| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner soll nach Trojanerbefall vollständig sauber werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.11.2012, 22:58
| #1 |
 |  Rechner soll nach Trojanerbefall vollständig sauber werden Hallo, vor einigen Tagen wurde mein Rechner vom Bundespolizeitrojaner befallen. In meinem Autostart fand ich eine mir unbekannte ctfmon, die entfernt wurde. Auch wurde bisher schon Malwarebytes Anti-Malware mit der neuesten Version ausgeführt und alle Funde wurden gelöscht. Auch Hijack.this wurde schon einmal ausgeführt, keine Auffälligkeiten. Jetzt möchte ich aber ganz sicher gehen, dass sich keine weiteren Viren,Trojaner, Malware,usw. auf meinem System eingenistet haben. Normalerweise arbeite ich mit einem eingeschränkten Benutzeraccount. Die folgenden Dateien wurden jedoch als Administrator erzeugt, korrekt so? ORL.Txt Code:
ATTFilter OTL logfile created on: 21.11.2012 21:20:25 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,23 Mb Total Physical Memory | 583,14 Mb Available Physical Memory | 57,44% Memory free 2,36 Gb Paging File | 1,89 Gb Available in Paging File | 79,86% Paging File free Paging file location(s): S:\pagefile.sys 1500 1500 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 40,00 Gb Total Space | 20,44 Gb Free Space | 51,09% Space Free | Partition Type: NTFS Drive S: | 1,95 Gb Total Space | 0,48 Gb Free Space | 24,38% Space Free | Partition Type: NTFS Computer Name: egal | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 21:14:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2012.09.08 20:08:04 | 000,246,112 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.08.08 19:56:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012.05.15 19:05:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.15 19:05:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.15 19:05:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.15 19:05:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.15 19:05:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.17 10:07:54 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\hqtray.exe PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.09.08 20:08:07 | 001,148,416 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtNetwork4.dll MOD - [2012.09.08 20:08:07 | 000,398,336 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtXml4.dll MOD - [2012.09.08 20:08:07 | 000,384,512 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QueryStrategy.dll MOD - [2012.09.08 20:08:06 | 002,415,104 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\QtCore4.dll MOD - [2012.09.08 20:08:05 | 000,043,008 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll MOD - [2012.09.08 20:08:05 | 000,011,362 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\mingwm10.dll MOD - [2012.09.08 20:08:04 | 000,246,112 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe MOD - [2012.05.15 19:05:21 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.10.11 20:03:54 | 000,447,848 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\libxml2.dll MOD - [2011.10.11 20:03:44 | 000,060,264 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\cares.dll MOD - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe MOD - [2011.01.11 00:25:48 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Programme\VMware\VMware Player\zlib1.dll MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Programme\VMware\VMware Player\libxml2.dll MOD - [2009.02.27 15:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.09.08 20:08:04 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2012.08.25 21:27:58 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.15 19:05:20 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.15 19:05:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.15 19:05:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.15 19:05:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2008.03.18 11:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.08 20:08:07 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012.09.08 20:08:07 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.09.08 20:08:07 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2012.08.25 21:27:54 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.05.15 19:05:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.15 19:05:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci) DRV - [2010.11.11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86) DRV - [2010.11.11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport) DRV - [2010.11.11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010.11.11 13:29:30 | 000,032,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010.11.11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010.11.11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon) DRV - [2010.11.11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2010.08.19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2010.07.20 11:07:44 | 000,230,736 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.19 09:40:10 | 000,009,216 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.07.23 10:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.03.21 11:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.11.20 17:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.07.17 00:24:00 | 000,035,072 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X) DRV - [2007.06.18 15:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006.12.15 13:44:42 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.09.19 08:08:18 | 000,015,616 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BDA_Loader_220.sys -- (BDA_Loader_220) DRV - [2005.08.24 08:14:52 | 000,014,080 | ---- | M] (WideViewer Electronics CO., LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BDA_Capture_220.sys -- (BDA_Capture_220) DRV - [2005.06.29 10:21:24 | 000,019,328 | R--- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DTV_Loader_2X1.sys -- (DTV_Loader_2X1) DRV - [2004.09.06 13:40:04 | 000,018,432 | R--- | M] (Computer & Entertainment, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DTV_Capture_2X0.sys -- (DTV_Capture_2X0) DRV - [2004.08.22 15:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt) DRV - [2004.08.22 15:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus) DRV - [2001.11.05 08:23:52 | 000,299,923 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonyhcs.sys -- (sonyhcs) DRV - [2001.11.05 08:23:14 | 000,006,097 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sonyhcb.sys -- (sonyhcb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: maps@ovi.com:5.9.2.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.11.19 21:51:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.27 20:40:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.18 19:16:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.01.11 16:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.11.19 22:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\hamgehrx.default\extensions [2012.07.28 12:22:39 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\hamgehrx.default\extensions\maps@ovi.com [2012.11.19 22:36:52 | 000,530,679 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\hamgehrx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.03.05 15:40:50 | 000,000,003 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\hamgehrx.default\extensions\maps@ovi.com\plugins\package.XPI [2012.11.19 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 20:40:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.10.27 20:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㔰䄭䍂䕄䙆䑅䉃絁 [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.17 19:59:34 | 000,000,879 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Programme\D-Tools\daemon.exe (DAEMON'S HOME) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VMware hqtray] C:\Programme\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [SandboxieControl] C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [TrueCrypt] C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\MSOffice2k\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range3 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range4 ([*] in Lokales Intranet) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279617201375 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279628346296 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://192.168.178.210:2000/activex/RACtrl.cab (Performance Viewer Activex Control) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.20 09:25:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{a72cb674-f9e7-11e1-9efd-962c0165abaf}\Shell - "" = AutoRun O33 - MountPoints2\{a72cb674-f9e7-11e1-9efd-962c0165abaf}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a72cb674-f9e7-11e1-9efd-962c0165abaf}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 21:18:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\desktoplinks [2012.11.21 21:14:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.21 21:07:11 | 000,000,000 | R--D | C] -- C:\Sandbox [2012.11.21 21:04:14 | 000,000,000 | ---D | C] -- C:\Programme\Sandboxie [2012.11.21 21:04:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sandboxie [2012.11.21 20:56:50 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.11.19 22:55:40 | 000,000,000 | ---D | C] -- C:\Programme\hjackthis [2012.11.19 22:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\HiJackThis [2012.11.19 22:35:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2012.11.19 22:34:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.10 18:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\TV-Browser [2012.10.27 20:40:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.21 21:19:13 | 000,003,250 | ---- | M] () -- C:\WINDOWS\WINCMD.INI [2012.11.21 21:16:36 | 000,001,410 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini [2012.11.21 21:14:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.21 20:59:25 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205923.reg [2012.11.21 20:59:13 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205911.reg [2012.11.21 20:58:59 | 000,000,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205856.reg [2012.11.21 20:58:29 | 000,000,882 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205826.reg [2012.11.21 20:58:01 | 000,100,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205756.reg [2012.11.21 20:53:01 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 20:52:47 | 000,013,824 | ---- | M] () -- C:\dvb.GRF [2012.11.21 20:51:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.21 20:50:46 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.21 20:50:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.21 20:49:27 | 000,000,052 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.19 21:35:49 | 000,000,876 | ---- | M] () -- C:\WINDOWS\wininit.ini [2012.11.19 21:33:29 | 000,453,050 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.19 21:33:29 | 000,436,490 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.19 21:33:29 | 000,082,688 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.11.19 21:33:29 | 000,069,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.19 21:21:56 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad [2012.11.16 22:14:22 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.16 18:48:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.14 20:54:11 | 000,112,584 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwot.sys [2012.11.14 20:54:11 | 000,092,008 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avfwim.sys [2012.11.11 09:38:39 | 000,015,360 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.10 18:39:33 | 000,004,096 | ---- | M] () -- C:\dvb4.GRF [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.21 21:04:34 | 000,001,410 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2012.11.21 20:59:24 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205923.reg [2012.11.21 20:59:12 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205911.reg [2012.11.21 20:58:57 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205856.reg [2012.11.21 20:58:28 | 000,000,882 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205826.reg [2012.11.21 20:57:58 | 000,100,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\cc_20121121_205756.reg [2012.11.21 20:49:06 | 000,000,052 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.19 21:51:42 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2012.11.19 21:18:44 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad [2012.08.21 21:04:49 | 000,728,384 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.08.18 12:34:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.07.28 12:07:36 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zak_lo0i7g.pad [2012.06.24 18:12:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012.05.07 17:38:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2012.02.15 17:35:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.04.23 12:13:26 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2011.02.19 12:28:43 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2011.02.19 12:28:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4873.dll [2011.02.19 12:28:43 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll [2011.01.05 20:38:38 | 000,061,254 | ---- | C] () -- C:\Programme\EULA.deu [2010.12.23 21:41:12 | 000,000,275 | ---- | C] () -- C:\WINDOWS\d.ini [2010.08.16 19:36:56 | 000,000,045 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\machpro.dat [2010.08.08 10:13:28 | 000,015,360 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.05.26 02:17:16 | 000,110,657 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\UninstallDrv.exe ========== ZeroAccess Check ========== [2010.07.20 11:11:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 21:28:07 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.16 19:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canon [2011.05.03 20:45:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEM Data [2010.08.26 19:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ImgBurn [2010.10.24 17:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2012.06.08 20:44:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Oracle [2010.10.24 17:38:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Research In Motion [2010.10.16 17:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird [2010.12.04 23:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TrueCrypt [2010.08.11 20:40:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2012.09.08 20:09:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2012.06.27 18:40:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner [2010.10.24 17:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion [2010.07.20 15:59:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\XHEO INC ========== Purity Check ========== < End of report > gmer.log Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-21 22:38:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120822AS rev.3.BHE
Running: plohe3bf.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxldqpod.sys
---- System - GMER 1.0.15 ----
SSDT F7C3927C ZwClose
SSDT F7C39236 ZwCreateKey
SSDT F7C39286 ZwCreateSection
SSDT F7C3925E ZwCreateSymbolicLinkObject
SSDT F7C3922C ZwCreateThread
SSDT F7C3923B ZwDeleteKey
SSDT F7C39245 ZwDeleteValueKey
SSDT F7C39277 ZwDuplicateObject
SSDT F7C39263 ZwLoadDriver
SSDT F7C3924A ZwLoadKey
SSDT F7C39218 ZwOpenProcess
SSDT F7C39259 ZwOpenSection
SSDT F7C3921D ZwOpenThread
SSDT F7C3929F ZwQueryValueKey
SSDT F7C39254 ZwReplaceKey
SSDT F7C39290 ZwRequestWaitReplyPort
SSDT F7C3924F ZwRestoreKey
SSDT F7C3928B ZwSetContextThread
SSDT F7C39295 ZwSetSecurityObject
SSDT F7C39268 ZwSetSystemInformation
SSDT F7C39240 ZwSetValueKey
SSDT F7C3929A ZwSystemDebugControl
SSDT F7C39227 ZwTerminateProcess
SSDT F7C39222 ZwWriteVirtualMemory
Code F7B5DC9C ZwRequestPort
Code F7B5DBFC ZwTraceEvent
Code F7B5DC9B NtRequestPort
Code F7B5DBFB NtTraceEvent
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ab hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ad hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000ba hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000af hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000bc hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset003\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset003\Services\MRxDAV\EncryptedDirectories@
---- EOF - GMER 1.0.15 ----
|
|
22.11.2012, 15:29
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner soll nach Trojanerbefall vollständig sauber werden Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
22.11.2012, 22:22
| #3 |
| | Rechner soll nach Trojanerbefall vollständig sauber werden Ja, klar, entschuldige bitte.
__________________Also dann hier von mbam Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: egal [Administrator] Schutz: Aktiviert 19.11.2012 22:37:10 mbam-log-2012-11-19 (22-37-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 256512 Laufzeit: 6 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1&cf=fab076f6-12d3-11e1-9e78-001f2985bed0) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Dokumente und Einstellungen\me\Anwendungsdaten\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\RECYCLER\S-1-5-21-515967899-1788223648-1417001333-500\Dc66.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\RECYCLER\S-1-5-21-515967899-1788223648-1417001333-500\Dc6\myfile[1].dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\me\Anwendungsdaten\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\me\Anwendungsdaten\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:56:41, on 19.11.2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\Explorer.EXE C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mobile Partner\OnlineUpdate\ouc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Programme\VMware\VMware Player\vmware-authd.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Avira\AntiVir Desktop\avmailc.exe C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\D-Tools\daemon.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Programme\Winamp\winampa.exe C:\Programme\VMware\VMware Player\hqtray.exe C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Programme\hjackthis\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://www.dvdvideosoft.com/de/products/dvd/Free-Video-Flip-and-Rotate.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [VMware hqtray] "C:\Programme\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a logon /a devices O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-515967899-1788223648-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\MSOffice2k\Office\OSA9.EXE O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware player\vsocklib.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1279617201375 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279628346296 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://192.168.178.210:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{24C14731-CCDF-455B-B757-0EED8977FA2C}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{900CA7C7-783C-429E-BC86-C39D87DB9847}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{BB1C8F42-16AC-4DD9-807F-8E907F6F20B8}: NameServer = 192.168.178.1 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Avira Email Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Browser Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HWDeviceService.exe - Unknown owner - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Programme\Mobile Partner\UpdateDog\ouc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programme\Skype\Updater\Updater.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Player\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 11358 bytes Und einen schönen Abend wünsche ich! Grüße! |
|
23.11.2012, 10:42
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner soll nach Trojanerbefall vollständig sauber werden Sind das alle Logs mit Funden? Es geht hier auch im andere Scanner, nicht nur um Malwarebytes Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.11.2012, 18:02
| #5 |
| | Rechner soll nach Trojanerbefall vollständig sauber werden Ja, das sind alle Logs. Leider hat mein Avira die ganze Zeit tatenlos zugesehen. Tur mir Leid wegen des hjackthis-log, den Hinweis nicht gesehen; kann es nun aber leider auch nicht mehr herausedieren. |
|
23.11.2012, 20:26
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner soll nach Trojanerbefall vollständig sauber werden 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Rechner soll nach Trojanerbefall vollständig sauber werden |
|
23.11.2012, 21:31
| #7 |
| | Rechner soll nach Trojanerbefall vollständig sauber werden aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 21:00:27
-----------------------------
21:00:27.156 OS Version: Windows 5.1.2600 Service Pack 3
21:00:27.156 Number of processors: 2 586 0xF0D
21:00:27.156 ComputerName: egal UserName:
21:00:28.406 Initialize success
21:02:10.671 AVAST engine defs: 12112301
21:02:23.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:02:23.734 Disk 0 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
21:02:23.828 Disk 0 MBR read successfully
21:02:23.828 Disk 0 MBR scan
21:02:24.046 Disk 0 Windows XP default MBR code
21:02:24.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40962 MB offset 63
21:02:24.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 83891430
21:02:24.234 Disk 0 scanning sectors +234436545
21:02:24.500 Disk 0 scanning C:\WINDOWS\system32\drivers
21:02:41.375 Service scanning
21:03:01.343 Modules scanning
21:03:37.921 Disk 0 trace - called modules:
21:03:37.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:03:37.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d43ab8]
21:03:37.968 3 CLASSPNP.SYS[f7568fd7] -> nt!IofCallDriver -> \Device\000000a1[0x86d067e0]
21:03:37.968 5 ACPI.sys[f73de620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86da15d0]
21:03:38.171 AVAST engine scan C:\WINDOWS
21:03:56.562 AVAST engine scan C:\WINDOWS\system32
21:06:21.796 AVAST engine scan C:\WINDOWS\system32\drivers
21:06:36.578 AVAST engine scan C:\Dokumente und Einstellungen\...
21:10:13.140 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:11:33.296 Scan finished successfully
21:16:20.234 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\...\Desktop\MBR.dat"
21:16:20.234 The log file has been saved successfully to "C:\Dokumente und Einstellungen\...\Desktop\aswMBR.txt"
log vom TDSS-Killer Code:
ATTFilter 21:19:01.0421 3320 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:19:03.0421 3320 ============================================================
21:19:03.0421 3320 Current date / time: 2012/11/23 21:19:03.0421
21:19:03.0421 3320 SystemInfo:
21:19:03.0421 3320
21:19:03.0421 3320 OS Version: 5.1.2600 ServicePack: 3.0
21:19:03.0421 3320 Product type: Workstation
21:19:03.0421 3320 ComputerName: egal
21:19:03.0421 3320 UserName: ...
21:19:03.0421 3320 Windows directory: C:\WINDOWS
21:19:03.0421 3320 System windows directory: C:\WINDOWS
21:19:03.0421 3320 Processor architecture: Intel x86
21:19:03.0421 3320 Number of processors: 2
21:19:03.0421 3320 Page size: 0x1000
21:19:03.0421 3320 Boot type: Normal boot
21:19:03.0421 3320 ============================================================
21:19:04.0984 3320 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:19:04.0984 3320 ============================================================
21:19:04.0984 3320 \Device\Harddisk0\DR0:
21:19:04.0984 3320 MBR partitions:
21:19:04.0984 3320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
21:19:04.0984 3320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50014E6, BlocksNum 0x3E823F
21:19:04.0984 3320 ============================================================
21:19:05.0015 3320 C: <-> \Device\Harddisk0\DR0\Partition1
21:19:05.0031 3320 S: <-> \Device\Harddisk0\DR0\Partition2
21:19:05.0046 3320 ============================================================
21:19:05.0046 3320 Initialize success
21:19:05.0046 3320 ============================================================
21:19:35.0578 2496 ============================================================
21:19:35.0578 2496 Scan started
21:19:35.0578 2496 Mode: Manual; SigCheck; TDLFS;
21:19:35.0578 2496 ============================================================
21:19:36.0015 2496 ================ Scan system memory ========================
21:19:36.0031 2496 System memory - ok
21:19:36.0031 2496 ================ Scan services =============================
21:19:36.0125 2496 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
21:19:36.0906 2496 61883 - ok
21:19:36.0921 2496 Abiosdsk - ok
21:19:36.0921 2496 abp480n5 - ok
21:19:36.0953 2496 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:37.0062 2496 ACPI - ok
21:19:37.0093 2496 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:19:37.0203 2496 ACPIEC - ok
21:19:37.0234 2496 [ 4E12C97CBFE99BE15D7680918F9899EC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:19:37.0265 2496 ADIHdAudAddService - ok
21:19:37.0281 2496 adpu160m - ok
21:19:37.0296 2496 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
21:19:37.0312 2496 AEAudio - ok
21:19:37.0328 2496 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:19:37.0437 2496 aec - ok
21:19:37.0500 2496 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:19:37.0562 2496 AFD - ok
21:19:37.0593 2496 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
21:19:37.0625 2496 AgereModemAudio - ok
21:19:37.0671 2496 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:19:37.0765 2496 AgereSoftModem - ok
21:19:37.0765 2496 Aha154x - ok
21:19:37.0765 2496 aic78u2 - ok
21:19:37.0765 2496 aic78xx - ok
21:19:37.0812 2496 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:19:37.0937 2496 Alerter - ok
21:19:37.0953 2496 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:19:38.0000 2496 ALG - ok
21:19:38.0015 2496 AliIde - ok
21:19:38.0015 2496 amsint - ok
21:19:38.0109 2496 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe
21:19:38.0140 2496 AntiVirMailService - ok
21:19:38.0171 2496 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
21:19:38.0187 2496 AntiVirSchedulerService - ok
21:19:38.0203 2496 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:19:38.0218 2496 AntiVirService - ok
21:19:38.0234 2496 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:19:38.0265 2496 AntiVirWebService - ok
21:19:38.0296 2496 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:19:38.0359 2496 AppMgmt - ok
21:19:38.0390 2496 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:19:38.0484 2496 Arp1394 - ok
21:19:38.0500 2496 asc - ok
21:19:38.0500 2496 asc3350p - ok
21:19:38.0500 2496 asc3550 - ok
21:19:38.0562 2496 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:19:38.0562 2496 aspnet_state - ok
21:19:38.0578 2496 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:38.0671 2496 AsyncMac - ok
21:19:38.0703 2496 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:38.0796 2496 atapi - ok
21:19:38.0796 2496 Atdisk - ok
21:19:38.0812 2496 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:38.0921 2496 Atmarpc - ok
21:19:38.0953 2496 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
21:19:54.0000 2496 ATSWPDRV - ok
21:19:54.0078 2496 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:19:54.0281 2496 AudioSrv - ok
21:19:54.0312 2496 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:54.0390 2496 audstub - ok
21:19:54.0421 2496 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
21:19:54.0531 2496 Avc - ok
21:19:54.0562 2496 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:19:54.0593 2496 avgntflt - ok
21:19:54.0609 2496 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:19:54.0640 2496 avipbb - ok
21:19:54.0656 2496 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:19:54.0671 2496 avkmgr - ok
21:19:54.0906 2496 [ 133AD3794572BCE689763A8356C7ED06 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:19:54.0937 2496 b57w2k - ok
21:19:54.0968 2496 [ E00F4431DE291C2D393F31F12445CB3D ] BDA_Capture_220 C:\WINDOWS\system32\Drivers\BDA_Capture_220.sys
21:19:54.0984 2496 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - warning
21:19:54.0984 2496 BDA_Capture_220 - detected UnsignedFile.Multi.Generic (1)
21:19:55.0015 2496 [ 349E98A55A8C6B60A2454750893F2A26 ] BDA_Loader_220 C:\WINDOWS\system32\Drivers\BDA_Loader_220.sys
21:19:55.0031 2496 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - warning
21:19:55.0031 2496 BDA_Loader_220 - detected UnsignedFile.Multi.Generic (1)
21:19:55.0062 2496 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:19:55.0171 2496 Beep - ok
21:19:55.0218 2496 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:19:55.0343 2496 BITS - ok
21:19:55.0359 2496 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:19:55.0421 2496 Browser - ok
21:19:55.0453 2496 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:55.0546 2496 cbidf2k - ok
21:19:55.0562 2496 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:19:55.0656 2496 CCDECODE - ok
21:19:55.0656 2496 cd20xrnt - ok
21:19:55.0687 2496 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:55.0796 2496 Cdaudio - ok
21:19:55.0828 2496 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:55.0921 2496 Cdfs - ok
21:19:55.0937 2496 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:56.0031 2496 Cdrom - ok
21:19:56.0078 2496 certsrv - ok
21:19:56.0078 2496 Changer - ok
21:19:56.0109 2496 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:19:56.0203 2496 CiSvc - ok
21:19:56.0234 2496 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:19:56.0328 2496 ClipSrv - ok
21:19:56.0359 2496 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:56.0375 2496 clr_optimization_v2.0.50727_32 - ok
21:19:56.0406 2496 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:19:56.0500 2496 CmBatt - ok
21:19:56.0500 2496 CmdIde - ok
21:19:56.0562 2496 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:19:56.0578 2496 Com4QLBEx - ok
21:19:56.0593 2496 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:19:56.0687 2496 Compbatt - ok
21:19:56.0687 2496 COMSysApp - ok
21:19:56.0703 2496 Cpqarray - ok
21:19:56.0734 2496 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:19:56.0828 2496 CryptSvc - ok
21:19:56.0859 2496 [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus C:\WINDOWS\system32\DRIVERS\d347bus.sys
21:19:56.0875 2496 d347bus ( UnsignedFile.Multi.Generic ) - warning
21:19:56.0875 2496 d347bus - detected UnsignedFile.Multi.Generic (1)
21:19:56.0875 2496 [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt C:\WINDOWS\System32\Drivers\d347prt.sys
21:19:56.0890 2496 d347prt ( UnsignedFile.Multi.Generic ) - warning
21:19:56.0890 2496 d347prt - detected UnsignedFile.Multi.Generic (1)
21:19:56.0890 2496 dac2w2k - ok
21:19:56.0906 2496 dac960nt - ok
21:19:56.0937 2496 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:19:56.0984 2496 DcomLaunch - ok
21:19:57.0015 2496 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:19:57.0093 2496 Dhcp - ok
21:19:57.0125 2496 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:57.0234 2496 Disk - ok
21:19:57.0234 2496 dmadmin - ok
21:19:57.0296 2496 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:19:57.0437 2496 dmboot - ok
21:19:57.0453 2496 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:19:57.0546 2496 dmio - ok
21:19:57.0578 2496 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:19:57.0671 2496 dmload - ok
21:19:57.0703 2496 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:19:57.0796 2496 dmserver - ok
21:19:57.0812 2496 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:19:57.0921 2496 DMusic - ok
21:19:57.0953 2496 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:19:58.0000 2496 Dnscache - ok
21:19:58.0031 2496 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:19:58.0140 2496 Dot3svc - ok
21:19:58.0140 2496 dpti2o - ok
21:19:58.0171 2496 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:58.0265 2496 drmkaud - ok
21:19:58.0296 2496 [ 5AD19FD45820173E094194C1E6F719EF ] DTV_Capture_2X0 C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys
21:19:58.0296 2496 DTV_Capture_2X0 ( UnsignedFile.Multi.Generic ) - warning
21:19:58.0296 2496 DTV_Capture_2X0 - detected UnsignedFile.Multi.Generic (1)
21:19:58.0296 2496 [ CCA7BAD75040E7521597A22E3C95AF12 ] DTV_Loader_2X1 C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys
21:19:58.0328 2496 DTV_Loader_2X1 ( UnsignedFile.Multi.Generic ) - warning
21:19:58.0328 2496 DTV_Loader_2X1 - detected UnsignedFile.Multi.Generic (1)
21:19:58.0359 2496 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:19:58.0453 2496 EapHost - ok
21:19:58.0468 2496 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:19:58.0562 2496 ERSvc - ok
21:19:58.0593 2496 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:19:58.0625 2496 Eventlog - ok
21:19:58.0656 2496 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:19:58.0703 2496 EventSystem - ok
21:19:58.0734 2496 [ FB54F67974D13D73BE3E2F1DF042D295 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
21:19:58.0890 2496 ewusbnet - ok
21:19:58.0937 2496 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:59.0031 2496 Fastfat - ok
21:19:59.0062 2496 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:59.0109 2496 FastUserSwitchingCompatibility - ok
21:19:59.0140 2496 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:19:59.0312 2496 Fdc - ok
21:19:59.0343 2496 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:19:59.0453 2496 Fips - ok
21:19:59.0484 2496 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:19:59.0578 2496 Flpydisk - ok
21:19:59.0609 2496 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:19:59.0703 2496 FltMgr - ok
21:19:59.0765 2496 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:59.0781 2496 FontCache3.0.0.0 - ok
21:19:59.0796 2496 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:59.0890 2496 Fs_Rec - ok
21:19:59.0921 2496 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:20:00.0015 2496 Ftdisk - ok
21:20:00.0062 2496 [ 7AD4C281CB1661086B05E087230D4B76 ] fwlanusb4 C:\WINDOWS\system32\DRIVERS\fwlanusb4.sys
21:20:00.0156 2496 fwlanusb4 - ok
21:20:00.0203 2496 [ 34403847D2E224A96B94A123B9AE55A0 ] fwlanusbn C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys
21:20:00.0234 2496 fwlanusbn - ok
21:20:00.0265 2496 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:20:00.0375 2496 Gpc - ok
21:20:00.0437 2496 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:20:00.0453 2496 gupdate - ok
21:20:00.0468 2496 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:20:00.0484 2496 gupdatem - ok
21:20:00.0515 2496 [ FC657B7751729EFE54E2FF24F50E5BAB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
21:20:00.0562 2496 HBtnKey - ok
21:20:00.0593 2496 [ 9F40FC2A562DC9F4D9E10943586D9ED1 ] hcmon C:\WINDOWS\system32\drivers\hcmon.sys
21:20:00.0640 2496 hcmon - ok
21:20:00.0656 2496 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:20:00.0781 2496 HDAudBus - ok
21:20:00.0828 2496 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:20:00.0921 2496 helpsvc - ok
21:20:00.0921 2496 HidServ - ok
21:20:00.0953 2496 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:20:01.0046 2496 HidUsb - ok
21:20:01.0078 2496 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:20:01.0171 2496 hkmsvc - ok
21:20:01.0187 2496 [ 362D8E46B618649591DE2A5C2F0E58E1 ] HP24X C:\WINDOWS\system32\DRIVERS\HP24X.sys
21:20:01.0250 2496 HP24X - ok
21:20:01.0250 2496 hpn - ok
21:20:01.0312 2496 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
21:20:01.0390 2496 HpqKbFiltr - ok
21:20:01.0500 2496 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
21:20:01.0546 2496 hpqwmiex - ok
21:20:01.0640 2496 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:20:01.0734 2496 HTTP - ok
21:20:01.0765 2496 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:20:01.0875 2496 HTTPFilter - ok
21:20:01.0921 2496 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
21:20:02.0390 2496 huawei_enumerator - ok
21:20:02.0468 2496 [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:20:02.0531 2496 hwdatacard - ok
21:20:02.0796 2496 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\HWDeviceService.exe
21:20:02.0890 2496 HWDeviceService.exe - ok
21:20:02.0890 2496 i2omgmt - ok
21:20:02.0890 2496 i2omp - ok
21:20:02.0937 2496 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:20:03.0046 2496 i8042prt - ok
21:20:04.0218 2496 [ 42CAA789A21014AA809A8FF59B3CCFD9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:20:06.0828 2496 ialm - ok
21:20:07.0031 2496 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:07.0546 2496 idsvc - ok
21:20:07.0578 2496 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
21:20:07.0656 2496 IFXTPM - ok
21:20:07.0703 2496 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:20:07.0921 2496 Imapi - ok
21:20:07.0968 2496 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:20:08.0062 2496 ImapiService - ok
21:20:08.0078 2496 ini910u - ok
21:20:08.0078 2496 IntelIde - ok
21:20:08.0109 2496 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:20:08.0218 2496 intelppm - ok
21:20:08.0234 2496 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:20:08.0328 2496 Ip6Fw - ok
21:20:08.0359 2496 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:20:08.0453 2496 IpFilterDriver - ok
21:20:08.0484 2496 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:08.0578 2496 IpInIp - ok
21:20:08.0593 2496 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:08.0671 2496 IpNat - ok
21:20:08.0687 2496 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:08.0781 2496 IPSec - ok
21:20:08.0812 2496 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:08.0859 2496 IRENUM - ok
21:20:08.0890 2496 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:08.0984 2496 isapnp - ok
21:20:09.0156 2496 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
21:20:09.0171 2496 JavaQuickStarterService - ok
21:20:09.0203 2496 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:09.0296 2496 Kbdclass - ok
21:20:09.0312 2496 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:20:09.0406 2496 kbdhid - ok
21:20:09.0421 2496 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:20:09.0515 2496 kmixer - ok
21:20:09.0546 2496 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:09.0625 2496 KSecDD - ok
21:20:09.0656 2496 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:20:09.0687 2496 LanmanServer - ok
21:20:09.0718 2496 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:20:09.0750 2496 lanmanworkstation - ok
21:20:09.0750 2496 lbrtfdc - ok
21:20:09.0781 2496 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:20:09.0890 2496 LmHosts - ok
21:20:09.0906 2496 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:20:09.0937 2496 MBAMProtector - ok
21:20:10.0000 2496 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:20:10.0046 2496 MBAMScheduler - ok
21:20:10.0078 2496 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
21:20:10.0125 2496 MBAMService - ok
21:20:10.0156 2496 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:20:10.0250 2496 Messenger - ok
21:20:10.0281 2496 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:10.0375 2496 mnmdd - ok
21:20:10.0406 2496 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:20:10.0484 2496 mnmsrvc - ok
21:20:10.0546 2496 [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Programme\Mobile Partner\UpdateDog\ouc.exe
21:20:10.0562 2496 Mobile Partner. RunOuc - ok
21:20:10.0578 2496 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:20:10.0687 2496 Modem - ok
21:20:10.0703 2496 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:10.0781 2496 Mouclass - ok
21:20:10.0812 2496 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:10.0906 2496 mouhid - ok
21:20:10.0953 2496 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:11.0031 2496 MountMgr - ok
21:20:11.0062 2496 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:20:11.0171 2496 MPE - ok
21:20:11.0187 2496 mraid35x - ok
21:20:11.0218 2496 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:11.0312 2496 MRxDAV - ok
21:20:11.0359 2496 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:11.0421 2496 MRxSmb - ok
21:20:11.0437 2496 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:20:11.0531 2496 MSDTC - ok
21:20:11.0578 2496 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
21:20:11.0671 2496 MSDV - ok
21:20:11.0703 2496 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:20:11.0796 2496 Msfs - ok
21:20:11.0796 2496 MSIServer - ok
21:20:11.0828 2496 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:11.0921 2496 MSKSSRV - ok
21:20:11.0937 2496 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:12.0031 2496 MSPCLOCK - ok
21:20:12.0046 2496 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:12.0140 2496 MSPQM - ok
21:20:12.0171 2496 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:12.0250 2496 mssmbios - ok
21:20:12.0281 2496 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:20:12.0390 2496 MSTEE - ok
21:20:12.0421 2496 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:20:12.0453 2496 Mup - ok
21:20:12.0484 2496 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:20:12.0578 2496 NABTSFEC - ok
21:20:12.0609 2496 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:20:12.0703 2496 napagent - ok
21:20:12.0750 2496 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:20:12.0843 2496 NDIS - ok
21:20:12.0859 2496 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:20:12.0937 2496 NdisIP - ok
21:20:12.0984 2496 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:13.0000 2496 NdisTapi - ok
21:20:13.0046 2496 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:13.0125 2496 Ndisuio - ok
21:20:13.0171 2496 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:13.0265 2496 NdisWan - ok
21:20:13.0296 2496 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:13.0328 2496 NDProxy - ok
21:20:13.0343 2496 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:13.0421 2496 NetBIOS - ok
21:20:13.0453 2496 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:13.0546 2496 NetBT - ok
21:20:13.0578 2496 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:20:13.0656 2496 NetDDE - ok
21:20:13.0687 2496 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:20:13.0765 2496 NetDDEdsdm - ok
21:20:13.0796 2496 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:20:13.0890 2496 Netlogon - ok
21:20:13.0921 2496 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:20:14.0015 2496 Netman - ok
21:20:14.0031 2496 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:14.0046 2496 NetTcpPortSharing - ok
21:20:14.0078 2496 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:20:14.0171 2496 NIC1394 - ok
21:20:14.0187 2496 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:20:14.0218 2496 Nla - ok
21:20:14.0234 2496 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:20:14.0312 2496 Npfs - ok
21:20:14.0359 2496 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:14.0468 2496 Ntfs - ok
21:20:14.0484 2496 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:20:14.0578 2496 NtLmSsp - ok
21:20:14.0625 2496 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:20:14.0734 2496 NtmsSvc - ok
21:20:14.0750 2496 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:20:14.0843 2496 Null - ok
21:20:14.0937 2496 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:15.0031 2496 NwlnkFlt - ok
21:20:15.0031 2496 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:15.0140 2496 NwlnkFwd - ok
21:20:15.0203 2496 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:20:15.0296 2496 ohci1394 - ok
21:20:15.0312 2496 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:20:15.0421 2496 Parport - ok
21:20:15.0437 2496 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:15.0515 2496 PartMgr - ok
21:20:15.0546 2496 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:15.0640 2496 ParVdm - ok
21:20:15.0656 2496 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:15.0750 2496 PCI - ok
21:20:15.0750 2496 PCIDump - ok
21:20:15.0781 2496 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:20:15.0875 2496 PCIIde - ok
21:20:15.0890 2496 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:20:15.0968 2496 Pcmcia - ok
21:20:15.0984 2496 PDCOMP - ok
21:20:15.0984 2496 PDFRAME - ok
21:20:15.0984 2496 PDRELI - ok
21:20:15.0984 2496 PDRFRAME - ok
21:20:16.0000 2496 perc2 - ok
21:20:16.0000 2496 perc2hib - ok
21:20:16.0031 2496 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:20:16.0046 2496 PlugPlay - ok
21:20:16.0062 2496 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:20:16.0156 2496 PolicyAgent - ok
21:20:16.0218 2496 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:16.0312 2496 PptpMiniport - ok
21:20:16.0328 2496 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:20:16.0421 2496 ProtectedStorage - ok
21:20:16.0437 2496 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:16.0515 2496 PSched - ok
21:20:16.0531 2496 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:16.0640 2496 Ptilink - ok
21:20:16.0656 2496 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:20:16.0671 2496 PxHelp20 - ok
21:20:16.0687 2496 ql1080 - ok
21:20:16.0687 2496 Ql10wnt - ok
21:20:16.0687 2496 ql12160 - ok
21:20:16.0703 2496 ql1240 - ok
21:20:16.0703 2496 ql1280 - ok
21:20:16.0718 2496 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:16.0796 2496 RasAcd - ok
21:20:16.0843 2496 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:20:16.0921 2496 RasAuto - ok
21:20:16.0937 2496 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:17.0031 2496 Rasl2tp - ok
21:20:17.0062 2496 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:20:17.0171 2496 RasMan - ok
21:20:17.0203 2496 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:17.0312 2496 RasPppoe - ok
21:20:17.0343 2496 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:17.0437 2496 Raspti - ok
21:20:17.0453 2496 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:17.0546 2496 Rdbss - ok
21:20:17.0546 2496 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:17.0671 2496 RDPCDD - ok
21:20:17.0734 2496 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:20:17.0812 2496 rdpdr - ok
21:20:17.0859 2496 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:17.0921 2496 RDPWD - ok
21:20:17.0953 2496 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:20:18.0062 2496 RDSessMgr - ok
21:20:18.0078 2496 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:18.0171 2496 redbook - ok
21:20:18.0203 2496 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:20:18.0312 2496 RemoteAccess - ok
21:20:18.0328 2496 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:20:18.0421 2496 RemoteRegistry - ok
21:20:18.0562 2496 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:20:18.0656 2496 ROOTMODEM - ok
21:20:18.0671 2496 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:20:18.0765 2496 RpcLocator - ok
21:20:18.0796 2496 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:20:18.0828 2496 RpcSs - ok
21:20:18.0859 2496 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:20:18.0953 2496 RSVP - ok
21:20:18.0968 2496 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:20:19.0046 2496 SamSs - ok
21:20:19.0125 2496 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Programme\Sandboxie\SbieDrv.sys
21:20:19.0187 2496 SbieDrv - ok
21:20:19.0218 2496 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Programme\Sandboxie\SbieSvc.exe
21:20:19.0234 2496 SbieSvc - ok
21:20:19.0265 2496 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:20:19.0359 2496 SCardSvr - ok
21:20:19.0390 2496 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:20:19.0484 2496 Schedule - ok
21:20:19.0500 2496 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:19.0546 2496 Secdrv - ok
21:20:19.0562 2496 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:20:19.0687 2496 seclogon - ok
21:20:19.0718 2496 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:20:19.0843 2496 SENS - ok
21:20:19.0875 2496 [ DE0A165D9F8EA295E62EA702EF2F8125 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
21:20:19.0921 2496 Ser2pl - ok
21:20:19.0937 2496 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:20:20.0031 2496 Serenum - ok
21:20:20.0046 2496 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:20:20.0140 2496 Serial - ok
21:20:20.0156 2496 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:20.0250 2496 Sfloppy - ok
21:20:20.0281 2496 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:20:20.0390 2496 SharedAccess - ok
21:20:20.0421 2496 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:20:20.0437 2496 ShellHWDetection - ok
21:20:20.0453 2496 Simbad - ok
21:20:20.0515 2496 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
21:20:20.0531 2496 SkypeUpdate - ok
21:20:20.0578 2496 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:20:20.0687 2496 SLIP - ok
21:20:20.0703 2496 [ E78CD3BB53A208DFAB8FC826384307E0 ] sonyhcb C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
21:20:20.0781 2496 sonyhcb - ok
21:20:20.0859 2496 [ 610F515FCD95D37F3252E1C250EF8C61 ] sonyhcs C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
21:20:20.0890 2496 sonyhcs - ok
21:20:20.0890 2496 Sparrow - ok
21:20:20.0921 2496 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:20:21.0015 2496 splitter - ok
21:20:21.0046 2496 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:20:21.0062 2496 Spooler - ok
21:20:21.0093 2496 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:21.0140 2496 sr - ok
21:20:21.0171 2496 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:20:21.0218 2496 srservice - ok
21:20:21.0265 2496 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:21.0296 2496 Srv - ok
21:20:21.0328 2496 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:20:21.0406 2496 SSDPSRV - ok
21:20:21.0453 2496 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:20:21.0453 2496 ssmdrv - ok
21:20:21.0500 2496 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:20:21.0593 2496 stisvc - ok
21:20:21.0609 2496 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:20:21.0718 2496 streamip - ok
21:20:21.0734 2496 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:21.0828 2496 swenum - ok
21:20:21.0843 2496 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:20:21.0953 2496 swmidi - ok
21:20:21.0953 2496 SwPrv - ok
21:20:21.0953 2496 symc810 - ok
21:20:21.0968 2496 symc8xx - ok
21:20:21.0968 2496 sym_hi - ok
21:20:21.0968 2496 sym_u3 - ok
21:20:22.0000 2496 [ 1DE40024679CDE0E573465253519730E ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:20:22.0015 2496 SynTP - ok
21:20:22.0031 2496 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:22.0125 2496 sysaudio - ok
21:20:22.0156 2496 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:20:22.0250 2496 SysmonLog - ok
21:20:22.0281 2496 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:20:22.0390 2496 TapiSrv - ok
21:20:22.0421 2496 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:22.0468 2496 Tcpip - ok
21:20:22.0515 2496 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:22.0593 2496 TDPIPE - ok
21:20:22.0609 2496 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:22.0718 2496 TDTCP - ok
21:20:22.0734 2496 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:22.0843 2496 TermDD - ok
21:20:22.0875 2496 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:20:22.0984 2496 TermService - ok
21:20:23.0000 2496 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:20:23.0015 2496 Themes - ok
21:20:23.0046 2496 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:20:23.0093 2496 TlntSvr - ok
21:20:23.0109 2496 TosIde - ok
21:20:23.0125 2496 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:20:23.0203 2496 TrkWks - ok
21:20:23.0234 2496 [ 075B938565A580E0A880EB0E403A356B ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys
21:20:23.0265 2496 truecrypt - ok
21:20:23.0312 2496 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:20:23.0406 2496 Udfs - ok
21:20:23.0468 2496 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Programme\VMware\VMware Player\vmware-ufad.exe
21:20:23.0500 2496 ufad-ws60 - ok
21:20:23.0500 2496 ultra - ok
21:20:23.0546 2496 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:20:23.0656 2496 Update - ok
21:20:23.0687 2496 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:20:23.0750 2496 upnphost - ok
21:20:23.0765 2496 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:20:23.0843 2496 UPS - ok
21:20:23.0875 2496 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:20:23.0968 2496 usbaudio - ok
21:20:24.0000 2496 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:24.0093 2496 usbccgp - ok
21:20:24.0125 2496 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:20:24.0218 2496 usbehci - ok
21:20:24.0250 2496 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:24.0343 2496 usbhub - ok
21:20:24.0375 2496 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:20:24.0484 2496 usbprint - ok
21:20:24.0515 2496 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:24.0593 2496 usbscan - ok
21:20:24.0625 2496 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:24.0734 2496 USBSTOR - ok
21:20:24.0750 2496 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:20:24.0843 2496 usbuhci - ok
21:20:24.0859 2496 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:20:24.0953 2496 VgaSave - ok
21:20:24.0953 2496 ViaIde - ok
21:20:24.0984 2496 [ 42F0ECAF36636841A4A006850695507F ] VMAuthdService C:\Programme\VMware\VMware Player\vmware-authd.exe
21:20:25.0015 2496 VMAuthdService - ok
21:20:25.0031 2496 [ 69F761F00950C65AF8E5F836BF251D61 ] vmci C:\WINDOWS\system32\Drivers\vmci.sys
21:20:25.0046 2496 vmci - ok
21:20:25.0062 2496 [ DCD2F4A14795E8A8114A7CAE2A9B9465 ] vmkbd C:\WINDOWS\system32\drivers\VMkbd.sys
21:20:25.0093 2496 vmkbd - ok
21:20:25.0125 2496 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
21:20:25.0140 2496 VMnetAdapter - ok
21:20:25.0171 2496 [ 0A671FD23EEC96FA35B50A167351D394 ] VMnetBridge C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
21:20:25.0187 2496 VMnetBridge - ok
21:20:25.0203 2496 [ 4C8927595E18017F9C1716370F572B7D ] VMnetDHCP C:\WINDOWS\system32\vmnetdhcp.exe
21:20:25.0234 2496 VMnetDHCP - ok
21:20:25.0250 2496 [ 6BD13F3F8A4A67A4FC5C3DC1696C00D8 ] VMnetuserif C:\WINDOWS\system32\drivers\vmnetuserif.sys
21:20:25.0281 2496 VMnetuserif - ok
21:20:25.0312 2496 [ 3BAD07BD14AC271B5F0000AC7A1FC4C6 ] VMparport C:\WINDOWS\system32\Drivers\VMparport.sys
21:20:25.0328 2496 VMparport - ok
21:20:25.0359 2496 [ F22098DBDD13C1221C274496B3E18DA7 ] VMUSBArbService C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:20:25.0406 2496 VMUSBArbService - ok
21:20:25.0421 2496 [ 61DA8934252B140C4B568813F543D0D2 ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
21:20:25.0453 2496 VMware NAT Service - ok
21:20:25.0515 2496 [ 963A6A23EEB5AB6277C64FBC98517DE8 ] vmx86 C:\WINDOWS\system32\Drivers\vmx86.sys
21:20:25.0562 2496 vmx86 - ok
21:20:25.0593 2496 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:25.0687 2496 VolSnap - ok
21:20:25.0734 2496 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:20:25.0968 2496 VSS - ok
21:20:26.0000 2496 [ 98929C5C5314C4C048E2F60492C26723 ] vstor2-ws60 C:\Programme\VMware\VMware Player\vstor2-ws60.sys
21:20:26.0046 2496 vstor2-ws60 - ok
21:20:26.0078 2496 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:20:26.0218 2496 W32Time - ok
21:20:26.0250 2496 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:26.0390 2496 Wanarp - ok
21:20:26.0421 2496 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:20:26.0468 2496 wceusbsh - ok
21:20:26.0500 2496 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:20:26.0531 2496 Wdf01000 - ok
21:20:26.0546 2496 WDICA - ok
21:20:26.0578 2496 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:26.0671 2496 wdmaud - ok
21:20:26.0687 2496 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:20:26.0796 2496 WebClient - ok
21:20:26.0859 2496 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:26.0937 2496 winmgmt - ok
21:20:26.0968 2496 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:20:27.0046 2496 WmdmPmSN - ok
21:20:27.0093 2496 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:20:27.0156 2496 Wmi - ok
21:20:27.0171 2496 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:20:27.0250 2496 WmiAcpi - ok
21:20:27.0296 2496 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:20:27.0390 2496 WmiApSrv - ok
21:20:27.0468 2496 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:20:27.0531 2496 WMPNetworkSvc - ok
21:20:27.0578 2496 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:20:27.0656 2496 WS2IFSL - ok
21:20:27.0687 2496 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:20:27.0781 2496 wscsvc - ok
21:20:27.0812 2496 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:20:27.0906 2496 WSTCODEC - ok
21:20:27.0921 2496 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:20:28.0031 2496 wuauserv - ok
21:20:28.0046 2496 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:20:28.0093 2496 WudfPf - ok
21:20:28.0093 2496 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:20:28.0109 2496 WudfRd - ok
21:20:28.0140 2496 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:20:28.0156 2496 WudfSvc - ok
21:20:28.0218 2496 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:20:28.0328 2496 WZCSVC - ok
21:20:28.0343 2496 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:20:28.0453 2496 xmlprov - ok
21:20:28.0468 2496 ================ Scan global ===============================
21:20:28.0500 2496 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:20:28.0531 2496 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:20:28.0546 2496 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:20:28.0578 2496 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:20:28.0578 2496 [Global] - ok
21:20:28.0578 2496 ================ Scan MBR ==================================
21:20:28.0593 2496 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:20:28.0812 2496 \Device\Harddisk0\DR0 - ok
21:20:28.0812 2496 ================ Scan VBR ==================================
21:20:28.0812 2496 [ A4DF696F27541D17284573DF22CAE3DB ] \Device\Harddisk0\DR0\Partition1
21:20:28.0812 2496 \Device\Harddisk0\DR0\Partition1 - ok
21:20:28.0828 2496 [ BBF5E7CC99157786EDD3384A3B1607D3 ] \Device\Harddisk0\DR0\Partition2
21:20:28.0828 2496 \Device\Harddisk0\DR0\Partition2 - ok
21:20:28.0843 2496 ============================================================
21:20:28.0843 2496 Scan finished
21:20:28.0843 2496 ============================================================
21:20:28.0953 2768 Detected object count: 8
21:20:28.0953 2768 Actual detected object count: 8
21:21:02.0156 2768 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:02.0156 2768 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:02.0156 2768 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:02.0156 2768 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:02.0156 2768 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:02.0156 2768 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:02.0156 2768 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:02.0171 2768 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:02.0171 2768 DTV_Capture_2X0 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:02.0171 2768 DTV_Capture_2X0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:02.0171 2768 DTV_Loader_2X1 ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:02.0171 2768 DTV_Loader_2X1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
24.11.2012, 01:38
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner soll nach Trojanerbefall vollständig sauber werdenZitat:
Wenn du mich bzw. das TB nach der Bereingung fragst und dann auch eine echte Meinung hören willst geht das nicht mit "zensierten" Logs
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.11.2012, 12:11
| #9 |
| | Rechner soll nach Trojanerbefall vollständig sauber werden Okay, alles klar. Vielen Dank für die nette und freundliche Betreuung. Kann dann zu hier. Entschuldigung, kurzer Blackout, hab ich manchmal. Möchte nun doch gerne weitermachen, hier meine kompletten logs: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-24 21:10:44
-----------------------------
21:10:44.843 OS Version: Windows 5.1.2600 Service Pack 3
21:10:44.843 Number of processors: 2 586 0xF0D
21:10:44.843 ComputerName: EGAL UserName:
21:10:45.218 Initialize success
21:11:02.140 AVAST engine defs: 12112301
21:11:07.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:11:07.890 Disk 0 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
21:11:07.937 Disk 0 MBR read successfully
21:11:07.953 Disk 0 MBR scan
21:11:08.234 Disk 0 Windows XP default MBR code
21:11:08.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40962 MB offset 63
21:11:08.328 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2000 MB offset 83891430
21:11:08.359 Disk 0 Partition 3 00 07 HPFS/NTFS 71508 MB offset 87988005
21:11:08.406 Disk 0 scanning sectors +234436545
21:11:08.609 Disk 0 scanning C:\WINDOWS\system32\drivers
21:11:21.265 Service scanning
21:11:40.406 Modules scanning
21:11:47.656 Disk 0 trace - called modules:
21:11:48.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:11:48.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d31ab8]
21:11:48.234 3 CLASSPNP.SYS[f7568fd7] -> nt!IofCallDriver -> \Device\00000094[0x86d357e0]
21:11:48.234 5 ACPI.sys[f73de620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86dac228]
21:11:48.421 AVAST engine scan C:\WINDOWS
21:11:51.859 AVAST engine scan C:\WINDOWS\system32
21:14:14.156 AVAST engine scan C:\WINDOWS\system32\drivers
21:14:31.781 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
21:16:47.875 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:17:25.656 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
21:17:25.671 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
Code:
ATTFilter 21:18:01.0359 2424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:18:03.0359 2424 ============================================================
21:18:03.0359 2424 Current date / time: 2012/11/24 21:18:03.0359
21:18:03.0359 2424 SystemInfo:
21:18:03.0359 2424
21:18:03.0359 2424 OS Version: 5.1.2600 ServicePack: 3.0
21:18:03.0359 2424 Product type: Workstation
21:18:03.0359 2424 ComputerName: EGAL
21:18:03.0359 2424 UserName: Administrator
21:18:03.0359 2424 Windows directory: C:\WINDOWS
21:18:03.0359 2424 System windows directory: C:\WINDOWS
21:18:03.0359 2424 Processor architecture: Intel x86
21:18:03.0359 2424 Number of processors: 2
21:18:03.0359 2424 Page size: 0x1000
21:18:03.0359 2424 Boot type: Normal boot
21:18:03.0359 2424 ============================================================
21:18:04.0843 2424 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:18:04.0843 2424 ============================================================
21:18:04.0843 2424 \Device\Harddisk0\DR0:
21:18:04.0843 2424 MBR partitions:
21:18:04.0843 2424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
21:18:04.0843 2424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50014E6, BlocksNum 0x3E823F
21:18:04.0843 2424 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x53E9725, BlocksNum 0x8BAA09C
21:18:04.0843 2424 ============================================================
21:18:04.0859 2424 C: <-> \Device\Harddisk0\DR0\Partition1
21:18:04.0890 2424 S: <-> \Device\Harddisk0\DR0\Partition2
21:18:04.0921 2424 ============================================================
21:18:04.0921 2424 Initialize success
21:18:04.0921 2424 ============================================================
21:18:13.0109 0640 ============================================================
21:18:13.0109 0640 Scan started
21:18:13.0109 0640 Mode: Manual; SigCheck; TDLFS;
21:18:13.0109 0640 ============================================================
21:18:13.0843 0640 ================ Scan system memory ========================
21:18:13.0843 0640 System memory - ok
21:18:13.0843 0640 ================ Scan services =============================
21:18:13.0953 0640 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
21:18:14.0765 0640 61883 - ok
21:18:14.0765 0640 Abiosdsk - ok
21:18:14.0765 0640 abp480n5 - ok
21:18:14.0812 0640 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:18:14.0921 0640 ACPI - ok
21:18:14.0968 0640 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:18:15.0062 0640 ACPIEC - ok
21:18:15.0093 0640 [ 4E12C97CBFE99BE15D7680918F9899EC ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:18:15.0140 0640 ADIHdAudAddService - ok
21:18:15.0140 0640 adpu160m - ok
21:18:15.0156 0640 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
21:18:15.0171 0640 AEAudio - ok
21:18:15.0203 0640 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:18:15.0296 0640 aec - ok
21:18:15.0328 0640 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:18:15.0375 0640 AFD - ok
21:18:15.0406 0640 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
21:18:15.0437 0640 AgereModemAudio - ok
21:18:15.0500 0640 [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:18:15.0562 0640 AgereSoftModem - ok
21:18:15.0578 0640 Aha154x - ok
21:18:15.0578 0640 aic78u2 - ok
21:18:15.0578 0640 aic78xx - ok
21:18:15.0625 0640 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:18:15.0734 0640 Alerter - ok
21:18:15.0750 0640 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
21:18:15.0796 0640 ALG - ok
21:18:15.0796 0640 AliIde - ok
21:18:15.0812 0640 amsint - ok
21:18:15.0906 0640 [ B7FA28AEFA586FB5A04876C7B31D03E6 ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe
21:18:15.0937 0640 AntiVirMailService - ok
21:18:15.0968 0640 [ 2E35310D600F4CC64624786A813A041E ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
21:18:15.0968 0640 AntiVirSchedulerService - ok
21:18:15.0984 0640 [ 984102B9E2F6513008ED4E0C5AC4151D ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:18:16.0000 0640 AntiVirService - ok
21:18:16.0015 0640 [ 9BC7247FD7379307BCFF92CF8EB64B87 ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:18:16.0046 0640 AntiVirWebService - ok
21:18:16.0078 0640 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:18:16.0140 0640 AppMgmt - ok
21:18:16.0171 0640 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:18:16.0265 0640 Arp1394 - ok
21:18:16.0281 0640 asc - ok
21:18:16.0281 0640 asc3350p - ok
21:18:16.0281 0640 asc3550 - ok
21:18:16.0343 0640 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:18:16.0375 0640 aspnet_state - ok
21:18:16.0390 0640 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:16.0593 0640 AsyncMac - ok
21:18:16.0640 0640 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:18:16.0750 0640 atapi - ok
21:18:16.0750 0640 Atdisk - ok
21:18:16.0781 0640 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:18:16.0875 0640 Atmarpc - ok
21:18:16.0906 0640 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
21:18:16.0921 0640 ATSWPDRV - ok
21:18:16.0937 0640 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:18:17.0031 0640 AudioSrv - ok
21:18:17.0078 0640 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:18:17.0156 0640 audstub - ok
21:18:17.0203 0640 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
21:18:17.0328 0640 Avc - ok
21:18:17.0343 0640 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:18:17.0375 0640 avgntflt - ok
21:18:17.0390 0640 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:18:17.0406 0640 avipbb - ok
21:18:17.0421 0640 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:18:17.0437 0640 avkmgr - ok
21:18:17.0468 0640 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\WINDOWS\system32\drivers\avmeject.sys
21:18:17.0500 0640 avmeject ( UnsignedFile.Multi.Generic ) - warning
21:18:17.0500 0640 avmeject - detected UnsignedFile.Multi.Generic (1)
21:18:17.0515 0640 [ 133AD3794572BCE689763A8356C7ED06 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:18:17.0562 0640 b57w2k - ok
21:18:17.0593 0640 [ E00F4431DE291C2D393F31F12445CB3D ] BDA_Capture_220 C:\WINDOWS\system32\Drivers\BDA_Capture_220.sys
21:18:17.0609 0640 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - warning
21:18:17.0609 0640 BDA_Capture_220 - detected UnsignedFile.Multi.Generic (1)
21:18:17.0640 0640 [ 349E98A55A8C6B60A2454750893F2A26 ] BDA_Loader_220 C:\WINDOWS\system32\Drivers\BDA_Loader_220.sys
21:18:17.0656 0640 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - warning
21:18:17.0656 0640 BDA_Loader_220 - detected UnsignedFile.Multi.Generic (1)
21:18:17.0687 0640 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:18:17.0796 0640 Beep - ok
21:18:17.0843 0640 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
21:18:17.0968 0640 BITS - ok
21:18:18.0000 0640 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
21:18:18.0062 0640 Browser - ok
21:18:18.0109 0640 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:18:18.0265 0640 cbidf2k - ok
21:18:18.0296 0640 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:18:18.0437 0640 CCDECODE - ok
21:18:18.0453 0640 cd20xrnt - ok
21:18:18.0468 0640 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:18:18.0578 0640 Cdaudio - ok
21:18:18.0609 0640 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:18:18.0703 0640 Cdfs - ok
21:18:18.0718 0640 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:18:18.0812 0640 Cdrom - ok
21:18:18.0812 0640 Changer - ok
21:18:18.0843 0640 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:18:18.0937 0640 CiSvc - ok
21:18:18.0968 0640 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:18:19.0062 0640 ClipSrv - ok
21:18:19.0093 0640 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:19.0125 0640 clr_optimization_v2.0.50727_32 - ok
21:18:19.0140 0640 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:18:19.0250 0640 CmBatt - ok
21:18:19.0250 0640 CmdIde - ok
21:18:19.0296 0640 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:18:19.0328 0640 Com4QLBEx - ok
21:18:19.0343 0640 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:18:19.0453 0640 Compbatt - ok
21:18:19.0453 0640 COMSysApp - ok
21:18:19.0468 0640 Cpqarray - ok
21:18:19.0500 0640 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:18:19.0609 0640 CryptSvc - ok
21:18:19.0640 0640 [ 5776322F93CDB91086111F5FFBFDA2A0 ] d347bus C:\WINDOWS\system32\DRIVERS\d347bus.sys
21:18:19.0656 0640 d347bus ( UnsignedFile.Multi.Generic ) - warning
21:18:19.0656 0640 d347bus - detected UnsignedFile.Multi.Generic (1)
21:18:19.0671 0640 [ B49F79ACE459763F4E0380071BE9CB45 ] d347prt C:\WINDOWS\System32\Drivers\d347prt.sys
21:18:19.0687 0640 d347prt ( UnsignedFile.Multi.Generic ) - warning
21:18:19.0687 0640 d347prt - detected UnsignedFile.Multi.Generic (1)
21:18:19.0687 0640 dac2w2k - ok
21:18:19.0687 0640 dac960nt - ok
21:18:19.0734 0640 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:18:19.0796 0640 DcomLaunch - ok
21:18:19.0828 0640 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:18:19.0937 0640 Dhcp - ok
21:18:19.0968 0640 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:18:20.0093 0640 Disk - ok
21:18:20.0093 0640 dmadmin - ok
21:18:20.0140 0640 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:18:20.0281 0640 dmboot - ok
21:18:20.0296 0640 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:18:20.0406 0640 dmio - ok
21:18:20.0437 0640 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:18:20.0562 0640 dmload - ok
21:18:20.0593 0640 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:18:20.0687 0640 dmserver - ok
21:18:20.0718 0640 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:18:20.0843 0640 DMusic - ok
21:18:20.0875 0640 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:18:20.0937 0640 Dnscache - ok
21:18:20.0968 0640 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:18:21.0078 0640 Dot3svc - ok
21:18:21.0093 0640 dpti2o - ok
21:18:21.0125 0640 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:18:21.0218 0640 drmkaud - ok
21:18:21.0250 0640 [ 5AD19FD45820173E094194C1E6F719EF ] DTV_Capture_2X0 C:\WINDOWS\system32\Drivers\DTV_Capture_2X0.sys
21:18:21.0250 0640 DTV_Capture_2X0 ( UnsignedFile.Multi.Generic ) - warning
21:18:21.0250 0640 DTV_Capture_2X0 - detected UnsignedFile.Multi.Generic (1)
21:18:21.0281 0640 [ CCA7BAD75040E7521597A22E3C95AF12 ] DTV_Loader_2X1 C:\WINDOWS\system32\Drivers\DTV_Loader_2X1.sys
21:18:21.0296 0640 DTV_Loader_2X1 ( UnsignedFile.Multi.Generic ) - warning
21:18:21.0296 0640 DTV_Loader_2X1 - detected UnsignedFile.Multi.Generic (1)
21:18:21.0343 0640 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:18:21.0500 0640 EapHost - ok
21:18:21.0515 0640 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:18:21.0671 0640 ERSvc - ok
21:18:21.0703 0640 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
21:18:21.0718 0640 Eventlog - ok
21:18:21.0765 0640 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
21:18:21.0812 0640 EventSystem - ok
21:18:21.0812 0640 ewusbnet - ok
21:18:21.0843 0640 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:18:21.0953 0640 Fastfat - ok
21:18:21.0984 0640 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:18:22.0015 0640 FastUserSwitchingCompatibility - ok
21:18:22.0062 0640 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:18:22.0140 0640 Fdc - ok
21:18:22.0187 0640 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:18:22.0390 0640 Fips - ok
21:18:22.0421 0640 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:18:22.0531 0640 Flpydisk - ok
21:18:22.0578 0640 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:18:22.0671 0640 FltMgr - ok
21:18:22.0734 0640 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:18:22.0750 0640 FontCache3.0.0.0 - ok
21:18:22.0765 0640 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:18:22.0875 0640 Fs_Rec - ok
21:18:22.0890 0640 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:18:23.0000 0640 Ftdisk - ok
21:18:23.0046 0640 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:18:23.0171 0640 Gpc - ok
21:18:23.0234 0640 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
21:18:23.0250 0640 gupdate - ok
21:18:23.0281 0640 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
21:18:23.0281 0640 gupdatem - ok
21:18:23.0328 0640 [ FC657B7751729EFE54E2FF24F50E5BAB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
21:18:23.0359 0640 HBtnKey - ok
21:18:23.0390 0640 [ 9F40FC2A562DC9F4D9E10943586D9ED1 ] hcmon C:\WINDOWS\system32\drivers\hcmon.sys
21:18:23.0406 0640 hcmon - ok
21:18:23.0437 0640 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:18:23.0546 0640 HDAudBus - ok
21:18:23.0609 0640 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:18:23.0718 0640 helpsvc - ok
21:18:23.0734 0640 HidServ - ok
21:18:23.0750 0640 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:18:23.0906 0640 HidUsb - ok
21:18:23.0937 0640 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:18:24.0031 0640 hkmsvc - ok
21:18:24.0046 0640 [ 362D8E46B618649591DE2A5C2F0E58E1 ] HP24X C:\WINDOWS\system32\DRIVERS\HP24X.sys
21:18:24.0093 0640 HP24X - ok
21:18:24.0093 0640 hpn - ok
21:18:24.0125 0640 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
21:18:24.0156 0640 HpqKbFiltr - ok
21:18:24.0203 0640 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
21:18:24.0218 0640 hpqwmiex - ok
21:18:24.0250 0640 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:18:24.0296 0640 HTTP - ok
21:18:24.0328 0640 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:18:24.0421 0640 HTTPFilter - ok
21:18:24.0437 0640 huawei_enumerator - ok
21:18:24.0437 0640 hwdatacard - ok
21:18:24.0453 0640 i2omgmt - ok
21:18:24.0453 0640 i2omp - ok
21:18:24.0484 0640 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:18:24.0640 0640 i8042prt - ok
21:18:24.0843 0640 [ 42CAA789A21014AA809A8FF59B3CCFD9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:18:25.0265 0640 ialm - ok
21:18:25.0343 0640 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:18:25.0437 0640 idsvc - ok
21:18:25.0515 0640 [ 91C5E9F49F32110CED27E2F902FAD607 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
21:18:25.0562 0640 IFXTPM - ok
21:18:25.0609 0640 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:18:25.0781 0640 Imapi - ok
21:18:25.0812 0640 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
21:18:25.0906 0640 ImapiService - ok
21:18:25.0906 0640 ini910u - ok
21:18:25.0921 0640 IntelIde - ok
21:18:25.0953 0640 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:18:26.0046 0640 intelppm - ok
21:18:26.0078 0640 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:18:26.0171 0640 Ip6Fw - ok
21:18:26.0187 0640 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:18:26.0281 0640 IpFilterDriver - ok
21:18:26.0312 0640 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:18:26.0406 0640 IpInIp - ok
21:18:26.0421 0640 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:18:26.0500 0640 IpNat - ok
21:18:26.0515 0640 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:18:26.0609 0640 IPSec - ok
21:18:26.0640 0640 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:18:26.0703 0640 IRENUM - ok
21:18:26.0734 0640 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:18:26.0828 0640 isapnp - ok
21:18:26.0968 0640 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
21:18:26.0984 0640 JavaQuickStarterService - ok
21:18:27.0031 0640 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:18:27.0125 0640 Kbdclass - ok
21:18:27.0140 0640 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:18:27.0250 0640 kbdhid - ok
21:18:27.0281 0640 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:18:27.0406 0640 kmixer - ok
21:18:27.0437 0640 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:18:27.0500 0640 KSecDD - ok
21:18:27.0531 0640 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:18:27.0578 0640 LanmanServer - ok
21:18:27.0593 0640 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:18:27.0687 0640 lanmanworkstation - ok
21:18:27.0687 0640 lbrtfdc - ok
21:18:27.0734 0640 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:18:27.0843 0640 LmHosts - ok
21:18:27.0859 0640 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:18:27.0968 0640 Messenger - ok
21:18:28.0015 0640 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:18:28.0156 0640 mnmdd - ok
21:18:28.0187 0640 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:18:28.0328 0640 mnmsrvc - ok
21:18:28.0343 0640 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:18:28.0500 0640 Modem - ok
21:18:28.0515 0640 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:18:28.0656 0640 Mouclass - ok
21:18:28.0687 0640 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:18:28.0828 0640 mouhid - ok
21:18:28.0859 0640 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:18:29.0000 0640 MountMgr - ok
21:18:29.0046 0640 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:18:29.0187 0640 MPE - ok
21:18:29.0203 0640 mraid35x - ok
21:18:29.0218 0640 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:18:29.0359 0640 MRxDAV - ok
21:18:29.0453 0640 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:18:29.0515 0640 MRxSmb - ok
21:18:29.0531 0640 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:18:29.0687 0640 MSDTC - ok
21:18:29.0718 0640 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
21:18:29.0875 0640 MSDV - ok
21:18:29.0906 0640 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:18:30.0046 0640 Msfs - ok
21:18:30.0046 0640 MSIServer - ok
21:18:30.0078 0640 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:18:30.0218 0640 MSKSSRV - ok
21:18:30.0234 0640 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:18:30.0375 0640 MSPCLOCK - ok
21:18:30.0375 0640 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:18:30.0484 0640 MSPQM - ok
21:18:30.0500 0640 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:18:30.0593 0640 mssmbios - ok
21:18:30.0640 0640 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:18:30.0750 0640 MSTEE - ok
21:18:30.0781 0640 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:18:30.0828 0640 Mup - ok
21:18:30.0843 0640 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:18:30.0937 0640 NABTSFEC - ok
21:18:30.0968 0640 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
21:18:31.0062 0640 napagent - ok
21:18:31.0093 0640 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:18:31.0203 0640 NDIS - ok
21:18:31.0234 0640 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:18:31.0343 0640 NdisIP - ok
21:18:31.0375 0640 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:18:31.0406 0640 NdisTapi - ok
21:18:31.0437 0640 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:18:31.0546 0640 Ndisuio - ok
21:18:31.0578 0640 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:18:31.0687 0640 NdisWan - ok
21:18:31.0718 0640 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:18:31.0734 0640 NDProxy - ok
21:18:31.0765 0640 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:18:31.0859 0640 NetBIOS - ok
21:18:31.0890 0640 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:18:32.0000 0640 NetBT - ok
21:18:32.0046 0640 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
21:18:32.0171 0640 NetDDE - ok
21:18:32.0171 0640 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:18:32.0281 0640 NetDDEdsdm - ok
21:18:32.0312 0640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:18:32.0437 0640 Netlogon - ok
21:18:32.0453 0640 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
21:18:32.0578 0640 Netman - ok
21:18:32.0609 0640 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:18:32.0625 0640 NetTcpPortSharing - ok
21:18:32.0656 0640 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:18:32.0765 0640 NIC1394 - ok
21:18:32.0781 0640 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
21:18:32.0812 0640 Nla - ok
21:18:32.0828 0640 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:18:32.0937 0640 Npfs - ok
21:18:32.0968 0640 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:18:33.0125 0640 Ntfs - ok
21:18:33.0140 0640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:18:33.0250 0640 NtLmSsp - ok
21:18:33.0281 0640 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:18:33.0406 0640 NtmsSvc - ok
21:18:33.0421 0640 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:18:33.0531 0640 Null - ok
21:18:33.0546 0640 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:18:33.0656 0640 NwlnkFlt - ok
21:18:33.0656 0640 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:18:33.0781 0640 NwlnkFwd - ok
21:18:33.0812 0640 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:18:33.0906 0640 ohci1394 - ok
21:18:33.0921 0640 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:18:34.0046 0640 Parport - ok
21:18:34.0062 0640 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:18:34.0171 0640 PartMgr - ok
21:18:34.0203 0640 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:18:34.0312 0640 ParVdm - ok
21:18:34.0328 0640 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:18:34.0453 0640 PCI - ok
21:18:34.0468 0640 PCIDump - ok
21:18:34.0484 0640 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:18:34.0593 0640 PCIIde - ok
21:18:34.0640 0640 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:18:34.0750 0640 Pcmcia - ok
21:18:34.0750 0640 PDCOMP - ok
21:18:34.0750 0640 PDFRAME - ok
21:18:34.0765 0640 PDRELI - ok
21:18:34.0765 0640 PDRFRAME - ok
21:18:34.0765 0640 perc2 - ok
21:18:34.0765 0640 perc2hib - ok
21:18:34.0796 0640 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
21:18:34.0828 0640 PlugPlay - ok
21:18:34.0859 0640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:18:34.0968 0640 PolicyAgent - ok
21:18:35.0000 0640 postgresql-8.4 - ok
21:18:35.0015 0640 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:18:35.0140 0640 PptpMiniport - ok
21:18:35.0156 0640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:18:35.0265 0640 ProtectedStorage - ok
21:18:35.0265 0640 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:18:35.0375 0640 PSched - ok
21:18:35.0406 0640 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:18:35.0515 0640 Ptilink - ok
21:18:35.0546 0640 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:18:35.0562 0640 PxHelp20 - ok
21:18:35.0562 0640 ql1080 - ok
21:18:35.0562 0640 Ql10wnt - ok
21:18:35.0562 0640 ql12160 - ok
21:18:35.0578 0640 ql1240 - ok
21:18:35.0578 0640 ql1280 - ok
21:18:35.0593 0640 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:18:35.0703 0640 RasAcd - ok
21:18:35.0750 0640 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:18:35.0843 0640 RasAuto - ok
21:18:35.0875 0640 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:18:35.0984 0640 Rasl2tp - ok
21:18:36.0000 0640 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:18:36.0125 0640 RasMan - ok
21:18:36.0156 0640 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:18:36.0265 0640 RasPppoe - ok
21:18:36.0281 0640 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:18:36.0390 0640 Raspti - ok
21:18:36.0406 0640 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:18:36.0515 0640 Rdbss - ok
21:18:36.0531 0640 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:18:36.0640 0640 RDPCDD - ok
21:18:36.0687 0640 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:18:36.0796 0640 rdpdr - ok
21:18:36.0828 0640 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:18:36.0890 0640 RDPWD - ok
21:18:36.0921 0640 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:18:37.0046 0640 RDSessMgr - ok
21:18:37.0078 0640 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:18:37.0203 0640 redbook - ok
21:18:37.0234 0640 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:18:37.0359 0640 RemoteAccess - ok
21:18:37.0375 0640 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:18:37.0500 0640 RemoteRegistry - ok
21:18:37.0515 0640 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
21:18:37.0656 0640 RimUsb - ok
21:18:37.0703 0640 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:18:37.0718 0640 RimVSerPort - ok
21:18:37.0750 0640 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
21:18:37.0859 0640 ROOTMODEM - ok
21:18:37.0890 0640 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:18:38.0000 0640 RpcLocator - ok
21:18:38.0031 0640 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:18:38.0078 0640 RpcSs - ok
21:18:38.0093 0640 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:18:38.0250 0640 RSVP - ok
21:18:38.0265 0640 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
21:18:38.0406 0640 SamSs - ok
21:18:38.0546 0640 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\Programme\Sandboxie\SbieDrv.sys
21:18:38.0593 0640 SbieDrv - ok
21:18:38.0656 0640 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\Programme\Sandboxie\SbieSvc.exe
21:18:38.0671 0640 SbieSvc - ok
21:18:38.0703 0640 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:18:38.0859 0640 SCardSvr - ok
21:18:38.0890 0640 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:18:39.0078 0640 Schedule - ok
21:18:39.0109 0640 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:18:39.0218 0640 Secdrv - ok
21:18:39.0234 0640 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
21:18:39.0421 0640 seclogon - ok
21:18:39.0500 0640 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
21:18:39.0578 0640 SENS - ok
21:18:39.0609 0640 [ DE0A165D9F8EA295E62EA702EF2F8125 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
21:18:39.0656 0640 Ser2pl - ok
21:18:39.0687 0640 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:18:39.0796 0640 Serenum - ok
21:18:39.0812 0640 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:18:39.0906 0640 Serial - ok
21:18:39.0937 0640 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:18:40.0031 0640 Sfloppy - ok
21:18:40.0078 0640 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:18:40.0203 0640 SharedAccess - ok
21:18:40.0218 0640 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:18:40.0234 0640 ShellHWDetection - ok
21:18:40.0250 0640 Simbad - ok
21:18:40.0312 0640 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
21:18:40.0328 0640 SkypeUpdate - ok
21:18:40.0359 0640 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:18:40.0484 0640 SLIP - ok
21:18:40.0515 0640 [ E78CD3BB53A208DFAB8FC826384307E0 ] sonyhcb C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
21:18:40.0593 0640 sonyhcb - ok
21:18:40.0687 0640 [ 610F515FCD95D37F3252E1C250EF8C61 ] sonyhcs C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
21:18:40.0718 0640 sonyhcs - ok
21:18:40.0718 0640 Sparrow - ok
21:18:40.0750 0640 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:18:40.0859 0640 splitter - ok
21:18:40.0890 0640 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:18:40.0937 0640 Spooler - ok
21:18:40.0953 0640 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:18:41.0015 0640 sr - ok
21:18:41.0046 0640 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
21:18:41.0125 0640 srservice - ok
21:18:41.0156 0640 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:18:41.0187 0640 Srv - ok
21:18:41.0234 0640 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:18:41.0312 0640 SSDPSRV - ok
21:18:41.0359 0640 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:18:41.0375 0640 ssmdrv - ok
21:18:41.0406 0640 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:18:41.0546 0640 stisvc - ok
21:18:41.0562 0640 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:18:41.0718 0640 streamip - ok
21:18:41.0734 0640 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:18:41.0859 0640 swenum - ok
21:18:41.0890 0640 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:18:42.0031 0640 swmidi - ok
21:18:42.0046 0640 SwPrv - ok
21:18:42.0046 0640 symc810 - ok
21:18:42.0046 0640 symc8xx - ok
21:18:42.0062 0640 sym_hi - ok
21:18:42.0062 0640 sym_u3 - ok
21:18:42.0078 0640 [ 1DE40024679CDE0E573465253519730E ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:18:42.0109 0640 SynTP - ok
21:18:42.0125 0640 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:18:42.0265 0640 sysaudio - ok
21:18:42.0359 0640 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:18:42.0500 0640 SysmonLog - ok
21:18:42.0531 0640 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:18:42.0687 0640 TapiSrv - ok
21:18:42.0718 0640 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:18:42.0765 0640 Tcpip - ok
21:18:42.0796 0640 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:18:42.0921 0640 TDPIPE - ok
21:18:42.0937 0640 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:18:43.0093 0640 TDTCP - ok
21:18:43.0125 0640 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:18:43.0265 0640 TermDD - ok
21:18:43.0312 0640 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
21:18:43.0468 0640 TermService - ok
21:18:43.0484 0640 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:18:43.0500 0640 Themes - ok
21:18:43.0531 0640 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:18:43.0609 0640 TlntSvr - ok
21:18:43.0609 0640 TosIde - ok
21:18:43.0656 0640 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:18:43.0781 0640 TrkWks - ok
21:18:43.0828 0640 [ 075B938565A580E0A880EB0E403A356B ] truecrypt C:\WINDOWS\system32\drivers\truecrypt.sys
21:18:43.0859 0640 truecrypt - ok
21:18:43.0890 0640 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:18:44.0046 0640 Udfs - ok
21:18:44.0093 0640 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Programme\VMware\VMware Player\vmware-ufad.exe
21:18:44.0125 0640 ufad-ws60 - ok
21:18:44.0125 0640 ultra - ok
21:18:44.0171 0640 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:18:44.0343 0640 Update - ok
21:18:44.0375 0640 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:18:44.0468 0640 upnphost - ok
21:18:44.0484 0640 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
21:18:44.0625 0640 UPS - ok
21:18:44.0671 0640 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:18:44.0812 0640 usbaudio - ok
21:18:44.0843 0640 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:18:44.0984 0640 usbccgp - ok
21:18:45.0000 0640 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:18:45.0140 0640 usbehci - ok
21:18:45.0171 0640 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:18:45.0328 0640 usbhub - ok
21:18:45.0359 0640 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:18:45.0500 0640 usbprint - ok
21:18:45.0546 0640 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:18:45.0671 0640 usbscan - ok
21:18:45.0703 0640 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:18:45.0843 0640 USBSTOR - ok
21:18:45.0875 0640 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:18:46.0000 0640 usbuhci - ok
21:18:46.0031 0640 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:18:46.0156 0640 VgaSave - ok
21:18:46.0171 0640 ViaIde - ok
21:18:46.0187 0640 [ 42F0ECAF36636841A4A006850695507F ] VMAuthdService C:\Programme\VMware\VMware Player\vmware-authd.exe
21:18:46.0218 0640 VMAuthdService - ok
21:18:46.0234 0640 [ 69F761F00950C65AF8E5F836BF251D61 ] vmci C:\WINDOWS\system32\Drivers\vmci.sys
21:18:46.0265 0640 vmci - ok
21:18:46.0281 0640 [ DCD2F4A14795E8A8114A7CAE2A9B9465 ] vmkbd C:\WINDOWS\system32\drivers\VMkbd.sys
21:18:46.0312 0640 vmkbd - ok
21:18:46.0343 0640 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
21:18:46.0359 0640 VMnetAdapter - ok
21:18:46.0375 0640 [ 0A671FD23EEC96FA35B50A167351D394 ] VMnetBridge C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
21:18:46.0406 0640 VMnetBridge - ok
21:18:46.0421 0640 [ 4C8927595E18017F9C1716370F572B7D ] VMnetDHCP C:\WINDOWS\system32\vmnetdhcp.exe
21:18:46.0453 0640 VMnetDHCP - ok
21:18:46.0484 0640 [ 6BD13F3F8A4A67A4FC5C3DC1696C00D8 ] VMnetuserif C:\WINDOWS\system32\drivers\vmnetuserif.sys
21:18:46.0500 0640 VMnetuserif - ok
21:18:46.0531 0640 [ 3BAD07BD14AC271B5F0000AC7A1FC4C6 ] VMparport C:\WINDOWS\system32\Drivers\VMparport.sys
21:18:46.0546 0640 VMparport - ok
21:18:46.0593 0640 [ F22098DBDD13C1221C274496B3E18DA7 ] VMUSBArbService C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:18:46.0640 0640 VMUSBArbService - ok
21:18:46.0687 0640 [ 61DA8934252B140C4B568813F543D0D2 ] VMware NAT Service C:\WINDOWS\system32\vmnat.exe
21:18:46.0734 0640 VMware NAT Service - ok
21:18:46.0781 0640 [ 963A6A23EEB5AB6277C64FBC98517DE8 ] vmx86 C:\WINDOWS\system32\Drivers\vmx86.sys
21:18:46.0859 0640 vmx86 - ok
21:18:46.0890 0640 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:18:47.0093 0640 VolSnap - ok
21:18:47.0140 0640 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
21:18:47.0203 0640 VSS - ok
21:18:47.0234 0640 [ 98929C5C5314C4C048E2F60492C26723 ] vstor2-ws60 C:\Programme\VMware\VMware Player\vstor2-ws60.sys
21:18:47.0250 0640 vstor2-ws60 - ok
21:18:47.0281 0640 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
21:18:47.0375 0640 W32Time - ok
21:18:47.0390 0640 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:18:47.0484 0640 Wanarp - ok
21:18:47.0515 0640 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:18:47.0562 0640 wceusbsh - ok
21:18:47.0609 0640 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:18:47.0625 0640 Wdf01000 - ok
21:18:47.0640 0640 WDICA - ok
21:18:47.0671 0640 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:18:47.0781 0640 wdmaud - ok
21:18:47.0796 0640 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:18:47.0921 0640 WebClient - ok
21:18:47.0984 0640 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:18:48.0093 0640 winmgmt - ok
21:18:48.0109 0640 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:18:48.0203 0640 WmdmPmSN - ok
21:18:48.0234 0640 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:18:48.0296 0640 Wmi - ok
21:18:48.0359 0640 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:18:48.0453 0640 WmiAcpi - ok
21:18:48.0484 0640 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:18:48.0609 0640 WmiApSrv - ok
21:18:48.0703 0640 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
21:18:48.0781 0640 WMPNetworkSvc - ok
21:18:48.0812 0640 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:18:48.0953 0640 WS2IFSL - ok
21:18:49.0015 0640 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:18:49.0156 0640 wscsvc - ok
21:18:49.0171 0640 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:18:49.0265 0640 WSTCODEC - ok
21:18:49.0281 0640 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:18:49.0375 0640 wuauserv - ok
21:18:49.0406 0640 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:18:49.0437 0640 WudfPf - ok
21:18:49.0453 0640 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:18:49.0468 0640 WudfRd - ok
21:18:49.0500 0640 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:18:49.0515 0640 WudfSvc - ok
21:18:49.0562 0640 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:18:49.0671 0640 WZCSVC - ok
21:18:49.0703 0640 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:18:49.0796 0640 xmlprov - ok
21:18:49.0812 0640 ================ Scan global ===============================
21:18:49.0828 0640 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
21:18:49.0859 0640 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:18:49.0875 0640 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
21:18:49.0906 0640 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
21:18:49.0906 0640 [Global] - ok
21:18:49.0906 0640 ================ Scan MBR ==================================
21:18:49.0921 0640 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:18:50.0156 0640 \Device\Harddisk0\DR0 - ok
21:18:50.0156 0640 ================ Scan VBR ==================================
21:18:50.0156 0640 [ A4DF696F27541D17284573DF22CAE3DB ] \Device\Harddisk0\DR0\Partition1
21:18:50.0171 0640 \Device\Harddisk0\DR0\Partition1 - ok
21:18:50.0187 0640 [ BBF5E7CC99157786EDD3384A3B1607D3 ] \Device\Harddisk0\DR0\Partition2
21:18:50.0187 0640 \Device\Harddisk0\DR0\Partition2 - ok
21:18:50.0203 0640 [ 84493A93260972C453E9A36C6CFDF548 ] \Device\Harddisk0\DR0\Partition3
21:18:50.0203 0640 \Device\Harddisk0\DR0\Partition3 - ok
21:18:50.0203 0640 ============================================================
21:18:50.0203 0640 Scan finished
21:18:50.0203 0640 ============================================================
21:18:50.0312 0480 Detected object count: 7
21:18:50.0312 0480 Actual detected object count: 7
21:19:02.0265 0480 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0265 0480 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:02.0265 0480 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0265 0480 BDA_Capture_220 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:02.0281 0480 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0281 0480 BDA_Loader_220 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:02.0281 0480 d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0281 0480 d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:02.0281 0480 d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0281 0480 d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:02.0281 0480 DTV_Capture_2X0 ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0281 0480 DTV_Capture_2X0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:19:02.0281 0480 DTV_Loader_2X1 ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:02.0281 0480 DTV_Loader_2X1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.11.2012, 15:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner soll nach Trojanerbefall vollständig sauber werden Was ist denn da schon wieder los?! Code:
ATTFilter 21:20:28.0953 2768 Detected object count: 8
21:20:28.0953 2768 Actual detected object count: 8
Code:
ATTFilter 21:18:50.0312 0480 Detected object count: 7
21:18:50.0312 0480 Actual detected object count: 7
Was hast du da gelöscht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 21:17
| #11 |
| | Rechner soll nach Trojanerbefall vollständig sauber werden Alle meine "sicherheitsrelevanten Programme" wurden über Systemsteuerung und dann Software ordnungsgemäß deinstalliert. Außerdem hatte ich die Systemwiederherstellung deaktiviert und wieder aktiviert. Evtl. erklärt es das ja schon. Tut mir wirklich leid, aber ab jetzt mach ich nix mehr von alleine, versprochen. Bekommst es ja sowieso raus. |
|
27.11.2012, 20:46
| #12 |
| | Rechner soll nach Trojanerbefall vollständig sauber werdenCode:
ATTFilter # AdwCleaner v2.009 - Datei am 27/11/2012 um 20:46:03 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Administrator - EGAL
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\StartSearch
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [660 octets] - [27/11/2012 20:46:03]
########## EOF - C:\AdwCleaner[R1].txt - [719 octets] ##########
|
|
26.11.2012, 21:23
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner soll nach Trojanerbefall vollständig sauber werden Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 23:05
| #14 |
| | Rechner soll nach Trojanerbefall vollständig sauber werden [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-26.02 - Administrator 26.11.2012 22:49:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1015.593 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Eigene Dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\0tbpw.pad
c:\dokumente und einstellungen\All Users\Anwendungsdaten\zak_lo0i7g.pad
C:\hosts
C:\install.exe
c:\windows\d.ini
c:\windows\daemon.dll
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\SET47.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET53.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-26 bis 2012-11-26 ))))))))))))))))))))))))))))))
.
.
2012-11-25 20:00 . 2012-11-25 20:00 -------- d-----w- C:\avminftmp
2012-11-25 17:56 . 2012-11-25 19:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVM
2012-11-25 11:20 . 2012-11-25 11:20 -------- d-----w- c:\programme\Winamp Detect
2012-11-25 11:12 . 2012-11-25 11:13 -------- d-----w- c:\programme\Mozilla Maintenance Service
2012-11-25 09:34 . 2012-11-25 09:37 -------- d-----w- c:\dokumente und einstellungen\jens\Anwendungsdaten\vlc
2012-11-25 09:13 . 2012-11-25 09:32 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\vlc
2012-11-24 14:21 . 2012-11-24 14:21 -------- d-----w- C:\My Pictures
2012-11-23 21:23 . 2012-11-23 21:23 -------- d-----w- C:\DivX Movies
2012-11-22 21:38 . 2012-11-22 21:38 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2012-11-22 21:37 . 2012-11-22 21:37 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-21 20:07 . 2012-11-21 20:07 -------- d-----r- C:\Sandbox
2012-11-21 20:04 . 2012-11-21 20:04 -------- d-----w- c:\programme\Sandboxie
2012-11-19 21:55 . 2012-11-19 21:55 -------- d-----w- c:\programme\hjackthis
2012-11-19 21:35 . 2012-11-19 21:35 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2012-11-19 21:34 . 2012-11-19 21:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-11-10 17:34 . 2012-11-10 17:34 -------- d-----w- c:\dokumente und einstellungen\Administrator\TV-Browser
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-25 11:14 . 2011-05-14 18:19 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 21:46 . 2012-03-31 13:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-22 21:37 . 2010-07-20 13:51 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-22 21:37 . 2012-06-08 19:43 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-22 21:37 . 2010-07-20 13:51 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-14 19:54 . 2012-01-26 20:58 92008 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-11-14 19:54 . 2012-01-26 20:58 112584 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-10-22 19:56 . 2008-04-14 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-08 19:08 . 2012-09-08 19:08 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-09-08 19:08 . 2012-09-08 19:08 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-08-30 20:28 . 2008-04-14 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:28 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:28 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:26 . 2008-04-14 12:00 371200 ----a-w- c:\windows\system32\html.iec
2005-07-25 06:41 . 2005-05-26 01:17 110657 ----a-w- c:\programme\Gemeinsame Dateien\UninstallDrv.exe
2012-10-24 17:50 . 2012-11-19 20:51 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2012-08-25 545552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"QlbCtrl.exe"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\dokumente und einstellungen\jens\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 09:09 63712 ----a-w- c:\programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueCrypt]
2010-07-20 10:07 1492944 ----a-w- c:\programme\TrueCrypt\TrueCrypt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2010-11-11 12:31 64112 ----a-w- c:\programme\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-20 16:13 74752 ----a-w- c:\programme\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\wincmd\\WINCMD32.EXE"=
"c:\\Programme\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Xming\\Xming.exe"=
"c:\\Programme\\Winamp\\winamp.exe"=
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [07.05.2012 17:38 6097]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [26.01.2012 21:58 36000]
R2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [26.01.2012 21:58 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.01.2012 21:58 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [26.01.2012 21:58 465360]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Programme/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programme/PostgreSQL/8.4/data" -w --> C:/Programme/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11.11.2010 13:32 70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\programme\Common Files\VMware\USB\vmware-usbarbitrator.exe [11.11.2010 12:31 539248]
R3 Com4QLBEx;Com4QLBEx;c:\programme\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [20.07.2010 10:04 228408]
R3 DTV_Capture_2X0;DVB-T Receiver;c:\windows\system32\drivers\DTV_Capture_2X0.sys [28.07.2012 19:04 18432]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23.07.2008 10:31 44800]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [14.08.2010 10:38 4352]
S3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [26.09.2005 04:38 14080]
S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.9.19.0;c:\windows\system32\drivers\BDA_Loader_220.sys [26.09.2005 04:38 15616]
S3 DTV_Loader_2X1;DVB-T Loader;c:\windows\system32\drivers\DTV_Loader_2X1.sys [28.07.2012 19:04 19328]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [17.07.2007 00:24 35072]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [07.05.2012 17:38 299923]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20.07.2010 15:11 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20.07.2010 15:11 5248]
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-29 15:34]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-29 15:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dvdvideosoft.com/de/products/dvd/Free-Video-Flip-and-Rotate.htm
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
LSP: c:\programme\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{900CA7C7-783C-429E-BC86-C39D87DB9847}: NameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\hamgehrx.default\
FF - ExtSQL: 2012-11-25 12:17; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-DTV_1.0 - c:\windows\iun6002.exe
AddRemove-HoldemManager - z:\holdem manager\UninstallHoldemManager.exe
AddRemove-PokerStars - z:\games\PokerStars\PokerStarsUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-26 22:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Programme/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programme/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\postgresql-8.4]
"ImagePath"="C:/Programme/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programme/PostgreSQL/8.4/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(808)
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-11-26 23:02:01
ComboFix-quarantined-files.txt 2012-11-26 22:01
.
Vor Suchlauf: 22 Verzeichnis(se), 21.345.034.240 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 21.976.109.056 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B401CDED5C2768D419F837FE54FCA418
Unverändert und original. Gute Nacht! |
|
27.11.2012, 09:56
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner soll nach Trojanerbefall vollständig sauber werden adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Rechner soll nach Trojanerbefall vollständig sauber werden |
| administrator, adobe, antivir, browser, downloader, einstellungen, explorer, firefox, fontcache, format, helper, hewlett packard, hijack.startpage, homepage, intranet, logfile, performance, photoshop, plug-in, pup.vshareredir, registry, software, system, trojan.delf, trojan.fakems, trojan.ransom.fgen |
Hybrid-Darstellung
