:11.0689 5464 C: <-> \Device\Harddisk0\DR0\Partition1
00:53:11.0689 5464 ============================================================
00:53:11.0689 5464 Initialize success
00:53:11.0689 5464 ============================================================
00:53:26.0941 4220 ============================================================
00:53:26.0941 4220 Scan started
00:53:26.0941 4220 Mode: Manual;
00:53:26.0941 4220 ============================================================
00:53:27.0312 4220 ================ Scan system memory ========================
00:53:27.0312 4220 System memory - ok
00:53:27.0312 4220 ================ Scan services =============================
00:53:27.0422 4220 Abiosdsk - ok
00:53:27.0422 4220 abp480n5 - ok
00:53:27.0462 4220 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:53:27.0462 4220 ACPI - ok
00:53:27.0492 4220 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:53:27.0492 4220 ACPIEC - ok
00:53:27.0502 4220 adpu160m - ok
00:53:27.0542 4220 [ F13D8E7E1FAA31019C25EB17B5FB2662 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
00:53:27.0542 4220 aeaudio - ok
00:53:27.0562 4220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:53:27.0572 4220 aec - ok
00:53:27.0592 4220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:53:27.0602 4220 AFD - ok
00:53:27.0652 4220 [ 029E01CB2938BEC5AF31BF47B6AF0159 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
00:53:27.0682 4220 AgereSoftModem - ok
00:53:27.0682 4220 Aha154x - ok
00:53:27.0692 4220 aic78u2 - ok
00:53:27.0702 4220 aic78xx - ok
00:53:27.0752 4220 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:53:27.0752 4220 Alerter - ok
00:53:27.0762 4220 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
00:53:27.0762 4220 ALG - ok
00:53:27.0773 4220 AliIde - ok
00:53:27.0783 4220 amsint - ok
00:53:27.0893 4220 [ FB32F046A2578755FA0DA5052C6A9CD3 ] Apache2.2 C:\DATA\xampplite\apache\bin\httpd.exe
00:53:27.0903 4220 Apache2.2 - ok
00:53:27.0943 4220 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:53:27.0943 4220 AppMgmt - ok
00:53:27.0983 4220 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:53:27.0983 4220 Arp1394 - ok
00:53:27.0993 4220 asc - ok
00:53:28.0003 4220 asc3350p - ok
00:53:28.0013 4220 asc3550 - ok
00:53:28.0053 4220 [ 54AB078660E536DA72B21A27F56B035B ] ASPI32 C:\WINDOWS\system32\drivers\aspi32.sys
00:53:28.0053 4220 ASPI32 - ok
00:53:28.0123 4220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:53:28.0123 4220 aspnet_state - ok
00:53:28.0153 4220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:53:28.0153 4220 AsyncMac - ok
00:53:28.0183 4220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:53:28.0183 4220 atapi - ok
00:53:28.0183 4220 Atdisk - ok
00:53:28.0263 4220 [ 2C450E1E3442F3B776B301A67E8C47F0 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
00:53:28.0263 4220 Ati HotKey Poller - ok
00:53:28.0343 4220 [ B8142104502F794689C1C0BCBFB53B98 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:53:28.0373 4220 ati2mtag - ok
00:53:28.0403 4220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:53:28.0403 4220 Atmarpc - ok
00:53:28.0443 4220 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:53:28.0443 4220 AudioSrv - ok
00:53:28.0474 4220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:53:28.0474 4220 audstub - ok
00:53:28.0504 4220 [ AA5874F64D6F2FFAFA8C5FBC202CE6EF ] AVMDSLPPPOE C:\WINDOWS\system32\DRIVERS\avmdsloe.sys
00:53:28.0504 4220 AVMDSLPPPOE - ok
00:53:28.0514 4220 [ 140BA5BF4666C27C15368CCE9DF54A93 ] AVMNDSL C:\WINDOWS\system32\DRIVERS\avmndsl.sys
00:53:28.0514 4220 AVMNDSL - ok
00:53:28.0554 4220 [ C997AF59C54D69232FB7BBEA4DAD86E2 ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
00:53:28.0554 4220 AVMWAN - ok
00:53:28.0584 4220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:53:28.0584 4220 Beep - ok
00:53:28.0624 4220 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
00:53:28.0634 4220 BITS - ok
00:53:28.0664 4220 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
00:53:28.0664 4220 Brother XP spl Service - ok
00:53:28.0704 4220 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
00:53:28.0704 4220 Browser - ok
00:53:28.0734 4220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:53:28.0734 4220 cbidf2k - ok
00:53:28.0774 4220 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:53:28.0774 4220 CCDECODE - ok
00:53:28.0784 4220 cd20xrnt - ok
00:53:28.0814 4220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:53:28.0814 4220 Cdaudio - ok
00:53:28.0844 4220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:53:28.0844 4220 Cdfs - ok
00:53:28.0884 4220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:53:28.0884 4220 Cdrom - ok
00:53:28.0974 4220 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
00:53:28.0974 4220 CFSvcs - ok
00:53:28.0984 4220 Changer - ok
00:53:29.0024 4220 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:53:29.0024 4220 CiSvc - ok
00:53:29.0034 4220 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:53:29.0044 4220 ClipSrv - ok
00:53:29.0074 4220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:53:29.0074 4220 clr_optimization_v2.0.50727_32 - ok
00:53:29.0134 4220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:53:29.0175 4220 clr_optimization_v4.0.30319_32 - ok
00:53:29.0185 4220 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:53:29.0185 4220 CmBatt - ok
00:53:29.0195 4220 CmdIde - ok
00:53:29.0225 4220 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:53:29.0225 4220 Compbatt - ok
00:53:29.0225 4220 COMSysApp - ok
00:53:29.0245 4220 Cpqarray - ok
00:53:29.0315 4220 cpuz135 - ok
00:53:29.0355 4220 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:53:29.0355 4220 CryptSvc - ok
00:53:29.0405 4220 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
00:53:29.0415 4220 ctxusbm - ok
00:53:29.0435 4220 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
00:53:29.0445 4220 CVirtA - ok
00:53:29.0545 4220 [ 2FE4DBE1DA7CD0DA86F77C554934BC22 ] CVPND C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
00:53:29.0575 4220 CVPND - ok
00:53:29.0615 4220 [ CED30BC5A19EF02099C9A92F1D148272 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
00:53:29.0625 4220 CVPNDRVA - ok
00:53:29.0635 4220 dac2w2k - ok
00:53:29.0635 4220 dac960nt - ok
00:53:29.0675 4220 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:53:29.0685 4220 DcomLaunch - ok
00:53:29.0735 4220 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:53:29.0735 4220 Dhcp - ok
00:53:29.0765 4220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:53:29.0765 4220 Disk - ok
00:53:29.0775 4220 dmadmin - ok
00:53:29.0825 4220 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:53:29.0845 4220 dmboot - ok
00:53:29.0876 4220 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:53:29.0876 4220 dmio - ok
00:53:29.0916 4220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:53:29.0916 4220 dmload - ok
00:53:29.0966 4220 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:53:29.0966 4220 dmserver - ok
00:53:29.0986 4220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:53:29.0986 4220 DMusic - ok
00:53:30.0016 4220 [ C86FBF607445BF693450D84B775F168C ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
00:53:30.0016 4220 DNE - ok
00:53:30.0056 4220 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:53:30.0066 4220 Dnscache - ok
00:53:30.0116 4220 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:53:30.0116 4220 Dot3svc - ok
00:53:30.0126 4220 dpti2o - ok
00:53:30.0136 4220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:53:30.0146 4220 drmkaud - ok
00:53:30.0176 4220 [ 73623D89FAEF4D1AA600EDEE8B490BC5 ] drvmcdb C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:53:30.0186 4220 drvmcdb - ok
00:53:30.0196 4220 [ 2AEEE1600D0F14BA535F90A1F4411B54 ] drvnddm C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:53:30.0196 4220 drvnddm - ok
00:53:30.0226 4220 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:53:30.0226 4220 EapHost - ok
00:53:30.0276 4220 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:53:30.0276 4220 ERSvc - ok
00:53:30.0356 4220 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
00:53:30.0356 4220 Eventlog - ok
00:53:30.0396 4220 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
00:53:30.0406 4220 EventSystem - ok
00:53:30.0516 4220 [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng C:\Programme\Intel\WiFi\bin\EvtEng.exe
00:53:30.0536 4220 EvtEng - ok
00:53:30.0567 4220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:53:30.0577 4220 Fastfat - ok
00:53:30.0607 4220 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:53:30.0607 4220 FastUserSwitchingCompatibility - ok
00:53:30.0667 4220 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
00:53:30.0667 4220 Fax - ok
00:53:30.0697 4220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:53:30.0697 4220 Fdc - ok
00:53:30.0737 4220 [ B4EFD65E8958487241ED8C3840AD7C16 ] FDLUBASE C:\WINDOWS\system32\DRIVERS\fdlubase.sys
00:53:30.0747 4220 FDLUBASE - ok
00:53:30.0767 4220 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:53:30.0767 4220 Fips - ok
00:53:30.0777 4220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:53:30.0777 4220 Flpydisk - ok
00:53:30.0817 4220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:53:30.0817 4220 FltMgr - ok
00:53:30.0887 4220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:53:30.0887 4220 FontCache3.0.0.0 - ok
00:53:30.0937 4220 [ A28343D9EAD5556F0456B3F527B3B272 ] fpcmbase C:\WINDOWS\system32\DRIVERS\fpcmbase.sys
00:53:30.0947 4220 fpcmbase - ok
00:53:30.0977 4220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:53:30.0977 4220 Fs_Rec - ok
00:53:30.0997 4220 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:53:30.0997 4220 Ftdisk - ok
00:53:31.0037 4220 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:53:31.0037 4220 GEARAspiWDM - ok
00:53:31.0087 4220 [ 78494AE0F93358179B97571B9E76997C ] getPlus(R) Helper C:\Programme\NOS\bin\getPlus_HelperSvc.exe
00:53:31.0087 4220 getPlus(R) Helper - ok
00:53:31.0127 4220 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
00:53:31.0127 4220 giveio - ok
00:53:31.0167 4220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:53:31.0167 4220 Gpc - ok
00:53:31.0227 4220 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
00:53:31.0227 4220 grmnusb - ok
00:53:31.0248 4220 [ 7EC972B420512AAE9400771EFF72FEA7 ] hcmon C:\WINDOWS\system32\Drivers\hcmon.sys
00:53:31.0248 4220 hcmon - ok
00:53:31.0438 4220 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:53:31.0438 4220 helpsvc - ok
00:53:31.0448 4220 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:53:31.0448 4220 HidUsb - ok
00:53:31.0508 4220 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:53:31.0508 4220 hkmsvc - ok
00:53:31.0518 4220 hpn - ok
00:53:31.0558 4220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:53:31.0558 4220 HTTP - ok
00:53:31.0608 4220 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:53:31.0608 4220 HTTPFilter - ok
00:53:31.0638 4220 [ 93E5D34D95FF9011BEED886E3627F442 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
00:53:31.0648 4220 hwdatacard - ok
00:53:31.0658 4220 i2omgmt - ok
00:53:31.0668 4220 i2omp - ok
00:53:31.0678 4220 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:53:31.0678 4220 i8042prt - ok
00:53:31.0758 4220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:53:31.0768 4220 idsvc - ok
00:53:31.0798 4220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:53:31.0808 4220 Imapi - ok
00:53:31.0838 4220 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
00:53:31.0838 4220 ImapiService - ok
00:53:31.0848 4220 ini910u - ok
00:53:31.0878 4220 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:53:31.0878 4220 IntelIde - ok
00:53:31.0928 4220 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:53:31.0928 4220 intelppm - ok
00:53:31.0949 4220 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:53:31.0949 4220 Ip6Fw - ok
00:53:31.0979 4220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:53:31.0979 4220 IpFilterDriver - ok
00:53:31.0999 4220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:53:31.0999 4220 IpInIp - ok
00:53:32.0019 4220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:53:32.0029 4220 IpNat - ok
00:53:32.0049 4220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:53:32.0049 4220 IPSec - ok
00:53:32.0069 4220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:53:32.0069 4220 IRENUM - ok
00:53:32.0099 4220 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:53:32.0099 4220 isapnp - ok
00:53:32.0179 4220 [ 77AC10DB097DFD0CD3071465B644D0AB ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
00:53:32.0179 4220 JavaQuickStarterService - ok
00:53:32.0199 4220 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:53:32.0199 4220 Kbdclass - ok
00:53:32.0219 4220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:53:32.0219 4220 kmixer - ok
00:53:32.0239 4220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:53:32.0239 4220 KSecDD - ok
00:53:32.0269 4220 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:53:32.0279 4220 lanmanserver - ok
00:53:32.0329 4220 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:53:32.0329 4220 lanmanworkstation - ok
00:53:32.0599 4220 [ 445C9F99CE692AC3D5C2E95E96AB964B ] Lavasoft Ad-Aware Service C:\Programme\VS\Ad-Awarel\Ad-Aware\AAWService.exe
00:53:32.0629 4220 Lavasoft Ad-Aware Service - ok
00:53:32.0650 4220 [ 0BD6D3F477DF86420DE942A741DABE37 ] Lavasoft Kernexplorer C:\Programme\VS\Ad-Awarel\Ad-Aware\KernExplorer.sys
00:53:32.0650 4220 Lavasoft Kernexplorer - ok
00:53:32.0650 4220 lbrtfdc - ok
00:53:32.0690 4220 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:53:32.0690 4220 LmHosts - ok
00:53:32.0720 4220 [ 09721F2C56681A83C93ECDFAB8B102A9 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
00:53:32.0720 4220 massfilter - ok
00:53:32.0730 4220 MaxBackServiceInt - ok
00:53:32.0730 4220 mcdbus - ok
00:53:32.0820 4220 [ D0E4346A9623293F7B2E704CF33EFB1B ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
00:53:32.0830 4220 MDM - ok
00:53:32.0850 4220 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:53:32.0850 4220 Messenger - ok
00:53:32.0870 4220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:53:32.0880 4220 mnmdd - ok
00:53:32.0900 4220 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:53:32.0910 4220 mnmsrvc - ok
00:53:32.0940 4220 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:53:32.0940 4220 Modem - ok
00:53:32.0960 4220 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:53:32.0960 4220 Mouclass - ok
00:53:33.0010 4220 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:53:33.0010 4220 mouhid - ok
00:53:33.0040 4220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:53:33.0040 4220 MountMgr - ok
00:53:33.0090 4220 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
00:53:33.0100 4220 MozillaMaintenance - ok
00:53:33.0120 4220 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:53:33.0120 4220 MpFilter - ok
00:53:33.0280 4220 [ A69630D039C38018689190234F866D77 ] MpKslf9cb2102 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{923F99BD-0C81-44C7-B3F4-5C68AE0C4EA7}\MpKslf9cb2102.sys
00:53:33.0290 4220 MpKslf9cb2102 - ok
00:53:33.0290 4220 mraid35x - ok
00:53:33.0331 4220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:53:33.0341 4220 MRxDAV - ok
00:53:33.0461 4220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:53:33.0471 4220 MRxSmb - ok
00:53:33.0541 4220 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:53:33.0541 4220 MSDTC - ok
00:53:33.0561 4220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:53:33.0561 4220 Msfs - ok
00:53:33.0571 4220 MSIServer - ok
00:53:33.0601 4220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:53:33.0601 4220 MSKSSRV - ok
00:53:33.0651 4220 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
00:53:33.0651 4220 MsMpSvc - ok
00:53:33.0661 4220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:53:33.0661 4220 MSPCLOCK - ok
00:53:33.0681 4220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:53:33.0681 4220 MSPQM - ok
00:53:33.0691 4220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:53:33.0691 4220 mssmbios - ok
00:53:33.0731 4220 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:53:33.0731 4220 MSTEE - ok
00:53:33.0781 4220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:53:33.0781 4220 Mup - ok
00:53:33.0821 4220 [ C29F284FF7AB4ED38CE419A9424E52A2 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
00:53:33.0831 4220 MXOPSWD - ok
00:53:33.0831 4220 MySql - ok
00:53:33.0851 4220 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:53:33.0861 4220 NABTSFEC - ok
00:53:33.0911 4220 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
00:53:33.0921 4220 napagent - ok
00:53:33.0951 4220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:53:33.0951 4220 NDIS - ok
00:53:33.0981 4220 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:53:33.0981 4220 NdisIP - ok
00:53:34.0021 4220 [ E94265636D893314463CB650E43C3EB5 ] Ndisprot C:\WINDOWS\system32\DRIVERS\ndisprot.sys
00:53:34.0021 4220 Ndisprot - ok
00:53:34.0062 4220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:53:34.0062 4220 NdisTapi - ok
00:53:34.0082 4220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:53:34.0082 4220 Ndisuio - ok
00:53:34.0102 4220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:53:34.0102 4220 NdisWan - ok
00:53:34.0142 4220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:53:34.0142 4220 NDProxy - ok
00:53:34.0162 4220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:53:34.0162 4220 NetBIOS - ok
00:53:34.0192 4220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:53:34.0192 4220 NetBT - ok
00:53:34.0232 4220 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
00:53:34.0232 4220 NetDDE - ok
00:53:34.0242 4220 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:53:34.0242 4220 NetDDEdsdm - ok
00:53:34.0292 4220 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
00:53:34.0292 4220 Netdevio - ok
00:53:34.0302 4220 NETFWDSL - ok
00:53:34.0352 4220 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:53:34.0352 4220 Netlogon - ok
00:53:34.0412 4220 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
00:53:34.0422 4220 Netman - ok
00:53:34.0502 4220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:53:34.0502 4220 NetTcpPortSharing - ok
00:53:34.0542 4220 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:53:34.0542 4220 NIC1394 - ok
00:53:34.0592 4220 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
00:53:34.0602 4220 Nla - ok
00:53:34.0632 4220 [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
00:53:34.0632 4220 nmwcd - ok
00:53:34.0642 4220 [ FD3E61831095AC62E6840D986B5A2016 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
00:53:34.0642 4220 nmwcdc - ok
00:53:34.0672 4220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:53:34.0682 4220 Npfs - ok
00:53:34.0753 4220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:53:34.0763 4220 Ntfs - ok
00:53:34.0773 4220 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:53:34.0773 4220 NtLmSsp - ok
00:53:34.0813 4220 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:53:34.0823 4220 NtmsSvc - ok
00:53:34.0853 4220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:53:34.0853 4220 Null - ok
00:53:34.0873 4220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:53:34.0873 4220 NwlnkFlt - ok
00:53:34.0893 4220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:53:34.0893 4220 NwlnkFwd - ok
00:53:34.0903 4220 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:53:34.0903 4220 ohci1394 - ok
00:53:34.0933 4220 [ 22252F794AF1FA0914699E16526E21C4 ] oodisr C:\WINDOWS\system32\DRIVERS\oodisr.sys
00:53:34.0933 4220 oodisr - ok
00:53:34.0943 4220 [ BF2CCA7A26BAC0ED75D774A5512AC5C8 ] oodisrh C:\WINDOWS\system32\DRIVERS\oodisrh.sys
00:53:34.0943 4220 oodisrh - ok
00:53:34.0993 4220 [ 4033FFA271823CCB3DD219E7C2D6F46B ] OpenVPNService C:\Programme\OpenVPN\bin\openvpnserv.exe
00:53:34.0993 4220 OpenVPNService - ok
00:53:35.0013 4220 [ 803CF09C795290825607505D37819135 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
00:53:35.0023 4220 PalmUSBD - ok
00:53:35.0033 4220 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
00:53:35.0033 4220 Parport - ok
00:53:35.0043 4220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:53:35.0043 4220 PartMgr - ok
00:53:35.0083 4220 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:53:35.0083 4220 ParVdm - ok
00:53:35.0143 4220 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
00:53:35.0143 4220 pccsmcfd - ok
00:53:35.0153 4220 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:53:35.0153 4220 PCI - ok
00:53:35.0153 4220 PCIDump - ok
00:53:35.0173 4220 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:53:35.0173 4220 PCIIde - ok
00:53:35.0193 4220 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:53:35.0193 4220 Pcmcia - ok
00:53:35.0203 4220 PDCOMP - ok
00:53:35.0213 4220 PDFRAME - ok
00:53:35.0223 4220 PDRELI - ok
00:53:35.0223 4220 PDRFRAME - ok
00:53:35.0233 4220 perc2 - ok
00:53:35.0243 4220 perc2hib - ok
00:53:35.0303 4220 [ A60E4B298B4AF1C7B052C1D5286406AE ] PL2501NW C:\WINDOWS\system32\DRIVERS\PL2501NW.sys
00:53:35.0313 4220 PL2501NW - ok
00:53:35.0353 4220 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
00:53:35.0353 4220 PlugPlay - ok
00:53:35.0383 4220 [ 46329BFF07991DC6675834DC84750BEC ] PLUsbbc2 C:\WINDOWS\system32\Drivers\usbbc2.sys
00:53:35.0383 4220 PLUsbbc2 - ok
00:53:35.0413 4220 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:53:35.0413 4220 PolicyAgent - ok
00:53:35.0434 4220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:53:35.0434 4220 PptpMiniport - ok
00:53:35.0444 4220 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:53:35.0444 4220 ProtectedStorage - ok
00:53:35.0474 4220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:53:35.0474 4220 PSched - ok
00:53:35.0514 4220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:53:35.0514 4220 Ptilink - ok
00:53:35.0574 4220 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:53:35.0574 4220 PxHelp20 - ok
00:53:35.0584 4220 ql1080 - ok
00:53:35.0594 4220 Ql10wnt - ok
00:53:35.0604 4220 ql12160 - ok
00:53:35.0604 4220 ql1240 - ok
00:53:35.0614 4220 ql1280 - ok
00:53:35.0644 4220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:53:35.0644 4220 RasAcd - ok
00:53:35.0664 4220 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:53:35.0674 4220 RasAuto - ok
00:53:35.0684 4220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:53:35.0684 4220 Rasl2tp - ok
00:53:35.0734 4220 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:53:35.0734 4220 RasMan - ok
00:53:35.0754 4220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:53:35.0754 4220 RasPppoe - ok
00:53:35.0774 4220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:53:35.0784 4220 Raspti - ok
00:53:35.0824 4220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:53:35.0824 4220 Rdbss - ok
00:53:35.0874 4220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:53:35.0874 4220 RDPCDD - ok
00:53:35.0914 4220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:53:35.0924 4220 RDPWD - ok
00:53:35.0954 4220 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:53:35.0954 4220 RDSessMgr - ok
00:53:35.0994 4220 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:53:35.0994 4220 redbook - ok
00:53:36.0054 4220 [ C96980CCCF84329824623B0B50383703 ] RegSrvc C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
00:53:36.0064 4220 RegSrvc - ok
00:53:36.0104 4220 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:53:36.0104 4220 RemoteAccess - ok
00:53:36.0125 4220 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
00:53:36.0125 4220 RpcLocator - ok
00:53:36.0165 4220 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:53:36.0165 4220 RpcSs - ok
00:53:36.0205 4220 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:53:36.0205 4220 RSVP - ok
00:53:36.0275 4220 [ 0FCB7EEB0E81A777735A5AF185F56C2B ] S24EventMonitor C:\Programme\Intel\WiFi\bin\S24EvMon.exe
00:53:36.0305 4220 S24EventMonitor - ok
00:53:36.0375 4220 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
00:53:36.0375 4220 s24trans - ok
00:53:36.0425 4220 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
00:53:36.0425 4220 SamSs - ok
00:53:36.0565 4220 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:53:36.0565 4220 SCardSvr - ok
00:53:36.0595 4220 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:53:36.0605 4220 Schedule - ok
00:53:36.0625 4220 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:53:36.0625 4220 sdbus - ok
00:53:36.0655 4220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:53:36.0655 4220 Secdrv - ok
00:53:36.0675 4220 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
00:53:36.0675 4220 seclogon - ok
00:53:36.0695 4220 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
00:53:36.0705 4220 SENS - ok
00:53:36.0715 4220 Ser2pl - ok
00:53:36.0725 4220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:53:36.0735 4220 Serenum - ok
00:53:36.0755 4220 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
00:53:36.0755 4220 Serial - ok
00:53:36.0836 4220 [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
00:53:36.0846 4220 ServiceLayer - ok
00:53:36.0886 4220 [ 0FA803C64DF0914B41F807EA276BF2A6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
00:53:36.0886 4220 sffdisk - ok
00:53:36.0896 4220 [ C17C331E435ED8737525C86A7557B3AC ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
00:53:36.0896 4220 sffp_sd - ok
00:53:36.0966 4220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
00:53:36.0966 4220 Sfloppy - ok
00:53:37.0006 4220 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:53:37.0016 4220 SharedAccess - ok
00:53:37.0046 4220 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:53:37.0046 4220 ShellHWDetection - ok
00:53:37.0056 4220 Simbad - ok
00:53:37.0146 4220 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
00:53:37.0146 4220 SkypeUpdate - ok
00:53:37.0186 4220 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:53:37.0186 4220 SLIP - ok
00:53:37.0226 4220 [ AB40574F179B60BE08FE87DF70ECF9EB ] SMA_USBBus C:\WINDOWS\system32\DRIVERS\FTD2XX.sys
00:53:37.0226 4220 SMA_USBBus - ok
00:53:37.0276 4220 [ 014AB093E6452EA88031BB6E22919BB5 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
00:53:37.0286 4220 smwdm - ok
00:53:37.0336 4220 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\WINDOWS\system32\DRIVERS\Soluto.sys
00:53:37.0336 4220 Soluto - ok
00:53:37.0416 4220 [ B1F72D3760B3C8E3BA4B411E2E48C7FD ] SolutoService C:\Programme\Soluto\SolutoService.exe
00:53:37.0426 4220 SolutoService - ok
00:53:37.0476 4220 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
00:53:37.0476 4220 SoundMAX Agent Service (default) - ok
00:53:37.0486 4220 Sparrow - ok
00:53:37.0527 4220 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
00:53:37.0527 4220 speedfan - ok
00:53:37.0557 4220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:53:37.0557 4220 splitter - ok
00:53:37.0587 4220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:53:37.0587 4220 Spooler - ok
00:53:37.0607 4220 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:53:37.0607 4220 sr - ok
00:53:37.0637 4220 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
00:53:37.0647 4220 srservice - ok
00:53:37.0687 4220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:53:37.0697 4220 Srv - ok
00:53:37.0727 4220 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:53:37.0727 4220 SSDPSRV - ok
00:53:37.0767 4220 [ 5EC550B8952882EE856B862CF648522D ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:53:37.0767 4220 ssmdrv - ok
00:53:37.0817 4220 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:53:37.0827 4220 stisvc - ok
00:53:37.0847 4220 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:53:37.0847 4220 streamip - ok
00:53:37.0867 4220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:53:37.0867 4220 swenum - ok
00:53:37.0897 4220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:53:37.0907 4220 swmidi - ok
00:53:37.0907 4220 SwPrv - ok
00:53:37.0917 4220 symc810 - ok
00:53:37.0927 4220 symc8xx - ok
00:53:37.0937 4220 SYMIDSCO - ok
00:53:37.0947 4220 sym_hi - ok
00:53:37.0957 4220 sym_u3 - ok
00:53:37.0997 4220 [ F6770219B73BD989D5613D2E9C78A227 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:53:37.0997 4220 SynTP - ok
00:53:38.0017 4220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:53:38.0017 4220 sysaudio - ok
00:53:38.0047 4220 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:53:38.0047 4220 SysmonLog - ok
00:53:38.0077 4220 [ 846B7C0E3F6370CDCCE157A5B36E70CD ] tap0801 C:\WINDOWS\system32\DRIVERS\tap0801.sys
00:53:38.0077 4220 tap0801 - ok
00:53:38.0107 4220 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:53:38.0117 4220 TapiSrv - ok
00:53:38.0167 4220 [ BAC31DEB0B3150B617322E06B174A227 ] TAPPSRV C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
00:53:38.0167 4220 TAPPSRV - ok
00:53:38.0208 4220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:53:38.0218 4220 Tcpip - ok
00:53:38.0258 4220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:53:38.0258 4220 TDPIPE - ok
00:53:38.0318 4220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:53:38.0318 4220 TDTCP - ok
00:53:38.0348 4220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:53:38.0348 4220 TermDD - ok
00:53:38.0378 4220 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
00:53:38.0378 4220 TermService - ok
00:53:38.0458 4220 [ 8F14DE79EBE73D6D717B8455E64DDA86 ] TGCM_ImportWiFiSvc C:\Programme\DSL\O2\Mobile Connection Manager\ImpWiFiSvc.exe
00:53:38.0458 4220 TGCM_ImportWiFiSvc - ok
00:53:38.0478 4220 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
00:53:38.0488 4220 Themes - ok
00:53:38.0518 4220 [ E27982D1C30AE1DD7EB8EB5CAF8D20C6 ] tidnet C:\WINDOWS\system32\DRIVERS\tidnet.sys
00:53:38.0518 4220 tidnet - ok
00:53:38.0548 4220 [ 046EA1353DD599DAC9ABDCD13504B06C ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
00:53:38.0558 4220 tifm21 - ok
00:53:38.0568 4220 TosIde - ok
00:53:38.0598 4220 [ E46FB54BE8A2A395FE96633B838BAAFE ] tosporte C:\WINDOWS\system32\DRIVERS\tosporte.sys
00:53:38.0608 4220 tosporte - ok
00:53:38.0628 4220 [ 1D4F013B80787FB4DD2A8C5179D6EB4D ] Tosrfbd C:\WINDOWS\system32\Drivers\tosrfbd.sys
00:53:38.0628 4220 Tosrfbd - ok
00:53:38.0648 4220 [ D185BE751021BCF1E5D58566D408314A ] Tosrfcom C:\WINDOWS\system32\Drivers\tosrfcom.sys
00:53:38.0648 4220 Tosrfcom - ok
00:53:38.0668 4220 [ 7D80888ABA0B6127AC298EFA48BEF058 ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
00:53:38.0668 4220 tosrfec - ok
00:53:38.0688 4220 [ 37BCBCCC4A71ABBEAEE90FD25E1132B2 ] Tosrfhid C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
00:53:38.0698 4220 Tosrfhid - ok
00:53:38.0708 4220 [ DDB8A339E57D514768F45D33B11BDB50 ] Tosrfusb C:\WINDOWS\system32\Drivers\tosrfusb.sys
00:53:38.0708 4220 Tosrfusb - ok
00:53:38.0748 4220 [ A00DBB3CCF4E0821DD531DB8746A1374 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
00:53:38.0758 4220 TPkd - ok
00:53:38.0798 4220 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:53:38.0798 4220 TrkWks - ok
00:53:38.0828 4220 [ C51BFED6C2D9D6512E346F25D92AD8D9 ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
00:53:38.0828 4220 TVALD - ok
00:53:38.0858 4220 [ 29C1C3DF7C29490B504DA3E3B9099928 ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
00:53:38.0858 4220 Tvs - ok
00:53:38.0878 4220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:53:38.0878 4220 Udfs - ok
00:53:38.0939 4220 [ EC23505F255D0DA9230A3237EF5839AD ] UI Assistant Service C:\Programme\DSL\O2N\Mobile Partner Manager\AssistantServices.exe
00:53:38.0939 4220 UI Assistant Service - ok
00:53:38.0969 4220 [ 5FB478418159A3EAAB62DC10169A58D6 ] uiwbrdr C:\WINDOWS\system32\DRIVERS\uiwbrdr.sys
00:53:38.0969 4220 uiwbrdr - ok
00:53:38.0979 4220 ultra - ok
00:53:39.0019 4220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:53:39.0029 4220 Update - ok
00:53:39.0049 4220 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:53:39.0059 4220 upnphost - ok
00:53:39.0079 4220 [ 587E643A4E2FFD9A00F114B057CEB773 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
00:53:39.0089 4220 upperdev - ok
00:53:39.0099 4220 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
00:53:39.0099 4220 UPS - ok
00:53:39.0109 4220 USBAAPL - ok
00:53:39.0159 4220 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
00:53:39.0159 4220 usbaudio - ok
00:53:39.0189 4220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:53:39.0189 4220 usbccgp - ok
00:53:39.0209 4220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:53:39.0209 4220 usbehci - ok
00:53:39.0239 4220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:53:39.0239 4220 usbhub - ok
00:53:39.0259 4220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:53:39.0269 4220 usbprint - ok
00:53:39.0339 4220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:53:39.0339 4220 usbscan - ok
00:53:39.0359 4220 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
00:53:39.0369 4220 usbser - ok
00:53:39.0429 4220 [ FCA6A196D47CB972A0E4ADC0DB9CD17C ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
00:53:39.0429 4220 UsbserFilt - ok
00:53:39.0489 4220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:53:39.0489 4220 USBSTOR - ok
00:53:39.0529 4220 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:53:39.0529 4220 usbuhci - ok
00:53:39.0549 4220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:53:39.0549 4220 VgaSave - ok
00:53:39.0559 4220 ViaIde - ok
00:53:39.0590 4220 [ DDFAE4CD1AA091014B9B586060B5F0BB ] VMnetAdapter C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
00:53:39.0590 4220 VMnetAdapter - ok
00:53:39.0610 4220 [ D6893B88BA969869EA9CB7DC362E6438 ] VMnetDHCP C:\WINDOWS\system32\vmnetdhcp.exe
00:53:39.0610 4220 VMnetDHCP - ok
00:53:39.0630 4220 [ 61D8DAA54FA9CDABFF50BF5E32CB0BD5 ] VMnetuserif C:\WINDOWS\system32\drivers\vmnetuserif.sys
00:53:39.0630 4220 VMnetuserif - ok
00:53:39.0660 4220 [ EB0D72844DA3AED09870C1BE90C9342F ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
00:53:39.0660 4220 VMware NAT Service - ok
00:53:39.0680 4220 [ 7141D5B64207B0E21EE6E8D43FC7370B ] vmx86 C:\WINDOWS\system32\Drivers\vmx86.sys
00:53:39.0690 4220 vmx86 - ok
00:53:39.0720 4220 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:53:39.0720 4220 VolSnap - ok
00:53:39.0770 4220 [ D658E49302C382B88C8E9A08E20B2E82 ] vsdatant C:\WINDOWS\system32\vsdatant.sys
00:53:39.0780 4220 vsdatant - ok
00:53:39.0810 4220 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
00:53:39.0820 4220 VSS - ok
00:53:39.0940 4220 [ F0608F3B5B6D16F4870E867F9D069B6B ] w29n51 C:\WINDOWS\system32\DRIVERS\w29n51.sys
00:53:39.0980 4220 w29n51 - ok
00:53:40.0030 4220 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
00:53:40.0040 4220 W32Time - ok
00:53:40.0070 4220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:53:40.0070 4220 Wanarp - ok
00:53:40.0130 4220 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:53:40.0150 4220 Wdf01000 - ok
00:53:40.0150 4220 WDICA - ok
00:53:40.0180 4220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:53:40.0180 4220 wdmaud - ok
00:53:40.0210 4220 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:53:40.0210 4220 WebClient - ok
00:53:40.0280 4220 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\WINDOWS\system32\drivers\windrvr6.sys
00:53:40.0291 4220 WinDriver6 - ok
00:53:40.0411 4220 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:53:40.0421 4220 winmgmt - ok
00:53:40.0501 4220 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:53:40.0501 4220 WmdmPmSN - ok
00:53:40.0531 4220 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:53:40.0531 4220 WmiApSrv - ok
00:53:40.0651 4220 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:53:40.0671 4220 WPFFontCache_v0400 - ok
00:53:40.0701 4220 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:53:40.0701 4220 WS2IFSL - ok
00:53:40.0751 4220 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:53:40.0751 4220 wscsvc - ok
00:53:40.0771 4220 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:53:40.0771 4220 WSTCODEC - ok
00:53:40.0791 4220 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:53:40.0801 4220 wuauserv - ok
00:53:40.0831 4220 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:53:40.0831 4220 WudfPf - ok
00:53:40.0871 4220 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:53:40.0871 4220 WudfRd - ok
00:53:40.0891 4220 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:53:40.0891 4220 WudfSvc - ok
00:53:40.0941 4220 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:53:40.0951 4220 WZCSVC - ok
00:53:40.0982 4220 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:53:40.0992 4220 xmlprov - ok
00:53:41.0032 4220 [ E279C4E1287751DFFA0A1F3EC4097491 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
00:53:41.0042 4220 yukonwxp - ok
00:53:41.0062 4220 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
00:53:41.0062 4220 ZTEusbmdm6k - ok
00:53:41.0092 4220 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
00:53:41.0092 4220 ZTEusbnmea - ok
00:53:41.0112 4220 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
00:53:41.0112 4220 ZTEusbser6k - ok
00:53:41.0182 4220 ================ Scan global ===============================
00:53:41.0232 4220 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
00:53:41.0272 4220 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
00:53:41.0302 4220 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
00:53:41.0342 4220 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
00:53:41.0342 4220 [Global] - ok
00:53:41.0342 4220 ================ Scan MBR ==================================
00:53:41.0382 4220 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
00:53:41.0683 4220 \Device\Harddisk0\DR0 - ok
00:53:41.0693 4220 ================ Scan VBR ==================================
00:53:41.0693 4220 [ 3F3A1FEF40F76CD3DCC507E17D094CAE ] \Device\Harddisk0\DR0\Partition1
00:53:41.0693 4220 \Device\Harddisk0\DR0\Partition1 - ok
00:53:41.0703 4220 ============================================================
00:53:41.0703 4220 Scan finished
00:53:41.0703 4220 ============================================================
00:53:41.0713 0524 Detected object count: 0
00:53:41.0713 0524 Actual detected object count: 0
|
|
01.11.2012, 17:16
| #11 |
| /// TB-Ausbilder | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Servus, dann auf zum 2. Rechner.  Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2
Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Bitte poste mit deiner nächsten Antwort
|
|
01.11.2012, 18:14
| #12 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Hallo und danke das es weitergeht. Hierbei handelt es sich nämlich um mein beruflich genutztes Laptop mit dem ich beruflich bedingt auch in offenen Hotel WLANs unterwegs bin. Ich benutze den CCleaner schon jahrelang sporadisch und hatte noch nie Probelme damit, hab ihn jetzt aber sicherheitshalber deinstalliert. Code:
ATTFilter # AdwCleaner v2.006 - Datei am 01/11/2012 um 18:03:47 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Hans-Jürgen - ROSENLAP
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Hans-Jürgen\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\Hans-Jürgen\Anwendungsdaten\AD ON Multimedia
Ordner Gelöscht : C:\Dokumente und Einstellungen\SPRO-IT\Anwendungsdaten\Search Settings
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E908B145-C847-4E85-B315-07E2E70DECF8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Schlüssel Gelöscht : HKLM\Software\Dealio
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [2226 octets] - [01/11/2012 18:03:47]
########## EOF - C:\AdwCleaner[S1].txt - [2286 octets] ##########
Geändert von Eytsch (01.11.2012 um 18:22 Uhr) |
|
02.11.2012, 14:33
| #13 |
| /// TB-Ausbilder | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Servus, Wo genau fand MSE "Backdoor:Win32/Sdbot.gen"? Gib mir bitte den Pfad an. War es ComboFix.exe, das MSE hier bemängelte? Deaktiviere MSE bevor du ComboFix herunterladest. Viele AV Programme erkennen hier fälschlicherweise Malware bzw. blockieren ComboFix. |
|
02.11.2012, 17:52
| #14 |
| | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Okay danke, da hätte ich auch selbst drauf kommen können erst mal den Pfad zu überprüfen. Er findet das in der stinger.exe, die Dir sicher bekannt ist. Code:
ATTFilter ComboFix 12-10-31.03 - Hans-Jürgen 02.11.2012 17:21:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1374 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Hans-J³rgen\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\SPRO-IT\WINDOWS
c:\programme\Audio\Youripper\yoURipper.exe
c:\programme\msoffice
c:\programme\msoffice\Access_2003.exe
c:\programme\msoffice\Office 2007 Enterprise\_.md5
c:\programme\msoffice\Office 2007 Enterprise\Access.exe
c:\programme\msoffice\Office 2007 Enterprise\Clip Organizer.exe
c:\programme\msoffice\Office 2007 Enterprise\Excel.exe
c:\programme\msoffice\Office 2007 Enterprise\InfoPath.exe
c:\programme\msoffice\Office 2007 Enterprise\Loader.exe
c:\programme\msoffice\Office 2007 Enterprise\Office Diagnostics.exe
c:\programme\msoffice\Office 2007 Enterprise\OneNote.exe
c:\programme\msoffice\Office 2007 Enterprise\Outlook.exe
c:\programme\msoffice\Office 2007 Enterprise\Picture Manager.exe
c:\programme\msoffice\Office 2007 Enterprise\PowerPoint.exe
c:\programme\msoffice\Office 2007 Enterprise\Publisher.exe
c:\programme\msoffice\Office 2007 Enterprise\Word.exe
c:\programme\msoffice\PStart.exe
c:\programme\msoffice\PStart.xml
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET498.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-02 bis 2012-11-02 ))))))))))))))))))))))))))))))
.
.
2012-11-02 15:26 . 2012-11-02 15:26 29904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{2DD80612-3B01-424C-AAE0-67C291E375EC}\MpKsl446ca2fb.sys
2012-11-01 17:09 . 2012-11-01 17:09 29904 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{2DD80612-3B01-424C-AAE0-67C291E375EC}\MpKsl55879051.sys
2012-11-01 16:55 . 2012-10-12 05:56 6918632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{2DD80612-3B01-424C-AAE0-67C291E375EC}\mpengine.dll
2012-10-31 08:36 . 2012-10-12 05:56 6918632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-28 23:16 . 2012-10-28 23:16 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2012-10-28 23:16 . 2012-10-28 23:30 -------- d-----w- c:\dokumente und einstellungen\Hans-Jürgen\Lokale Einstellungen\Anwendungsdaten\NPE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 06:13 . 2012-08-31 14:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 06:13 . 2011-05-18 18:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2008-11-15 17:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 19:28 . 2012-09-10 15:37 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-30 20:03 . 2010-10-24 20:25 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:05 . 2005-08-17 12:30 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2005-08-17 12:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2005-08-17 12:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-08-17 12:29 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-08-17 12:30 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2005-08-17 12:30 2195200 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2004-08-04 00:50 2071936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-04-07 06:56 . 2009-04-07 06:56 3135488 ----a-w- c:\programme\Gemeinsame DateienDDBACSetup.msi
2008-10-08 10:18 . 2009-05-18 08:57 3125248 ----a-w- c:\programme\Gemeinsame Dateien\sapxlhelper.dll
2008-10-08 10:18 . 2009-05-18 08:57 192512 ----a-w- c:\programme\Gemeinsame Dateien\sapconsr3.dll
2008-10-08 10:18 . 2009-05-18 08:57 626688 ----a-w- c:\programme\Gemeinsame Dateien\sapconsaccess.dll
2008-10-08 10:18 . 2009-05-18 08:57 40960 ----a-w- c:\programme\Gemeinsame Dateien\DigitalSignature.ocx
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-11-01 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"Nokia.PCSync"="c:\programme\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-06-23 745472]
"Skype"="c:\programme\Skype\\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2005-08-03 266240]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"SoundMAXPnP"="c:\programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2005-07-06 356352]
"TFncKy"="TFncKy.exe" [BU]
"PadTouch"="c:\programme\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
"IntelZeroConfig"="c:\programme\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-01-11 246504]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\dokumente und einstellungen\Hans-Jürgen\Startmenü\Programme\Autostart\
Bginfo.lnk - c:\programme\Tools\BgInfo\Bginfo.exe [2009-3-1 845864]
del.bat [2009-5-11 42]
WinMySQLadmin.lnk - c:\xampplite\mysql\bin\winmysqladmin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Hans-Jürgen^Startmenü^Programme^Autostart^HotSync Manager.lnk]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Hans-Jürgen^Startmenü^Programme^Autostart^Monitor.lnk]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Hans-Jürgen^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Hans-Jürgen^Startmenü^Programme^Autostart^Scheduler.lnk]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Hans-Jürgen^Startmenü^Programme^Autostart^Sticky Notes.lnk]
path=c:\dokumente und einstellungen\Hans-Jürgen\Startmenü\Programme\Autostart\Sticky Notes.lnk
backup=c:\windows\pss\Sticky Notes.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWatch
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-04-12 22:24 88358 ----a-w- c:\windows\agrsmmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 15:24 304568 ----a-w- c:\programme\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 --sh--w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-04-21 09:46 98816 ----a-w- c:\programme\OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-05-13 09:01 118784 ----a-w- c:\programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2009-12-02 17:08 132096 ----a-w- c:\programme\DSL\O2N\Mobile Partner Manager\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\Programme\\Tools\\Viewer\\ProjectViewer\\PViewer\\jre\\launch4j-tmp\\VMStarter.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Gemeinsame Dateien\\XpressUpdate\\XPressUpdate.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programme\\Skype\\Teamviewer\\TeamViewer.exe"=
"c:\\Programme\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Programme\\Tools\\soapUI-3.0.1\\bin\\soapUI-3.0.1.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\DATA\\xampplite\\apache\\bin\\httpd.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programme\\Soluto\\SolutoCleanup.exe"=
"c:\\Programme\\Soluto\\Soluto.exe"=
"c:\\Programme\\Soluto\\SolutoService.exe"=
"c:\\Programme\\Soluto\\SolutoConsole.exe"=
"c:\\Programme\\Soluto\\SolutoUpdateService.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.0.101/255.255.255.255:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:192.168.0.101/255.255.255.255:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:192.168.0.101/255.255.255.255:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:192.168.0.101/255.255.255.255:Enabled:@xpsp2res.dll,-22002
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
.
R0 oodisr;O&O DiskImage Snapshot/Restore Driver;c:\windows\system32\drivers\oodisr.sys [27.08.2008 22:49 95752]
R0 oodisrh;oodisrh;c:\windows\system32\drivers\oodisrh.sys [27.08.2008 22:49 28680]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [10.09.2012 16:37 51144]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14.07.2010 11:51 65584]
R1 MpKsl446ca2fb;MpKsl446ca2fb;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{2DD80612-3B01-424C-AAE0-67C291E375EC}\MpKsl446ca2fb.sys [02.11.2012 16:26 29904]
R1 Ndisprot;GreenPacket NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [07.12.2010 16:56 21504]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [08.07.2010 12:41 26008]
R1 uiwbrdr;uiwbrdr;c:\windows\system32\drivers\uiwbrdr.SYS [06.04.2007 23:25 149120]
R2 Apache2.2;Apache2.2;c:\data\xampplite\apache\bin\httpd.exe [06.01.2010 16:47 29416]
R2 SolutoService;Soluto PCGenome Core Service;c:\programme\Soluto\SolutoService.exe [09.09.2012 20:34 606224]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\programme\DSL\O2\Mobile Connection Manager\ImpWiFiSvc.exe [02.08.2010 11:40 199600]
R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;c:\windows\system32\drivers\avmdsloe.sys [11.06.2003 01:00 39552]
R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmndsl.sys [11.06.2003 01:00 38992]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [04.10.2005 19:06 37568]
R3 cpuz135;cpuz135;\??\c:\tmp\cpuz135\cpuz135_x32.sys --> c:\tmp\cpuz135\cpuz135_x32.sys [?]
S2 XServer;XServer; [x]
S3 FDLUBASE;AVM FRITZ!Card DSL SL USB (WinXP/2000);c:\windows\system32\drivers\fdlubase.sys [11.06.2003 01:00 659200]
S3 fpcmbase;AVM ISDN-Controller FRITZ!Card PCMCIA;c:\windows\system32\drivers\fpcmbase.sys [04.10.2005 19:06 441728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\VS\Ad-Awarel\Ad-Aware\AAWService.exe [23.09.2010 08:46 1375992]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programme\VS\Ad-Awarel\Ad-Aware\kernexplorer.sys [23.09.2010 08:46 15264]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07.12.2010 16:56 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [25.04.2012 17:19 114144]
S3 NETFWDSL;AVM FRITZ!web DSL PPP; [x]
S3 PL2501NW;Hi-Speed USB-USB Network Adapter;c:\windows\system32\drivers\PL2501NW.sys [14.02.2009 15:41 11520]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [14.02.2009 15:41 7936]
S3 SAP DBTech-.M760018 (quick);SAP DBTech-.M760018 (quick); [x]
S3 SAP DBTech-.M760018 (slow);SAP DBTech-.M760018 (slow); [x]
S3 SAP DBTech-.M760018 (test);SAP DBTech-.M760018 (test); [x]
S3 SAP DBTech-.M760018;SAP DBTech-.M760018; [x]
S3 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S3 SMA_USBBus;SMA USB Serial Converter;c:\windows\system32\drivers\FTD2XX.sys [25.07.2007 06:42 29292]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.06.2004 02:54 23552]
S3 UI Assistant Service;UI Assistant Service;c:\programme\DSL\O2N\Mobile Partner Manager\AssistantServices.exe [07.12.2010 16:56 246272]
S4 SAPOsCol;SAPOsCol; [x]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL446CA2FB
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 10.218.10.254:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: Interfaces\{DEE1C0C0-9E59-4642-88E1-17E4283F7FB9}: NameServer = 192.168.0.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {62BA437C-7712-48C6-9F0B-D251FA43192B} - hxxp://www.sayatv.com/download/SayaTV.cab
FF - ProfilePath - c:\dokumente und einstellungen\Hans-Jürgen\Anwendungsdaten\Mozilla\Firefox\Profiles\o155kh93.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-09-01 09:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-MaxtorOneTouch - c:\programme\Maxtor\OneTouch\utils\Onetouch.exe
MSConfigStartUp-mxomssmenu - c:\programme\Maxtor\OneTouch Status\maxmenumgr.exe
MSConfigStartUp-Picasa Media Detector - c:\programme\Google\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-UVS10 Preload - c:\programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
AddRemove-CK Escape 1.2 - c:\windows\unin0407.exe
AddRemove-HBCIFM99 2.0 - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PC-Diagnose-Tool - c:\windows\IsUn0407.exe
AddRemove-Power Saver - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-02 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/xampplite/mysql/bin/mysqld.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/xampplite/mysql/bin/mysqld.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1622268329-556238574-513852099-1007\Identities\{DA9C26B9-D7BE-4C28-8029-74D6434A0366}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
@DACL=(02 0000)
@SACL=
"File0"="Schönwetter.htm"
"File1"="Natur.htm"
"File2"="Mais.htm"
"File3"="Sonnenblumen.htm"
"File4"="Zitrusmix.htm"
"File5"="Schlicht.htm"
"File6"="Blätter.htm"
.
[HKEY_USERS\S-1-5-21-1622268329-556238574-513852099-1007\Identities\{DA9C26B9-D7BE-4C28-8029-74D6434A0366}\Software\Microsoft\Outlook Express\5.0\Shared Settings]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-1622268329-556238574-513852099-1007\Software\Microsoft\MediaPlayer\Preferences\ProxySettings]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-1622268329-556238574-513852099-1007\Software\Sonic\RecordNow\Preference\Drives]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-1622268329-556238574-513852099-1007\Software\Sonic\RecordNow\Preference\MRUImages]
@DACL=(02 0000)
@SACL=
.
[HKEY_USERS\S-1-5-21-1622268329-556238574-513852099-1007\Software\Toshiba\BluetoothStack\V1.0\SDDB\COMMInfo]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\ATI-Treiber]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
.
[HKEY_LOCAL_MACHINE\software\TOSHIBA\Power Saver\Policies]
@DACL=(02 0000)
@SACL=
"MachinePolicies"=hex:01,00,00,00,04,00,00,00,04,00,00,00,04,00,00,00,04,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,02,00,00,00,\
"UserPolicies"=hex:01,00,00,00,00,00,00,00,03,00,00,00,00,00,00,00,00,00,00,00,
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,32,32,00,00,04,00,00,00,04,\
"ProcessorPolicies"=hex:01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,03,00,
00,00,a0,86,01,00,a0,86,01,00,a0,86,01,00,28,32,00,00,02,00,00,00,a0,86,01,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\uiwbnp.dll
c:\windows\system32\netprovcredman.dll
.
Zeit der Fertigstellung: 2012-11-02 17:33:03
ComboFix-quarantined-files.txt 2012-11-02 16:32
.
Vor Suchlauf: 16 Verzeichnis(se), 45.360.922.624 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 45.338.791.936 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 73CCE0C00E6F3014C64FBBF0D3058C52
|
|
02.11.2012, 18:03
| #15 |
| /// TB-Ausbilder | Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom Servus, ja, die Datei ist mir bekannt. Wie gesagt, das ist ein Fehlalarm, brauchst du nicht weiter berücksichtigen. Wie läuft dieser 2. Rechner derzeit? Gibt es auf diesem Rechner noch irgendwelche Probleme, die auf Malware hindeuten?
Code:
ATTFilter /md5start
appmgmts.dll
/md5stop
|
|
| Themen zu Keine Ahnung welcher Trojaner auf welchem PC - abuse Team Telekom |
| abuse, abuse team, ahnung, benutzung, hallo zusammen, hoffe, identifizierung, interne, keine ahnung, momentan, poste, rechner, rechnern, tan, telekom, telekom abuse team, troja, trojan.webmoner, trojan.zbot, trojaner, verschiedene, verschiedenen, verursacher, welchem, zugangs, zusammen |
Textbox.
Linear-Darstellung
